Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Weird MBR Volume Extra Drive Show Up


07 Aug 2011   #1

windows 7 home professional 32bit
 
 
Weird MBR Volume Extra Drive Show Up

Ok ,this is really weird. I don't know if someone is taking over my computer or what. Boot up is really slow with process taking 50% CPU. Account unknown is on the logon under permissions as well as the console logon. I have to kill the process or else the process keeps using up my ram. This is on a Intel dual core processor with Windows 7 professional home and 2gb of ram on a 320HD.

When I get email in outlook, clicking on the message opens up my browser as though looking for a server and I get an error message. file:///C:/Users/Hannspree/AppData/Local/Microsoft/Windows/Temporary%20Internet%20Files/%7B89314F91-B675-4CF9-A7F2-544F14BA1676%7D/%7BE78C07C0-7AAE-4B63-BB6C-D692F73D3559%7D.html

I happen to look a C:\ drive under properties. I click on defrag and I get an extra volume or drive showing up. What is more strange is the fact is that I just happen to click on the C Drive and click on tools and then defrag, it shows a strange volume or disk. I have no idea where or how that disk got on my computer. It looks like a redirect to a server somewhere.
\\?\Volume{c0a6d66c-fee7-11df-8ee8-806e6f6e6963}\


MBRCHECK shows

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`77100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`3b100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code

I ran bootrec /fixmbr which works but it still shows up in C: Drive under defrag.

Any ideas on what's going on or how to get rid of this drive or volume?
SHA1: 932574F4079BA24A086DB856C58A224C97813B78

First pic is the problem showing the volume drive
second pic shows computer management in control panel everything looks normal.
third pic shows what started the whole problem in email

Yikes what going on. Has my computer become a zombie to spam out email? I have all the latest anti-virus and malware software install monitoring in real time.



My System SpecsSystem Spec
.

07 Aug 2011   #2

Windows 7 Enterprise x64 no SP
 
 

Download TDSS Killer, and run it. If it finds any viruses (marked with red, and not yellow which is only a notice) follow the instructions here.
Download and install MalwareBytes, update virus library (or whatever it is called) disconnect internet and run a full scan!
This is a laptop right? That partition seems to be your windows Vista/7 recovery and install partition.
Originally it was/is a hidden partition for windows installer files. Have you used it previously, did you buy the laptop with windows 7?
My System SpecsSystem Spec
07 Aug 2011   #3

windows 7 home professional 32bit
 
 

I am running SAS, Avira, WinPatrol, Spyware Blaster, Spybot, Malwarebytes, Windows Defender in Real time. I ran all files nothing. The problem is that something is taken over my laptop and using 50% CPU in svchost file with an unknown account number. It started in Outlook when I click on an email file it launches Firefox as those my machine is a zombie sending out spam.

I ran Avira rootkit, Sophos rootkit, TDSS killer and nothing. Has me stumped.
My System SpecsSystem Spec
.


08 Aug 2011   #4

Windows 7 Enterprise x64 no SP
 
 

Go to C:\Users you will have to see 2 or 3 accounts: Yours, Public, Default (don't mind if you don't see default because it is hidden)
If there are any other accounts, delete or put them to another directory (better would be to put them into quarantine/block access with your AV)
What about your preinstalled OS?
My System SpecsSystem Spec
08 Aug 2011   #5

windows 7 home professional 32bit
 
 

Ok, under C:\Users I have showing:
Administrator
All Users with a lock
Default
Default User with a lock
Hannspree with a lock
Nancy
Public
In Control Panel, under user accounts, I have Administrator, Nancy, Guest turn-off

What's weird is why is this drive only showing up under defrag only and not under windows explorer or admin panel. Rootkit in MBR or Kernel?

Really confused. Thanks for your help
My System SpecsSystem Spec
09 Aug 2011   #6

Windows 7 Enterprise x64 no SP
 
 

No no no, that is because it doesn't have a drive letter assigned:
Please scroll down to: 6. To Add a Drive Letter
http://www.sevenforums.com/tutorials...ndows-7-a.html
My System SpecsSystem Spec
09 Aug 2011   #7

windows 7 home professional 32bit
 
 

It will not allow me to add a drive. I right click and all I get is a square box with help in it. If I click on the other drives or volumes, it brings up the screen in 6. Add Drive Letter.
My System SpecsSystem Spec
09 Aug 2011   #8

Windows 7 Enterprise x64 no SP
 
 

Please use this partition wizzard then.
Try to add driver letter, if that fails, Delete (Not wipe or format) that extra partition.
Make a new partition to the maximum size available and set NTFS file format.
Now try to add a drive letter again!
I hope this solves the problem..
My System SpecsSystem Spec
09 Aug 2011   #9

windows 7 home professional 32bit
 
 

Just to show what happens when I am running the computer, svchost.exe 6048 shows the CPU Usage and it can be another svchost.exe number - doesn't matter - everytime I boot up. Examining svchost.exe shows an unknown account logged in on console logon and my logon and the CPU constantly runs at 48 -50% until I remove the unknown account and kill the process. Then everything is find.

That why I think my computer has been compromise as it started in July after I started doing some work at various internet cafe places.

I'll try your solution.

Thanks for your help
My System SpecsSystem Spec
09 Aug 2011   #10

Windows 7 Enterprise x64 no SP
 
 

Wait you can not run all of those AVs simultaniously! You should choose one and uninstall/disable the others!!!!
I suggest Avira or Malwarebytes, decide which u want and remove all the others.
Also type msconfig into start menu and hit enter, a new window will come up go here:

and check "Hide all Microsoft services" now disable all expect your antivirus (whichever you have chosen to keep)
My System SpecsSystem Spec
Reply

 Weird MBR Volume Extra Drive Show Up




Thread Tools



Similar help and support threads for2: Weird MBR Volume Extra Drive Show Up
Thread Forum
Weird text glitch in volume mixer Sound & Audio
\\?\Volume{} show up in Defragmenter Performance & Maintenance
Network Drive volume names do not show up in Windows Explorer Network & Sharing
Solved Software to show if the volume is going up/down automatically? Software
Solved Show Volume name in SRH General Discussion
Extra Drive Hardware & Devices
XP to Win7: Extra drive ? General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:57 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33