Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Weird MBR Volume Extra Drive Show Up

07 Aug 2011   #1

windows 7 home professional 32bit
Weird MBR Volume Extra Drive Show Up

Ok ,this is really weird. I don't know if someone is taking over my computer or what. Boot up is really slow with process taking 50% CPU. Account unknown is on the logon under permissions as well as the console logon. I have to kill the process or else the process keeps using up my ram. This is on a Intel dual core processor with Windows 7 professional home and 2gb of ram on a 320HD.

When I get email in outlook, clicking on the message opens up my browser as though looking for a server and I get an error message. file:///C:/Users/Hannspree/AppData/Local/Microsoft/Windows/Temporary%20Internet%20Files/%7B89314F91-B675-4CF9-A7F2-544F14BA1676%7D/%7BE78C07C0-7AAE-4B63-BB6C-D692F73D3559%7D.html

I happen to look a C:\ drive under properties. I click on defrag and I get an extra volume or drive showing up. What is more strange is the fact is that I just happen to click on the C Drive and click on tools and then defrag, it shows a strange volume or disk. I have no idea where or how that disk got on my computer. It looks like a redirect to a server somewhere.


\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`77100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`3b100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
298 GB \\.\PhysicalDrive0 Unknown MBR code

I ran bootrec /fixmbr which works but it still shows up in C: Drive under defrag.

Any ideas on what's going on or how to get rid of this drive or volume?
SHA1: 932574F4079BA24A086DB856C58A224C97813B78

First pic is the problem showing the volume drive
second pic shows computer management in control panel everything looks normal.
third pic shows what started the whole problem in email

Yikes what going on. Has my computer become a zombie to spam out email? I have all the latest anti-virus and malware software install monitoring in real time.

My System SpecsSystem Spec

07 Aug 2011   #2

Windows 7 Enterprise x64 SP1

Download TDSS Killer, and run it. If it finds any viruses (marked with red, and not yellow which is only a notice) follow the instructions here.
Download and install MalwareBytes, update virus library (or whatever it is called) disconnect internet and run a full scan!
This is a laptop right? That partition seems to be your windows Vista/7 recovery and install partition.
Originally it was/is a hidden partition for windows installer files. Have you used it previously, did you buy the laptop with windows 7?
My System SpecsSystem Spec
07 Aug 2011   #3

windows 7 home professional 32bit

I am running SAS, Avira, WinPatrol, Spyware Blaster, Spybot, Malwarebytes, Windows Defender in Real time. I ran all files nothing. The problem is that something is taken over my laptop and using 50% CPU in svchost file with an unknown account number. It started in Outlook when I click on an email file it launches Firefox as those my machine is a zombie sending out spam.

I ran Avira rootkit, Sophos rootkit, TDSS killer and nothing. Has me stumped.
My System SpecsSystem Spec

08 Aug 2011   #4

Windows 7 Enterprise x64 SP1

Go to C:\Users you will have to see 2 or 3 accounts: Yours, Public, Default (don't mind if you don't see default because it is hidden)
If there are any other accounts, delete or put them to another directory (better would be to put them into quarantine/block access with your AV)
What about your preinstalled OS?
My System SpecsSystem Spec
08 Aug 2011   #5

windows 7 home professional 32bit

Ok, under C:\Users I have showing:
All Users with a lock
Default User with a lock
Hannspree with a lock
In Control Panel, under user accounts, I have Administrator, Nancy, Guest turn-off

What's weird is why is this drive only showing up under defrag only and not under windows explorer or admin panel. Rootkit in MBR or Kernel?

Really confused. Thanks for your help
My System SpecsSystem Spec
09 Aug 2011   #6

Windows 7 Enterprise x64 SP1

No no no, that is because it doesn't have a drive letter assigned:
Please scroll down to: 6. To Add a Drive Letter
My System SpecsSystem Spec
09 Aug 2011   #7

windows 7 home professional 32bit

It will not allow me to add a drive. I right click and all I get is a square box with help in it. If I click on the other drives or volumes, it brings up the screen in 6. Add Drive Letter.
My System SpecsSystem Spec
09 Aug 2011   #8

Windows 7 Enterprise x64 SP1

Please use this partition wizzard then.
Try to add driver letter, if that fails, Delete (Not wipe or format) that extra partition.
Make a new partition to the maximum size available and set NTFS file format.
Now try to add a drive letter again!
I hope this solves the problem..
My System SpecsSystem Spec
09 Aug 2011   #9

windows 7 home professional 32bit

Just to show what happens when I am running the computer, svchost.exe 6048 shows the CPU Usage and it can be another svchost.exe number - doesn't matter - everytime I boot up. Examining svchost.exe shows an unknown account logged in on console logon and my logon and the CPU constantly runs at 48 -50% until I remove the unknown account and kill the process. Then everything is find.

That why I think my computer has been compromise as it started in July after I started doing some work at various internet cafe places.

I'll try your solution.

Thanks for your help
My System SpecsSystem Spec
09 Aug 2011   #10

Windows 7 Enterprise x64 SP1

Wait you can not run all of those AVs simultaniously! You should choose one and uninstall/disable the others!!!!
I suggest Avira or Malwarebytes, decide which u want and remove all the others.
Also type msconfig into start menu and hit enter, a new window will come up go here:

and check "Hide all Microsoft services" now disable all expect your antivirus (whichever you have chosen to keep)
My System SpecsSystem Spec

 Weird MBR Volume Extra Drive Show Up

Thread Tools

Similar help and support threads
Thread Forum
Will extra 4gb of ram show much of a difference in speed
Hi guys, running w-7 500gb hdd 4gb ram. By looking at the shot of performance in the windows task manager, computer is running ok but of course not as fast as when new because of the added files. Will adding another 4gb of memory show any real difference. thanks Gary
General Discussion
Weird text glitch in volume mixer
Hi, I have a weird text glitch in volume mixer and don't know why it happens. See attachment. :mad: The squares! :mad: I'm talking about the square like character "" after the text "system sounds" and "foobar2000". I am using X-FI sound card with recent drivers and have all the windows updates...
Sound & Audio
\\?\Volume{} show up in Defragmenter
This weird volume shows up only in Disk Defragmenter (as far as I can tell) on my computer. What is it, and should it be getting rid of somehow? Here are pics from DD and Disk Management:
Performance & Maintenance
Network Drive volume names do not show up in Windows Explorer
The Network Drive volumes do not show up in Windows Explorer using Windows 7. The network drives appear with the assigned drive letter followed by Network Drive, for example, (Q:) Network Drive I've checked and the volumes are labeled correctly on the servers. Is there a registry entry that needs...
Network & Sharing
Software to show if the volume is going up/down automatically?
Is there any software to show (on screen, in the middle bottom or right bottom for example) if the volume is changing, and maybe also could show the number in the tray between 0-100, whatever the volume is? Is there any mute command in Windows that I can use to create a dll for Logitech G930...
Show Volume name in SRH
The function 'Safely remove Hardware and eject Media' (SRH) normally displays the volume name just below the corresponding disk name. In this case, 2 external disks connected via eSATA to a specific controller show their disk name (friendly name) like under 'Disk drives' in the device manager,...
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:52.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App