Tech Support Forum - View Single Post - [SOLVED] Error: "Windows cannot access the specified drive path or file"

nomar342 · 11-13-2008, 01:12 PM

Here is the new ComboFix Log:

-------------------------------------------

ComboFix 08-11-11.01 - Michael Farese 2008-11-13 15:02:20.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.107 [GMT -5:00]
Running from: c:\documents and settings\Michael Farese\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael Farese\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\Drivers\HNPsSdk.drv
.

((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 17:18 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-13 16:23 --------- d-----w c:\program files\Lavasoft
2008-11-13 04:08 --------- d-----w c:\documents and settings\Michael Farese\Application Data\Simply Super Software
2008-11-13 04:08 --------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-13 01:43 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-12 20:50 --------- d-----w c:\program files\PokerStars
2008-11-12 16:30 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-12 16:28 --------- d-----w c:\program files\Common Files\Adobe
2008-11-12 16:12 410,976 ----a-w c:\windows\SYSTEM32\deploytk.dll
2008-11-12 16:11 --------- d-----w c:\program files\Java
2008-11-12 15:53 --------- d-----w c:\documents and settings\Michael Farese\Application Data\Malwarebytes
2008-11-12 14:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-12 14:32 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-10 13:25 --------- d-----w c:\documents and settings\Michael Farese\Application Data\Move Networks
2008-11-07 03:56 --------- d-----w c:\program files\CAM Development
2008-11-05 19:10 --------- d-----w c:\program files\SpywareBlaster
2008-10-29 22:20 161 ----a-w c:\documents and settings\Michael Farese\xrt_log.dat
2008-10-29 13:51 --------- d-----w c:\program files\DivX
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 16:18 --------- d-----w c:\program files\Dell AIO Printer A940
2008-10-23 16:15 --------- d-----w c:\program files\Dell A940
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 13:18 --------- d-----w c:\program files\Apple Software Update
2008-10-09 23:11 --------- d-----w c:\program files\iTunes
2008-10-09 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 23:10 --------- d-----w c:\program files\iPod
2008-10-09 23:02 --------- d-----w c:\program files\QuickTime
2008-10-09 23:02 --------- d-----w c:\program files\Bonjour
2008-10-09 23:01 --------- d-----w c:\program files\Common Files\Apple
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\SYSTEM32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\SYSTEM32\libdivx.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\SYSTEM32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-08-29 14:18 87,336 ----a-w c:\windows\SYSTEM32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\SYSTEM32\dnssd.dll
2008-08-28 07:46 74,752 ----a-w c:\windows\SYSTEM32\msw3prt.dll
2008-08-28 07:46 104,960 ----a-w c:\windows\SYSTEM32\win32spl.dll
2008-08-20 05:30 666,112 ----a-w c:\windows\SYSTEM32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2008-07-21 22:47 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-04-28 18:25 29,992 ----a-w c:\documents and settings\Michael Farese\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 316728]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-05-29 1575680]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-12 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
--a------ 2003-02-17 16:00 86102 c:\program files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 06:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-05-29 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-05-29 24208]
S3 EraserUtilDrv10614;EraserUtilDrv10614;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10614.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e95d4cd-a5c0-11dd-9daf-000d56f9f620}]
\shell\p\command - Explorer URL=http://www.johnhancock.com/about/careers/recruitmentvideo.html?OTC-CareerFair-901

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baaaa86e-cb79-11dc-9d62-000d56f9f620}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-11 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\CLEANMGR.EXE [2008-04-13 19:12]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 15

01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\guard32.dll

PROCESS: c:\windows\system32\lsass.exe
-> c:\windows\system32\guard32.dll
.
Completion time: 2008-11-13 15:10:16
ComboFix-quarantined-files.txt 2008-11-13 20:09:06
ComboFix2.txt 2008-11-13 18:10:21
ComboFix3.txt 2008-11-12 16:01:16
ComboFix4.txt 2008-02-04 16:49:15

Pre-Run: 60,831,326,208 bytes free
Post-Run: 60,816,977,920 bytes free

135 --- E O F --- 2008-11-13 13:41:25

11-13-2008, 01:12 PM	#11 (permalink)
nomar342 Registered User Join Date: Dec 2007 Posts: 40 OS: XP	Re: Error: "Windows cannot access the specified drive path or file" Here is the new ComboFix Log: ------------------------------------------- ComboFix 08-11-11.01 - Michael Farese 2008-11-13 15:02:20.8 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.107 [GMT -5:00] Running from: c:\documents and settings\Michael Farese\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Michael Farese\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\system32\Drivers\HNPsSdk.drv . ((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-13 17:18 --------- d-----w c:\program files\Symantec AntiVirus 2008-11-13 16:23 --------- d-----w c:\program files\Lavasoft 2008-11-13 04:08 --------- d-----w c:\documents and settings\Michael Farese\Application Data\Simply Super Software 2008-11-13 04:08 --------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software 2008-11-13 01:43 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-12 20:50 --------- d-----w c:\program files\PokerStars 2008-11-12 16:30 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-11-12 16:28 --------- d-----w c:\program files\Common Files\Adobe 2008-11-12 16:12 410,976 ----a-w c:\windows\SYSTEM32\deploytk.dll 2008-11-12 16:11 --------- d-----w c:\program files\Java 2008-11-12 15:53 --------- d-----w c:\documents and settings\Michael Farese\Application Data\Malwarebytes 2008-11-12 14:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-11-12 14:32 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-10 13:25 --------- d-----w c:\documents and settings\Michael Farese\Application Data\Move Networks 2008-11-07 03:56 --------- d-----w c:\program files\CAM Development 2008-11-05 19:10 --------- d-----w c:\program files\SpywareBlaster 2008-10-29 22:20 161 ----a-w c:\documents and settings\Michael Farese\xrt_log.dat 2008-10-29 13:51 --------- d-----w c:\program files\DivX 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 16:18 --------- d-----w c:\program files\Dell AIO Printer A940 2008-10-23 16:15 --------- d-----w c:\program files\Dell A940 2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-16 13:18 --------- d-----w c:\program files\Apple Software Update 2008-10-09 23:11 --------- d-----w c:\program files\iTunes 2008-10-09 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-09 23:10 --------- d-----w c:\program files\iPod 2008-10-09 23:02 --------- d-----w c:\program files\QuickTime 2008-10-09 23:02 --------- d-----w c:\program files\Bonjour 2008-10-09 23:01 --------- d-----w c:\program files\Common Files\Apple 2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll 2008-09-19 21:55 200,704 ----a-w c:\windows\SYSTEM32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\SYSTEM32\libdivx.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys 2008-09-10 01:14 1,307,648 ----a-w c:\windows\SYSTEM32\msxml6.dll 2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll 2008-08-29 14:18 87,336 ----a-w c:\windows\SYSTEM32\dns-sd.exe 2008-08-29 13:53 61,440 ----a-w c:\windows\SYSTEM32\dnssd.dll 2008-08-28 07:46 74,752 ----a-w c:\windows\SYSTEM32\msw3prt.dll 2008-08-28 07:46 104,960 ----a-w c:\windows\SYSTEM32\win32spl.dll 2008-08-20 05:30 666,112 ----a-w c:\windows\SYSTEM32\wininet.dll 2008-08-14 10:11 2,189,184 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe 2008-08-14 09:33 2,066,048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe 2008-07-21 22:47 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2008-04-28 18:25 29,992 ----a-w c:\documents and settings\Michael Farese\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 316728] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-05-29 1575680] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-12 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= c:\windows\system32\guard32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940] --a------ 2003-02-17 16:00 86102 c:\program files\Dell AIO Printer A940\dlbabmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2004-07-19 06:51 306688 c:\program files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-05-29 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-05-29 24208] S3 EraserUtilDrv10614;EraserUtilDrv10614;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10614.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e95d4cd-a5c0-11dd-9daf-000d56f9f620}] \shell\p\command - Explorer URL=http://www.johnhancock.com/about/careers/recruitmentvideo.html?OTC-CareerFair-901 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baaaa86e-cb79-11dc-9d62-000d56f9f620}] \Shell\AutoRun\command - G:\LaunchU3.exe -a Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-11 c:\windows\Tasks\Disk Cleanup.job - c:\windows\SYSTEM32\CLEANMGR.EXE [2008-04-13 19:12] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-13 1501 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:\windows\system32\winlogon.exe -> c:\windows\system32\guard32.dll PROCESS: c:\windows\system32\lsass.exe -> c:\windows\system32\guard32.dll . Completion time: 2008-11-13 15:10:16 ComboFix-quarantined-files.txt 2008-11-13 20:09:06 ComboFix2.txt 2008-11-13 18:10:21 ComboFix3.txt 2008-11-12 16:01:16 ComboFix4.txt 2008-02-04 16:49:15 Pre-Run: 60,831,326,208 bytes free Post-Run: 60,816,977,920 bytes free 135 --- E O F --- 2008-11-13 13:41:25