Jump to content

"E" Drive Isn't Accessable, Help Please


yosemitest

Recommended Posts

It is odd, actually more like the computer is shutting down from overheating when the cpu, hard drive is stressed.

Please unplug your computer , set it on a clean bench area , unscrew the back (or side) depending on the model , and use a can of compressed air spray the inside components , especially around the fan areas - A build up of Gunk inside the system will cause overheating at times - You can also use a small brush first to loosen any built up dust or general dirt prior to blowing out your system components -

Just be careful not to dislodge any components and make sure all the connections and components are properly fitted once you finish - Do not use High Pressure compressed air as this can cause more damage than good -

Link to post
Share on other sites

To noknojon,

The second time it shut down, I unplugged all the cables, turned it over and swept, then vacumed out the fan holes.

I didn't think it was important to tell you before.

I have my settings to turn the computer off at 98 % of heat limits for the motherboard.

I also have another motherboard standing by and another internal fan set waiting, to install the next time this computer goes to the shop for cleaning.

About One year ago the CD/DVD Drive had to be replaced and the heatsink vents over the cpu were about 95 percent clogged.

We took a can of air and blew it out.

We used denaturalized alcohol with q-tips to wipe clean the motherbard and fan, then let them dry, and put it back together after about 2 hours.

I guess that's to be expected with an old laptop. I recommend " http://www.irisvista.com/tech/ ".

My brother works with ADT Security, and he's an experienced electrician with work in computer bank vaults and fire alarm systems.

He helps me, sometimes, and will help if I need to replace the internal fans.

Thanks, Yosemitest.

Link to post
Share on other sites

To AdvancedSetup,

I was searching for an old Halloween Song for my brother's daughter, and I run into something that took out my Realtec Speaker Driver. :)

I had to recover my computer from a ghost image 1 month old to get it to work again.

Now I've got a different set of problems, I'm just starting to figure out.

I'll get back to you after I contact me again.

Link to post
Share on other sites

To AdvancedSetup,

I ran some scans on Oct 30 2010 2am

SuperAntiSpyware Pro scan found nothing.

MalwareAnti-Malware scan found nothing.

Spybot Search and Destroy found nothing.

Online Armor++ found several things in System Volume recovery files.

C:\Documents and Settings\All Users\Application Data\Symantec\hpc\:3898751835 Suspicious (alternate data stream)

C:\Documents and Settings\All Users\Application Data\TEMP\:5C321E34 Suspicious (alternate data stream)

C:\Documents and Settings\Yosemitest\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe Infected by: Riskware.Risktool.PowerRegScheduler!IK

I deleted the first two and blocked the Infection.

OA++ History, after turning off System Restore and relying only on Norton Ghost for backup, saw the following files.

Keylogger: ati2evxx.exe loaded

Program Guard: kernel event NtGdiOpenDCWX, PID: 764, Dev: ? - Deny (rule)

764 - ati2evxx.exe

Reader_sl.exe

AdobeARM.exe

Program Guard: kernel event OADriver: SetWindowsHookEx, Pid: 3896 - Deny (rule)

3896 - ctfmon.exe

Program Guard: ctfmon.exe -> MSCTF.dll

Antivirus: PowerReg SchedulerV2.exe

Program Guard: PowerReg SchedulerV2.exe

%1: option changed

//att.my.yahoo.com/?_bc=1: option changed

_iu14D2N.tmp: option changed

~cbiigmr.exe: option changed

I don't know what these entries mean.

I believe these files are being loaded before WindowsXP SP3 by a MBR Rootkit, but I'm not sure.

I blocked them all.

OA++ Antivirus Complete Scan found the following:

C:\Documents and Settings\All Users\Application Data\Symantec\hpc\:3898751835 Suspicious (alternate data stream)

C:\Documents and Settings\Yosemitest\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe Infected by: Riskware.Risktool.PowerRegScheduler!IK

C:\Program Files\AT&T\Internet Security Wizard\ISW.exe:?SummaryInformation Suspicious (alternate data stream)

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:?SummaryInformation Suspicious (alternate data stream)

C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe:?SummaryInformation Suspicious (alternate data stream)

C:\WINDOWS\$NtServicePackUninstall$\hotplug.dll:?SummaryInformation Suspicious (alternate data stream)

C:\WINDOWS\$NtServicePackUninstall$\lsass.exe:?SummaryInformation Suspicious (alternate data stream)

C:\WINDOWS\$NtServicePackUninstall$\wscript.exe:?SummaryInformation Suspicious (alternate data stream)

I blocked the infection again and extracted and deleted the ADS files.

The scan didn't finish. It ran for 1 hour 30 minutes 24 seconds and locked up on "E" drive with time left to finish 02:10:47.

the program "C:\WINDOWS\system32\newdev.dll" came up and I set it to "Ask" and "Run Safer".

I restarted and tried to do a full scan agin with "Online Armor++" and it ran 03:02:39 and froze up with 04:21:39 time left.

The file it froze up on was "E:\Backup Plan\(my name)_C_Drive003.v2i"(a Norton Ghost 12.0 image of "C" Drive )

I did some reading and found "MBRCheck.exe" .

I ran it under "Online Armor++" and selected "trust it" and run.

MBRCheck, version 1.2.3

© 2010, AD

Command-line

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000'00007e00 (NTFS)

Size Device Name MBR Status

---------------------------------------------------------------------

55 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 31D100779DE502702C374F7C15687B56FCFD5528

208 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Press ENTER to exit...

Here's the dump log from "MBRCheck.exe" .

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001fc

Kernel Drivers (total 159):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806FF000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF75A8000 ACPI.sys

0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xF7597000 pci.sys

0xF75F7000 isapnp.sys

0xF7607000 ohci1394.sys

0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS

0xF789B000 compbatt.sys

0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF74D9000 pcmcia.sys

0xF7627000 MountMgr.sys

0xF74BA000 ftdisk.sys

0xF78A3000 ACPIEC.sys

0xF7A50000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS

0xF770F000 PartMgr.sys

0xF7637000 VolSnap.sys

0xF74A2000 atapi.sys

0xF7647000 disk.sys

0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF7482000 fltmgr.sys

0xF746B000 DRVMCDB.SYS

0xF7667000 PxHelp20.sys

0xF7868000 symsnap.sys

0xF7851000 KSecDD.sys

0xF7B52000 Ntfs.sys

0xF795A000 NDIS.sys

0xF7837000 Mup.sys

0xF78A7000 atisgkaf.sys

0xB9FDF000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xF79AB000 \SystemRoot\System32\Drivers\hkdrv.sys

0xB988F000 \SystemRoot\System32\DRIVERS\ati2mtag.sys

0xB987B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

0xF77DF000 \SystemRoot\System32\DRIVERS\usbohci.sys

0xB9857000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF77E7000 \SystemRoot\System32\DRIVERS\usbehci.sys

0xB9FCF000 \SystemRoot\System32\DRIVERS\imapi.sys

0xBA7D8000 \SystemRoot\system32\drivers\pfc.sys

0xF79AD000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0xF7697000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF76A7000 \SystemRoot\System32\DRIVERS\redbook.sys

0xB9834000 \SystemRoot\System32\DRIVERS\ks.sys

0xF77EF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xF76B7000 \SystemRoot\System32\DRIVERS\i8042prt.sys

0xBA7D0000 \SystemRoot\System32\Drivers\DKbFltr.sys

0xF77F7000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xB981B000 \SystemRoot\System32\DRIVERS\Apfiltr.sys

0xF77FF000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF76C7000 \SystemRoot\System32\DRIVERS\smcirda.sys

0xBA7C8000 \SystemRoot\System32\DRIVERS\irenum.sys

0xB9807000 \SystemRoot\System32\DRIVERS\parport.sys

0xBA7C0000 \SystemRoot\System32\DRIVERS\CmBatt.sys

0xF76D7000 \SystemRoot\System32\DRIVERS\nic1394.sys

0xB97AA000 \SystemRoot\System32\DRIVERS\ar5211.sys

0xB978A000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys

0xF76E7000 \SystemRoot\System32\DRIVERS\EMS7SK.sys

0xF76F7000 \SystemRoot\System32\DRIVERS\ESD7SK.sys

0xB9739000 \SystemRoot\System32\DRIVERS\ESM7SK.sys

0xB934A000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xB9326000 \SystemRoot\system32\drivers\portcls.sys

0xF7587000 \SystemRoot\system32\drivers\drmk.sys

0xB91F1000 \SystemRoot\System32\DRIVERS\AGRSM.sys

0xF780F000 \SystemRoot\System32\Drivers\Modem.SYS

0xF7A72000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF7817000 \SystemRoot\System32\DRIVERS\rasirda.sys

0xF781F000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF7577000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xBA7B0000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xB91B2000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF7567000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF7557000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF773F000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF7747000 \SystemRoot\System32\DRIVERS\raspti.sys

0xF7547000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF79AF000 \SystemRoot\System32\DRIVERS\swenum.sys

0xB9104000 \SystemRoot\System32\DRIVERS\update.sys

0xBA78D000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF7527000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF745B000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xF79B3000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xF7767000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF79B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7A87000 \SystemRoot\System32\Drivers\Null.SYS

0xF79B9000 \SystemRoot\System32\Drivers\Beep.SYS

0xF776F000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0xF7777000 \SystemRoot\System32\drivers\vga.sys

0xF79BB000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79BD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xAE46E000 \SystemRoot\System32\Drivers\meiudf.sys

0xAE45D000 \SystemRoot\System32\Drivers\Udfs.SYS

0xF777F000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7787000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7937000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xF778F000 \??\C:\WINDOWS\system32\drivers\OAnet.sys

0xAE44A000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xF742B000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xAE3F1000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xF741B000 \??\C:\WINDOWS\system32\drivers\OAmon.sys

0xAE3CB000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xAE3A3000 \SystemRoot\System32\DRIVERS\netbt.sys

0xF740B000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xAE381000 \SystemRoot\System32\drivers\afd.sys

0xF7887000 \SystemRoot\System32\DRIVERS\netbios.sys

0xF79BF000 \SystemRoot\System32\Drivers\TPIoMngr.sys

0xF79C1000 \SystemRoot\System32\Drivers\SSIoMngr.sys

0xF79C3000 \SystemRoot\System32\Drivers\EPIoMngr.sys

0xF79C5000 \SystemRoot\System32\Drivers\EKIoMngr.sys

0xAE2BF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

0xF7797000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

0xAE294000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xF779F000 \??\C:\WINDOWS\system32\drivers\oahlp32.sys

0xAE23C000 \??\C:\WINDOWS\system32\drivers\OADriver.sys

0xAE1CC000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xBA05F000 \SystemRoot\System32\Drivers\Fips.SYS

0xBA04F000 \SystemRoot\System32\DRIVERS\arp1394.sys

0xF79C7000 \SystemRoot\System32\Drivers\ECioctl.sys

0xF77A7000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS

0xF77AF000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xBA7EC000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xBA02F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF77B7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB91E9000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77BF000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7A85000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF049000 \SystemRoot\System32\ati2cqag.dll

0xBF083000 \SystemRoot\System32\ati3d2ag.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xAE361000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xBA79C000 \SystemRoot\System32\DLA\DLADResM.SYS

0xAE010000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0xF77CF000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0xF79D5000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0xF79D7000 \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys

0xF77D7000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0xF7807000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0xADFD2000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0xADFBB000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0xADEB5000 \SystemRoot\System32\DRIVERS\irda.sys

0xAE038000 \SystemRoot\System32\DRIVERS\mdc8021x.sys

0xAE030000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xAE028000 \SystemRoot\System32\DRIVERS\netdevio.sys

0xADD51000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xADDE5000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xAE08A000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xAE088000 \SystemRoot\System32\Drivers\ASCTRM.SYS

0xADAA1000 \SystemRoot\System32\DRIVERS\srv.sys

0xADA8C000 \SystemRoot\system32\drivers\wdmaud.sys

0xADD09000 \SystemRoot\system32\drivers\sysaudio.sys

0xAE1C4000 \SystemRoot\system32\DRIVERS\v2imount.sys

0xAD3E3000 \SystemRoot\System32\Drivers\HTTP.sys

0xACFA5000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):

0 System Idle Process

4 System

424 C:\WINDOWS\system32\smss.exe

476 csrss.exe

500 C:\WINDOWS\system32\winlogon.exe

544 C:\WINDOWS\system32\services.exe

556 C:\WINDOWS\system32\lsass.exe

792 C:\WINDOWS\system32\svchost.exe

844 svchost.exe

884 C:\WINDOWS\system32\svchost.exe

936 C:\WINDOWS\system32\acs.exe

1004 svchost.exe

1028 svchost.exe

1140 C:\Program Files\Tall Emu\Online Armor\oacat.exe

1240 C:\Program Files\Tall Emu\Online Armor\oasrv.exe

1444 C:\WINDOWS\explorer.exe

1508 C:\Program Files\Tall Emu\Online Armor\a2\avgate.exe

1612 C:\WINDOWS\system32\spoolsv.exe

1672 C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

1684 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

1732 C:\WINDOWS\system32\DVDRAMSV.exe

1764 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

1792 C:\Program Files\Java\jre6\bin\jqs.exe

1816 C:\Program Files\Common Files\Motive\McciCMService.exe

1872 C:\Program Files\Norton Ghost\Agent\VProSvc.exe

1984 C:\WINDOWS\system32\svchost.exe

2040 C:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

1152 C:\WINDOWS\system32\wscntfy.exe

2136 alg.exe

3924 C:\Program Files\Toshiba\E-KEY\CeEKey.exe

4088 C:\Program Files\Norton Ghost\Agent\VProTray.exe

1916 C:\Program Files\Tall Emu\Online Armor\oaui.exe

1180 C:\Program Files\Common Files\Java\Java Update\jusched.exe

2592 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2644 C:\WINDOWS\system32\ctfmon.exe

2924 C:\WINDOWS\system32\RAMASST.exe

3152 C:\Program Files\Tall Emu\Online Armor\oahlp.exe

3252 C:\Program Files\Secunia\PSI\psi.exe

1560 C:\Documents and Settings\Yosemitest\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N060ATMR04-0, Rev: MO3OAD4A

PhysicalDrive4 Model Number: WD3200BMV External, Rev: 1.75

Size Device Name MBR Status

--------------------------------------------

55 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 31D100779DE502702C374F7C15687B56FCFD5528

298 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Does this help? :)

Sincerely, Yosemitest.

Link to post
Share on other sites

  • Root Admin

Well this is not the place to be doing scans for Malware.

What issues are you currently having, or do you see? If it is malware that you think you have then you need to follow the advice below.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.