# Hidden Files not seen



## troubleshooter (Feb 6, 2008)

When I click on Show hidden or system files in folder options i am not able to see the hidden files. I can go to the hidden folders when i type the name in the address bar. Please help


----------



## Vishal Gupta (Feb 6, 2008)

Please check FAQ thread before posting your problems. It has been covered in *Point 23*:

*www.thinkdigit.com/forum/showthread.php?p=535113


----------



## troubleshooter (Feb 7, 2008)

Vishal Gupta said:


> Please check FAQ thread before posting your problems. It has been covered in *Point 23*:
> 
> *www.thinkdigit.com/forum/showthread.php?p=535113



I tried that method, but the "checkedvalue" is stuck at REG_SZ value when I delete it and try to create REG_DWORD value it says the name already exists and i am not able to create a new key. Is there some other way.


----------



## khattam_ (Feb 7, 2008)

maybe you are still infected with the virus, which led to the problem. Can you post HijackThis logfile here...


----------



## Vishal Gupta (Feb 7, 2008)

@troubleshooter
You just need to double click on it and change value to 1.


----------



## troubleshooter (Feb 8, 2008)

khattam_ said:


> maybe you are still infected with the virus, which led to the problem. Can you post HijackThis logfile here...



Here is the Hijackthis log file content

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:27 AM, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\algssl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Auto Power-on\AutoPowerOn.exe
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = *search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [AutoPowerOn] C:\Program Files\Auto Power-on\AutoPowerOn.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsServer] msfir80.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - *www.zapak.com/popcaploader/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC01BED-D289-47F8-A028-D3E8E5CCD3D8}: NameServer = 203.94.227.70,203.94.243.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED70050D-4B5A-4AAE-85AE-BCBEA0C345FF}: NameServer = 59.185.0.50 203.94.243.70
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AST Service (astcc) -  Advanced Software Technologies - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Auto Power-on & Shut-down Service (PCAutoPowerOnService) - Unknown owner - C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4927 bytes



Vishal Gupta said:


> @troubleshooter
> You just need to double click on it and change value to 1.



Tried that but it wont change.


----------



## RaghuKL (Feb 8, 2008)

*www.brothersoft.com/rrt-(remove-restrictions-tool)-download-60879.html
 also does the same job


----------



## Vishal Gupta (Feb 8, 2008)

^^ Boot into Safe Mode, run HijackThis again and fix following entries:


```
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = *search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKCU\..\Run: [MsServer] msfir80.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
```


----------



## troubleshooter (Feb 8, 2008)

RaghuKL said:


> *www.brothersoft.com/rrt-(remove-restrictions-tool)-download-60879.html
> also does the same job



No Luck



Vishal Gupta said:


> ^^ Boot into Safe Mode, run HijackThis again and fix following entries:
> 
> 
> ```
> ...



Did it but the result is the same not able to change the values in registry and when I click th radio button in folder options to show hidden files it does nothing.


----------



## pushkaraj (Feb 8, 2008)

Copy the following code to a text file and save as something like ToggleHiddenExplorerStuff.vbs
Note: The extension should be .vbs


```
' Script to toggle Windows Explorer display of hidden files,
' super-hidden files, and file name extensions

Option Explicit
Dim dblHiddenData, strHiddenKey, strSuperHiddenKey, strFileExtKey
Dim strKey, WshShell
On Error Resume Next

strKey = "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
strHiddenKey = strKey & "\Hidden"
strSuperHiddenKey = strKey & "\ShowSuperHidden"
strFileExtKey = strKey & "\HideFileExt"

Set WshShell = WScript.CreateObject("WScript.Shell")
dblHiddenData = WshShell.RegRead(strHiddenKey)

If dblHiddenData = 2 Then
	WshShell.RegWrite strHiddenKey, 1, "REG_DWORD"
	WshShell.RegWrite strSuperHiddenKey, 1, "REG_DWORD"
	WshShell.RegWrite strFileExtKey, 0, "REG_DWORD"
	WScript.Echo "Windows Explorer will show hidden files and file " & _
		"name extensions. You might need to change to another folder " & _
		"or press F5 to refresh the view for the change to take effect."

Else
	WshShell.RegWrite strHiddenKey, 2, "REG_DWORD"
	WshShell.RegWrite strSuperHiddenKey, 0, "REG_DWORD"
	WshShell.RegWrite strFileExtKey, 1, "REG_DWORD"
	WScript.Echo "Windows Explorer will not show hidden files or file " & _
		"name extensions. (These are the default settings.) You might " & _
		"need to change to another folder or press F5 to refresh the " & _
		"view for the change to take effect."

End If
```

I found that on some site. It's really helpful. When you run that file, it will toggle between Show/hide hidden files.

As for your virus problem, update your virus definitions and run a scan in safe mode.


----------



## Vishal Gupta (Feb 8, 2008)

^^ It does the same thing which I have mentioned in the registry solution.

@troubleshooter
Are you logged in as Administrator? May be you are logged in as normal user thats why you are unable to change the value?

If you are not able to change manually in registry, then try following code:


```
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\NOHIDDEN]
"CheckedValue"=dword:00000002
"DefaultValue"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
"DefaultValue"=dword:00000002
```


----------



## pushkaraj (Feb 8, 2008)

well i cant figure out how but the vbs code that i hav mentioned helped me to show the hidden files in my pc after my attempts to do so from the registry failed. After that i was able to delete some of the hidden virus files.


----------



## devil_himself (Feb 9, 2008)

Follow Post #2 In This Thread . If Didn't Help Then Follow Post #6 And Post The Results in This Thread
*forums.techguy.org/windows-nt-2000-xp/638788-hidden-files-not-showing.html


----------



## troubleshooter (Feb 9, 2008)

devil_himself said:


> Follow Post #2 In This Thread . If Didn't Help Then Follow Post #6 And Post The Results in This Thread
> *forums.techguy.org/windows-nt-2000-xp/638788-hidden-files-not-showing.html



look.bat findings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
  5c,53,48,45,4c,4c,33,32,2e,64,6c,6c,2c,34,00
"HelpID"="shell.hlp#51131"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"="0"
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"



Vishal Gupta said:


> ^^ It does the same thing which I have mentioned in the registry solution.
> 
> @troubleshooter
> Are you logged in as Administrator? May be you are logged in as normal user thats why you are unable to change the value?
> ...



It worked.

Thank you and everyone who posted here for your help.


----------



## devil_himself (Feb 9, 2008)

look.bat Findings Are Before You Applied The Reg Settings From Post #11 Or After It

--->  "CheckedValue"="0"


----------



## iMav (Feb 9, 2008)

this is a virus im infected too got it from my college pc it has a bat and autorun file in every partition and sets folder options to Do not show hidden files even if u change the registry or set it from folder options tooo; i deleted the autorun file and bat file but it still duplicates itself upon reboot .... still trying to find a solution .... multiple OSs are really helpful in such cases


----------



## Vishal Gupta (Feb 9, 2008)

troubleshooter said:


> Vishal Gupta said:
> 
> 
> 
> ...


Welcome. Glad to know it worked.


----------



## iMav (Feb 9, 2008)

ah i got my solution too :

*translate.google.com/translate?hl=...refox-a&rls=org.mozilla:en-US:official&hs=1N6 ... will check it now


----------



## Ajay Awasthi (Sep 16, 2008)

It may be a trojan infection which can be easily solved by trojan remover


----------



## Cool Joe (Sep 16, 2008)

Even I had this same problem. Fixed it. Thanks VG.
This is due to a trojan, right?


----------

