Folders Are Disappearing From Hard drive

Timneedshelp · 06-30-2009, 02:21 PM

Good afternoon I'd really appreciate some help with my computer. The day before yesterday I noticed that some of my folders had disappeared from my hard drive. I run Trend Micro Internet Security 2007 and have conducted a couple of scan with no viruses found.

To test the system I created a new file folder on my C drive via file explorer and moved some data into it. When I reboot my computer the new folder shows up in file explorer briefly and then appears to be deleted. I checked the amount of used space prior to adding the test folder and after I added it. I also check the used space after the test folder was deleted and it looks like the folder is removed completely as the used space drops back to the original value before the test folder was added.

I don't download cracked programs but I did recently download a P2P movie with utorrent. I've learned my lesson after reading your forums and have deleted utorrent from my system.

I'm not sure what to do next.

Please find DDS.txt below:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Tim at 10:54:45.03 on 30/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.347 [GMT -6:00]

AV: Trend Micro PC-cillin Internet Security 2007 *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
D:\1111 C backup\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://sympatico.msn.ca/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://start.shaw.ca/start/enca/addons/search/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ASUS Probe] c:\program files\asus\probe\AsusProb.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
Trusted Zone: sharepointsite.net\aicheprojects
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {61A54BB0-F380-446F-8727-9AEA23711471} - hxxp://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220412918890
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://download.playfirst.com/play/game/dreamchronicles/dreamweb.1.0.0.10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\tax\2007\program files\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\tax\2008\ic2008pp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\aryxnv9w.default\
FF - component: c:\documents and settings\tim\application data\mozilla\firefox\profiles\aryxnv9w.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-29 28544]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PFModNT.sys [2006-8-11 8192]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-3-7 480784]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-3-7 943696]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-7 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-3-7 566872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-6-29 604416]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-6-22 114024]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-7 288848]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-6-13 234888]
S2 gupdate1c9b013acb90b0;Google Update Service (gupdate1c9b013acb90b0);c:\program files\google\update\GoogleUpdate.exe [2009-3-28 133104]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-5-14 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-5-14 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-5-14 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-5-14 747912]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-5-14 948616]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-06-29 17:34 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-06-29 17:34 28,928 a------- c:\windows\system32\uxtuneup.dll
2009-06-29 17:34 361,216 a------- c:\windows\system32\TuneUpDefragService.exe
2009-06-29 17:34 <DIR> --d----- c:\docume~1\tim\applic~1\TuneUp Software
2009-06-29 17:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-06-29 17:33 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-06-29 17:33 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-29 14:35 <DIR> --d----- C:\Log
2009-06-29 14:29 <DIR> --d----- c:\documents and settings\all users\CrypKey
2009-06-29 14:28 1,207,808 a------- c:\windows\system32\PhoenixDll.dll
2009-06-29 14:28 178,176 a------- c:\windows\system32\StellarProfile.dll
2009-06-29 14:15 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-29 13:58 6,200 a------- c:\windows\system32\INT13EXT.VXD
2009-06-29 13:58 <DIR> --d----- c:\program files\PC Inspector File Recovery
2009-06-29 10:31 <DIR> --d----- c:\program files\Seagate
2009-06-28 22:52 4,096 a--sh--- C:\Thumbs.db
2009-06-28 22:38 4,958,588 a------- c:\windows\{00000005-00000000-00000007-00001102-00000004-20021102}.BAK
2009-06-27 21:55 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-26 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BOINC
2009-06-22 21:11 114,024 a------- c:\windows\system32\drivers\keyscrambler.sys
2009-06-13 21:43 <DIR> --d----- c:\program files\iWin
2009-06-13 21:11 <DIR> --d----- c:\program files\AskBarDis
2009-06-10 13:47 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 13:47 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-06 16:06 <DIR> --d----- c:\program files\iPod
2009-06-06 16:05 <DIR> --d----- c:\program files\iTunes
2009-06-06 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-06 16:04 <DIR> --d----- c:\program files\Bonjour
2009-06-06 16:00 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-06 16:00 39,424 a------- c:\windows\system32\drivers\usbaapl.sys

==================== Find3M ====================

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 23:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 15:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 15:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 15:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 15:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 15:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 15:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 15:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-05-27 23:24 0 a------- c:\program files\temp01
2004-03-11 14:27 40,960 a------- c:\program files\Uninstall_CDS.exe
2006-05-03 04:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 05:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 07:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-05-10 23:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051020080511\index.dat

============= FINISH: 10:55:15.04 ===============

**amateur** · 07-27-2009, 06:40 AM

Hello and welcome to TSF.

Apologies for the long delay in response. Since it has been a while you posted, if you still require assistance, please provide us with a new set of logs in a new topic as this one shall be closed.

New Instructions - Read This Before Posting for Malware Removal Help

07-27-2009, 06:40 AM	#2 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,278 OS: XP SP3	Re: Folders Are Disappearing From Hard drive Hello and welcome to TSF. Apologies for the long delay in response. Since it has been a while you posted, if you still require assistance, please provide us with a new set of logs in a new topic as this one shall be closed. New Instructions - Read This Before Posting for Malware Removal Help __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006