how do I remove a "ghost" cd rom drive

[addajio]

Xp/SP2/1-CD-Rom read only drive.
This computer has never had a second drive and hardly gets used except for
older games. I have used patchs/mods/add ons from time to time.
Device manager shows 1 drive and says it is working properly.
I tried to run Soldiers: Heroes of WW2 which ran fine some months ago and
has Starforce copy protection. I have since restored this hard drive from a
Macrium Image and didn't try to run the game til today. This is the original
box game with manuals and Disk Key. A window complained "No disk found" so I
un-installed/re-installed from the E drive...same thing. Upon looking in
Windows Explorer in the tree to the left, I noticed an "E" drive and a new
"F" drive
Both drives show the contents of the game disk and both [right click on
drive and click on eject command]will Eject the CD if told to, so I know that
the F drive is some sort of virtual or image drive of the E drive, but I can
find no way to remove it. This F drive must somehow be interferring with the
E drive so I have to remove it.
Thanks for any suggestions - Tony.

 

[Uwe Sieber]

Xp/SP2/1-CD-Rom read only drive.
This computer has never had a second drive and hardly gets used except for
older games. I have used patchs/mods/add ons from time to time.
Device manager shows 1 drive and says it is working properly.
I tried to run Soldiers: Heroes of WW2 which ran fine some months ago and
has Starforce copy protection. I have since restored this hard drive from a
Macrium Image and didn't try to run the game til today. This is the original
box game with manuals and Disk Key. A window complained "No disk found" so I
un-installed/re-installed from the E drive...same thing. Upon looking in
Windows Explorer in the tree to the left, I noticed an "E" drive and a new
"F" drive
Both drives show the contents of the game disk and both [right click on
drive and click on eject command]will Eject the CD if told to, so I know that
the F drive is some sort of virtual or image drive of the E drive, but I can
find no way to remove it. This F drive must somehow be interferring with the
E drive so I have to remove it.

Open a command prompt (Start -> Run, enter CMD here).

Enter MOUNTVOL

If the volume name (this \\?\Volume{GUID}\ thing) is
identical for E: and F: then it is ok to delete letter
F:. The command is

MOUNTVOL F: /D


Uwe

 

[addajio]

Thanks Uwe - I have a screenshot of the MOUNTVOL command [the dos box closed
so fast that it took 15 or so times of hitting pause to catch it], but I
guess I can't attach here...Ill send it if you want. There was no mention of
E or F drives and what you described isnt quite what I saw - tho it did have
2 of the same number at the bottom, I think it was just referencing the first
number twice. There should be no F drive so I could probably go ahead and use
your command to remove it, but I'll wait to hear from you - thanks again -
Tony

Xp/SP2/1-CD-Rom read only drive.
This computer has never had a second drive and hardly gets used except for
older games. I have used patchs/mods/add ons from time to time.
Device manager shows 1 drive and says it is working properly.
I tried to run Soldiers: Heroes of WW2 which ran fine some months ago and
has Starforce copy protection. I have since restored this hard drive from a
Macrium Image and didn't try to run the game til today. This is the original
box game with manuals and Disk Key. A window complained "No disk found" so I
un-installed/re-installed from the E drive...same thing. Upon looking in
Windows Explorer in the tree to the left, I noticed an "E" drive and a new
"F" drive
Both drives show the contents of the game disk and both [right click on
drive and click on eject command]will Eject the CD if told to, so I know that
the F drive is some sort of virtual or image drive of the E drive, but I can
find no way to remove it. This F drive must somehow be interferring with the
E drive so I have to remove it.

Open a command prompt (Start -> Run, enter CMD here).

Enter MOUNTVOL

If the volume name (this \\?\Volume{GUID}\ thing) is
identical for E: and F: then it is ok to delete letter
F:. The command is

MOUNTVOL F: /D


Uwe

 

[Uwe Sieber]

Why not open a command prompt before and enter the
commands in there? Then it stays open and you can
look at it as long as needed.

Start -> Run, enter CMD here

You can also redirect the output of console commands:

mountvol > c:\mountvol.txt

Instead to the console window the output is written
to c:\mountvol.txt. Then and you can post the text
here.


Uwe

Thanks Uwe - I have a screenshot of the MOUNTVOL command [the dos box closed
so fast that it took 15 or so times of hitting pause to catch it], but I
guess I can't attach here...Ill send it if you want. There was no mention of
E or F drives and what you described isnt quite what I saw - tho it did have
2 of the same number at the bottom, I think it was just referencing the first
number twice. There should be no F drive so I could probably go ahead and use
your command to remove it, but I'll wait to hear from you - thanks again -
Tony

Xp/SP2/1-CD-Rom read only drive.
This computer has never had a second drive and hardly gets used except for
older games. I have used patchs/mods/add ons from time to time.
Device manager shows 1 drive and says it is working properly.
I tried to run Soldiers: Heroes of WW2 which ran fine some months ago and
has Starforce copy protection. I have since restored this hard drive from a
Macrium Image and didn't try to run the game til today. This is the original
box game with manuals and Disk Key. A window complained "No disk found" so I
un-installed/re-installed from the E drive...same thing. Upon looking in
Windows Explorer in the tree to the left, I noticed an "E" drive and a new
"F" drive
Both drives show the contents of the game disk and both [right click on
drive and click on eject command]will Eject the CD if told to, so I know that
the F drive is some sort of virtual or image drive of the E drive, but I can
find no way to remove it. This F drive must somehow be interferring with the
E drive so I have to remove it.

Open a command prompt (Start -> Run, enter CMD here).

Enter MOUNTVOL

If the volume name (this \\?\Volume{GUID}\ thing) is
identical for E: and F: then it is ok to delete letter
F:. The command is

MOUNTVOL F: /D


Uwe

 

[addajio]

....and here it is:

"MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L

path Specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.

Possible values for VolumeName along with current mount points are:

\\?\Volume{77d77992-046d-11de-902c-806d6172696f}\
C:\

\\?\Volume{bdd19a56-2ad9-11de-9d46-806d6172696f}\
D:\

\\?\Volume{77d77991-046d-11de-902c-806d6172696f}\
The maximum number of secrets that may be stored in a single system has been
exceeded.
\\?\Volume{77d77990-046d-11de-902c-806d6172696f}\
A:\"

....Don't know how relevant this is, but this is an IDE 80 Gig drive,
partitioned with 5 Gig to Win 98 "C" drive and 35 Gig to XP "D" drive.
Thanks for the Dos help Dave and Uwe, I can barely remember my first OS -
3.1 and the Autoexec and Config Sys were over my head.- glad some people
still know it.
Hope this helps - Tony

p.s. I guess the last two #s aren't identical

Why not open a command prompt before and enter the
commands in there? Then it stays open and you can
look at it as long as needed.

Start -> Run, enter CMD here

You can also redirect the output of console commands:

mountvol > c:\mountvol.txt

Instead to the console window the output is written
to c:\mountvol.txt. Then and you can post the text
here.


Uwe

Thanks Uwe - I have a screenshot of the MOUNTVOL command [the dos box closed
so fast that it took 15 or so times of hitting pause to catch it], but I
guess I can't attach here...Ill send it if you want. There was no mention of
E or F drives and what you described isnt quite what I saw - tho it did have
2 of the same number at the bottom, I think it was just referencing the first
number twice. There should be no F drive so I could probably go ahead and use
your command to remove it, but I'll wait to hear from you - thanks again -
Tony

addajio wrote:
Xp/SP2/1-CD-Rom read only drive.
This computer has never had a second drive and hardly gets used except for
older games. I have used patchs/mods/add ons from time to time.
Device manager shows 1 drive and says it is working properly.
I tried to run Soldiers: Heroes of WW2 which ran fine some months ago and
has Starforce copy protection. I have since restored this hard drive from a
Macrium Image and didn't try to run the game til today. This is the original
box game with manuals and Disk Key. A window complained "No disk found" so I
un-installed/re-installed from the E drive...same thing. Upon looking in
Windows Explorer in the tree to the left, I noticed an "E" drive and a new
"F" drive
Both drives show the contents of the game disk and both [right click on
drive and click on eject command]will Eject the CD if told to, so I know that
the F drive is some sort of virtual or image drive of the E drive, but I can
find no way to remove it. This F drive must somehow be interferring with the
E drive so I have to remove it.
Open a command prompt (Start -> Run, enter CMD here).

Enter MOUNTVOL

If the volume name (this \\?\Volume{GUID}\ thing) is
identical for E: and F: then it is ok to delete letter
F:. The command is

MOUNTVOL F: /D


Uwe

 

[David]

Hhhmmm. that doesn't really show you the extra CD drive.

I don't know what to suggest.

--
Best regards,
Dave Colliver.
http://www.AshfieldFOCUS.com
~~
http://www.FOCUSPortals.com - Local franchises available

...and here it is:

"MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L

path Specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified
directory.
/L Lists the mounted volume name for the specified directory.

Possible values for VolumeName along with current mount points are:

\\?\Volume{77d77992-046d-11de-902c-806d6172696f}\
C:\

\\?\Volume{bdd19a56-2ad9-11de-9d46-806d6172696f}\
D:\

\\?\Volume{77d77991-046d-11de-902c-806d6172696f}\
The maximum number of secrets that may be stored in a single system has
been
exceeded.
\\?\Volume{77d77990-046d-11de-902c-806d6172696f}\
A:\"

...Don't know how relevant this is, but this is an IDE 80 Gig drive,
partitioned with 5 Gig to Win 98 "C" drive and 35 Gig to XP "D" drive.
Thanks for the Dos help Dave and Uwe, I can barely remember my first OS -
3.1 and the Autoexec and Config Sys were over my head.- glad some people
still know it.
Hope this helps - Tony

p.s. I guess the last two #s aren't identical

Why not open a command prompt before and enter the
commands in there? Then it stays open and you can
look at it as long as needed.

Start -> Run, enter CMD here

You can also redirect the output of console commands:

mountvol > c:\mountvol.txt

Instead to the console window the output is written
to c:\mountvol.txt. Then and you can post the text
here.


Uwe

Thanks Uwe - I have a screenshot of the MOUNTVOL command [the dos box
closed
so fast that it took 15 or so times of hitting pause to catch it], but
I
guess I can't attach here...Ill send it if you want. There was no
mention of
E or F drives and what you described isnt quite what I saw - tho it did
have
2 of the same number at the bottom, I think it was just referencing the
first
number twice. There should be no F drive so I could probably go ahead
and use
your command to remove it, but I'll wait to hear from you - thanks
again -
Tony

:

addajio wrote:
Xp/SP2/1-CD-Rom read only drive.
This computer has never had a second drive and hardly gets used
except for
older games. I have used patchs/mods/add ons from time to time.
Device manager shows 1 drive and says it is working properly.
I tried to run Soldiers: Heroes of WW2 which ran fine some months ago
and
has Starforce copy protection. I have since restored this hard drive
from a
Macrium Image and didn't try to run the game til today. This is the
original
box game with manuals and Disk Key. A window complained "No disk
found" so I
un-installed/re-installed from the E drive...same thing. Upon looking
in
Windows Explorer in the tree to the left, I noticed an "E" drive and
a new
"F" drive
Both drives show the contents of the game disk and both [right click
on
drive and click on eject command]will Eject the CD if told to, so I
know that
the F drive is some sort of virtual or image drive of the E drive,
but I can
find no way to remove it. This F drive must somehow be interferring
with the
E drive so I have to remove it.
Open a command prompt (Start -> Run, enter CMD here).

Enter MOUNTVOL

If the volume name (this \\?\Volume{GUID}\ thing) is
identical for E: and F: then it is ok to delete letter
F:. The command is

MOUNTVOL F: /D


Uwe

 

[Uwe Sieber]

"The maximum number of secrets that may be stored in a single
system has been exceeded." is the Windows error message
ERROR_TOO_MANY_SECRETS.

I had no idea why MOUNTVOL comes up with it. Some googling
lead to this:
http://forum.sysinternals.com/forum_posts.asp?TID=15413

Probably you have this malware on your system.

The guy there let scan the malware at virustotal and
only some detected it:
http://www.virustotal.com/analisis/1465db77ada4b671759307e514764322

He also wrote that the tool RootRepeal can remove it:
http://rootrepeal.googlepages.com/


Uwe

...and here it is:

"MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L

path Specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.

Possible values for VolumeName along with current mount points are:

\\?\Volume{77d77992-046d-11de-902c-806d6172696f}\
C:\

\\?\Volume{bdd19a56-2ad9-11de-9d46-806d6172696f}\
D:\

\\?\Volume{77d77991-046d-11de-902c-806d6172696f}\
The maximum number of secrets that may be stored in a single system has been
exceeded.
\\?\Volume{77d77990-046d-11de-902c-806d6172696f}\
A:\"

...Don't know how relevant this is, but this is an IDE 80 Gig drive,
partitioned with 5 Gig to Win 98 "C" drive and 35 Gig to XP "D" drive.
Thanks for the Dos help Dave and Uwe, I can barely remember my first OS -
3.1 and the Autoexec and Config Sys were over my head.- glad some people
still know it.
Hope this helps - Tony

p.s. I guess the last two #s aren't identical

Why not open a command prompt before and enter the
commands in there? Then it stays open and you can
look at it as long as needed.

Start -> Run, enter CMD here

You can also redirect the output of console commands:

mountvol > c:\mountvol.txt

Instead to the console window the output is written
to c:\mountvol.txt. Then and you can post the text
here.


Uwe

Thanks Uwe - I have a screenshot of the MOUNTVOL command [the dos box closed
so fast that it took 15 or so times of hitting pause to catch it], but I
guess I can't attach here...Ill send it if you want. There was no mention of
E or F drives and what you described isnt quite what I saw - tho it did have
2 of the same number at the bottom, I think it was just referencing the first
number twice. There should be no F drive so I could probably go ahead and use
your command to remove it, but I'll wait to hear from you - thanks again -
Tony

:

addajio wrote:
Xp/SP2/1-CD-Rom read only drive.
This computer has never had a second drive and hardly gets used except for
older games. I have used patchs/mods/add ons from time to time.
Device manager shows 1 drive and says it is working properly.
I tried to run Soldiers: Heroes of WW2 which ran fine some months ago and
has Starforce copy protection. I have since restored this hard drive from a
Macrium Image and didn't try to run the game til today. This is the original
box game with manuals and Disk Key. A window complained "No disk found" so I
un-installed/re-installed from the E drive...same thing. Upon looking in
Windows Explorer in the tree to the left, I noticed an "E" drive and a new
"F" drive
Both drives show the contents of the game disk and both [right click on
drive and click on eject command]will Eject the CD if told to, so I know that
the F drive is some sort of virtual or image drive of the E drive, but I can
find no way to remove it. This F drive must somehow be interferring with the
E drive so I have to remove it.
Open a command prompt (Start -> Run, enter CMD here).

Enter MOUNTVOL

If the volume name (this \\?\Volume{GUID}\ thing) is
identical for E: and F: then it is ok to delete letter
F:. The command is

MOUNTVOL F: /D


Uwe

 

[addajio]

....thanks for investigating. The "secrets" line puzzled me...but then Dos
puzzles me.
I am runnig Avira and Malwarebyte, both free versions, with no
notifications...and current updates.

Running RootRepeal yielded 1 Red entry of about 125 on the Drivers
tab...right cliching allows me to dump,copy,wipe,or delete...I did copy the
file "hjgruiwbppjnav.sys. - it is the only file with "Yes" in the Hidden
Column. How do I proceed?

Running a scan from the "Files" tab yielded 100 results, over 70 with names
like the above file...and these can be copied,wiped or deleted, but I have no
way [shoert of screen shots] to show the list...what to do here?

I'll stop here, as the other 5 tabs can be scanned and Im getting lost.
Is there something specific I should get from RootRepeal for you to advise
further?

Turns out my game not running was due to other issues, and the F drive's
existence doesn't SEEM to be a problem [your cautions welcome] so at worst I
may ignore it until the next image restore
-thanks, Tony

"The maximum number of secrets that may be stored in a single
system has been exceeded." is the Windows error message
ERROR_TOO_MANY_SECRETS.

I had no idea why MOUNTVOL comes up with it. Some googling
lead to this:
http://forum.sysinternals.com/forum_posts.asp?TID=15413

Probably you have this malware on your system.

The guy there let scan the malware at virustotal and
only some detected it:
http://www.virustotal.com/analisis/1465db77ada4b671759307e514764322

He also wrote that the tool RootRepeal can remove it:
http://rootrepeal.googlepages.com/


Uwe

...and here it is:

"MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L

path Specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.

Possible values for VolumeName along with current mount points are:

\\?\Volume{77d77992-046d-11de-902c-806d6172696f}\
C:\

\\?\Volume{bdd19a56-2ad9-11de-9d46-806d6172696f}\
D:\

\\?\Volume{77d77991-046d-11de-902c-806d6172696f}\
The maximum number of secrets that may be stored in a single system has been
exceeded.
\\?\Volume{77d77990-046d-11de-902c-806d6172696f}\
A:\"

...Don't know how relevant this is, but this is an IDE 80 Gig drive,
partitioned with 5 Gig to Win 98 "C" drive and 35 Gig to XP "D" drive.
Thanks for the Dos help Dave and Uwe, I can barely remember my first OS -
3.1 and the Autoexec and Config Sys were over my head.- glad some people
still know it.
Hope this helps - Tony

p.s. I guess the last two #s aren't identical

Why not open a command prompt before and enter the
commands in there? Then it stays open and you can
look at it as long as needed.

Start -> Run, enter CMD here

You can also redirect the output of console commands:

mountvol > c:\mountvol.txt

Instead to the console window the output is written
to c:\mountvol.txt. Then and you can post the text
here.


Uwe




addajio wrote:
Thanks Uwe - I have a screenshot of the MOUNTVOL command [the dos box closed
so fast that it took 15 or so times of hitting pause to catch it], but I
guess I can't attach here...Ill send it if you want. There was no mention of
E or F drives and what you described isnt quite what I saw - tho it did have
2 of the same number at the bottom, I think it was just referencing the first
number twice. There should be no F drive so I could probably go ahead and use
your command to remove it, but I'll wait to hear from you - thanks again -
Tony

:

addajio wrote:
Xp/SP2/1-CD-Rom read only drive.
This computer has never had a second drive and hardly gets used except for
older games. I have used patchs/mods/add ons from time to time.
Device manager shows 1 drive and says it is working properly.
I tried to run Soldiers: Heroes of WW2 which ran fine some months ago and
has Starforce copy protection. I have since restored this hard drive from a
Macrium Image and didn't try to run the game til today. This is the original
box game with manuals and Disk Key. A window complained "No disk found" so I
un-installed/re-installed from the E drive...same thing. Upon looking in
Windows Explorer in the tree to the left, I noticed an "E" drive and a new
"F" drive
Both drives show the contents of the game disk and both [right click on
drive and click on eject command]will Eject the CD if told to, so I know that
the F drive is some sort of virtual or image drive of the E drive, but I can
find no way to remove it. This F drive must somehow be interferring with the
E drive so I have to remove it.
Open a command prompt (Start -> Run, enter CMD here).

Enter MOUNTVOL

If the volume name (this \\?\Volume{GUID}\ thing) is
identical for E: and F: then it is ok to delete letter
F:. The command is

MOUNTVOL F: /D


Uwe

 

[Uwe Sieber]

You could upload the copy to http://www.virustotal.com and
see if you get the same or a similar result as shown before.
Maybe it's a different malware, the error message
ERROR_TOO_MANY_SECRETS sounds funny an might be used by
other malware makers too.

Delete or wipe is the right choice, copy does not change
anything.
I've never seen names like this for anything else than
malware or temporary files. Delete or wipe them all.

But you never can be sure if the cleanup was complete.
If you have a system backup from the time before the
problems came up, I would restore the system.


Uwe

...thanks for investigating. The "secrets" line puzzled me...but then Dos
puzzles me.
I am runnig Avira and Malwarebyte, both free versions, with no
notifications...and current updates.

Running RootRepeal yielded 1 Red entry of about 125 on the Drivers
tab...right cliching allows me to dump,copy,wipe,or delete...I did copy the
file "hjgruiwbppjnav.sys. - it is the only file with "Yes" in the Hidden
Column. How do I proceed?

Running a scan from the "Files" tab yielded 100 results, over 70 with names
like the above file...and these can be copied,wiped or deleted, but I have no
way [shoert of screen shots] to show the list...what to do here?

I'll stop here, as the other 5 tabs can be scanned and Im getting lost.
Is there something specific I should get from RootRepeal for you to advise
further?

Turns out my game not running was due to other issues, and the F drive's
existence doesn't SEEM to be a problem [your cautions welcome] so at worst I
may ignore it until the next image restore
-thanks, Tony

"The maximum number of secrets that may be stored in a single
system has been exceeded." is the Windows error message
ERROR_TOO_MANY_SECRETS.

I had no idea why MOUNTVOL comes up with it. Some googling
lead to this:
http://forum.sysinternals.com/forum_posts.asp?TID=15413

Probably you have this malware on your system.

The guy there let scan the malware at virustotal and
only some detected it:
http://www.virustotal.com/analisis/1465db77ada4b671759307e514764322

He also wrote that the tool RootRepeal can remove it:
http://rootrepeal.googlepages.com/


Uwe

...and here it is:

"MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L

path Specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.

Possible values for VolumeName along with current mount points are:

\\?\Volume{77d77992-046d-11de-902c-806d6172696f}\
C:\

\\?\Volume{bdd19a56-2ad9-11de-9d46-806d6172696f}\
D:\

\\?\Volume{77d77991-046d-11de-902c-806d6172696f}\
The maximum number of secrets that may be stored in a single system has been
exceeded.
\\?\Volume{77d77990-046d-11de-902c-806d6172696f}\
A:\"

...Don't know how relevant this is, but this is an IDE 80 Gig drive,
partitioned with 5 Gig to Win 98 "C" drive and 35 Gig to XP "D" drive.
Thanks for the Dos help Dave and Uwe, I can barely remember my first OS -
3.1 and the Autoexec and Config Sys were over my head.- glad some people
still know it.
Hope this helps - Tony

p.s. I guess the last two #s aren't identical

:

Why not open a command prompt before and enter the
commands in there? Then it stays open and you can
look at it as long as needed.

Start -> Run, enter CMD here

You can also redirect the output of console commands:

mountvol > c:\mountvol.txt

Instead to the console window the output is written
to c:\mountvol.txt. Then and you can post the text
here.


Uwe




addajio wrote:
Thanks Uwe - I have a screenshot of the MOUNTVOL command [the dos box closed
so fast that it took 15 or so times of hitting pause to catch it], but I
guess I can't attach here...Ill send it if you want. There was no mention of
E or F drives and what you described isnt quite what I saw - tho it did have
2 of the same number at the bottom, I think it was just referencing the first
number twice. There should be no F drive so I could probably go ahead and use
your command to remove it, but I'll wait to hear from you - thanks again -
Tony

:

addajio wrote:
Xp/SP2/1-CD-Rom read only drive.
This computer has never had a second drive and hardly gets used except for
older games. I have used patchs/mods/add ons from time to time.
Device manager shows 1 drive and says it is working properly.
I tried to run Soldiers: Heroes of WW2 which ran fine some months ago and
has Starforce copy protection. I have since restored this hard drive from a
Macrium Image and didn't try to run the game til today. This is the original
box game with manuals and Disk Key. A window complained "No disk found" so I
un-installed/re-installed from the E drive...same thing. Upon looking in
Windows Explorer in the tree to the left, I noticed an "E" drive and a new
"F" drive
Both drives show the contents of the game disk and both [right click on
drive and click on eject command]will Eject the CD if told to, so I know that
the F drive is some sort of virtual or image drive of the E drive, but I can
find no way to remove it. This F drive must somehow be interferring with the
E drive so I have to remove it.
Open a command prompt (Start -> Run, enter CMD here).

Enter MOUNTVOL

If the volume name (this \\?\Volume{GUID}\ thing) is
identical for E: and F: then it is ok to delete letter
F:. The command is

MOUNTVOL F: /D


Uwe

 

[addajio]

All good advice. Ill post back if I find anything illuminating - Thanks Uwe

You could upload the copy to http://www.virustotal.com and
see if you get the same or a similar result as shown before.
Maybe it's a different malware, the error message
ERROR_TOO_MANY_SECRETS sounds funny an might be used by
other malware makers too.

Delete or wipe is the right choice, copy does not change
anything.
I've never seen names like this for anything else than
malware or temporary files. Delete or wipe them all.

But you never can be sure if the cleanup was complete.
If you have a system backup from the time before the
problems came up, I would restore the system.


Uwe

...thanks for investigating. The "secrets" line puzzled me...but then Dos
puzzles me.
I am runnig Avira and Malwarebyte, both free versions, with no
notifications...and current updates.

Running RootRepeal yielded 1 Red entry of about 125 on the Drivers
tab...right cliching allows me to dump,copy,wipe,or delete...I did copy the
file "hjgruiwbppjnav.sys. - it is the only file with "Yes" in the Hidden
Column. How do I proceed?

Running a scan from the "Files" tab yielded 100 results, over 70 with names
like the above file...and these can be copied,wiped or deleted, but I have no
way [shoert of screen shots] to show the list...what to do here?

I'll stop here, as the other 5 tabs can be scanned and Im getting lost.
Is there something specific I should get from RootRepeal for you to advise
further?

Turns out my game not running was due to other issues, and the F drive's
existence doesn't SEEM to be a problem [your cautions welcome] so at worst I
may ignore it until the next image restore
-thanks, Tony

"The maximum number of secrets that may be stored in a single
system has been exceeded." is the Windows error message
ERROR_TOO_MANY_SECRETS.

I had no idea why MOUNTVOL comes up with it. Some googling
lead to this:
http://forum.sysinternals.com/forum_posts.asp?TID=15413

Probably you have this malware on your system.

The guy there let scan the malware at virustotal and
only some detected it:
http://www.virustotal.com/analisis/1465db77ada4b671759307e514764322

He also wrote that the tool RootRepeal can remove it:
http://rootrepeal.googlepages.com/


Uwe







addajio wrote:
...and here it is:

"MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L

path Specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.

Possible values for VolumeName along with current mount points are:

\\?\Volume{77d77992-046d-11de-902c-806d6172696f}\
C:\

\\?\Volume{bdd19a56-2ad9-11de-9d46-806d6172696f}\
D:\

\\?\Volume{77d77991-046d-11de-902c-806d6172696f}\
The maximum number of secrets that may be stored in a single system has been
exceeded.
\\?\Volume{77d77990-046d-11de-902c-806d6172696f}\
A:\"

...Don't know how relevant this is, but this is an IDE 80 Gig drive,
partitioned with 5 Gig to Win 98 "C" drive and 35 Gig to XP "D" drive.
Thanks for the Dos help Dave and Uwe, I can barely remember my first OS -
3.1 and the Autoexec and Config Sys were over my head.- glad some people
still know it.
Hope this helps - Tony

p.s. I guess the last two #s aren't identical

:

Why not open a command prompt before and enter the
commands in there? Then it stays open and you can
look at it as long as needed.

Start -> Run, enter CMD here

You can also redirect the output of console commands:

mountvol > c:\mountvol.txt

Instead to the console window the output is written
to c:\mountvol.txt. Then and you can post the text
here.


Uwe




addajio wrote:
Thanks Uwe - I have a screenshot of the MOUNTVOL command [the dos box closed
so fast that it took 15 or so times of hitting pause to catch it], but I
guess I can't attach here...Ill send it if you want. There was no mention of
E or F drives and what you described isnt quite what I saw - tho it did have
2 of the same number at the bottom, I think it was just referencing the first
number twice. There should be no F drive so I could probably go ahead and use
your command to remove it, but I'll wait to hear from you - thanks again -
Tony

:

addajio wrote:
Xp/SP2/1-CD-Rom read only drive.
This computer has never had a second drive and hardly gets used except for
older games. I have used patchs/mods/add ons from time to time.
Device manager shows 1 drive and says it is working properly.
I tried to run Soldiers: Heroes of WW2 which ran fine some months ago and
has Starforce copy protection. I have since restored this hard drive from a
Macrium Image and didn't try to run the game til today. This is the original
box game with manuals and Disk Key. A window complained "No disk found" so I
un-installed/re-installed from the E drive...same thing. Upon looking in
Windows Explorer in the tree to the left, I noticed an "E" drive and a new
"F" drive
Both drives show the contents of the game disk and both [right click on
drive and click on eject command]will Eject the CD if told to, so I know that
the F drive is some sort of virtual or image drive of the E drive, but I can
find no way to remove it. This F drive must somehow be interferring with the
E drive so I have to remove it.
Open a command prompt (Start -> Run, enter CMD here).

Enter MOUNTVOL

If the volume name (this \\?\Volume{GUID}\ thing) is
identical for E: and F: then it is ok to delete letter
F:. The command is

MOUNTVOL F: /D


Uwe