There isn't any log file. The only way to see what chkdsk did is to watch it and see what it does. That can take a lot of time, and be a real yawn! Rerunning chkdsk now won't tell you anything, because anything chkdsk had corrected is no longer incorrect.

Now, if you have run chkdsk, run another ComboFix log. I want to see if the strange folder is now gone. The FOUND.xxx folders may remain, because those are created when the disk operating system finds an orphaned cluster, and saves it to those folders in the hope that the user can figure out what they are and save any that are useful.

If we still have issues, we will need to check the hard drive hardware itself, and I'll give you instructions for doing that after I see the ComboFix log. There is a real possibility that your hard drive is failing, and that can easily be the cause of the strange folders/files. Large numbers of disk errors are an almost sure hint that the drive is going to fail completely in the near future.

Hi PCB..

I am confused.
I don't know what happens, but I could not see those folders, ie. FOUND.XXX under C:\ even though I've set the folder option to 'show hidden files and folders'.
However when i do a search, it shows me that those files are in C:\Qoobox\Quarantine\C.
I don't think that I have Qoobox software/ application in my PC. Should I delete those FOUND.XXX folders?

Here is the ComboFix log..

ComboFix 08-05-27.4 - gan 2008-06-01 0:11:18.9 - FAT32x86
Running from: C:\Documents and Settings\gan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-31 22:07 . 2008-05-31 22:07 <DIR> d-------- C:\Documents and Settings\gan\Application Data\Media Player Classic
2008-05-31 22:06 . 2008-05-31 22:06 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-27 21:05 . 2008-05-27 21:05 <DIR> d-------- C:\Documents and Settings\gan\Application Data\GRETECH
2008-05-27 21:05 . 2008-05-27 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-25 09:32 . 2008-05-25 09:32 <DIR> d--hs---- C:\FOUND.005
2008-05-25 08:39 . 2008-05-25 08:39 <DIR> d--hs---- C:\FOUND.004
2008-05-24 21:27 . 2008-05-24 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ArcSoft
2008-05-24 21:08 . 2008-05-24 21:08 <DIR> d-------- C:\Documents and Settings\gan\Application Data\ArcSoft
2008-05-24 21:01 . 2008-05-24 21:01 26 --a------ C:\UpdaterforApp.ini
2008-05-24 21:00 . 2008-05-24 21:00 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-05-24 21:00 . 2007-02-13 11:22 126,976 --a------ C:\WINDOWS\system32\MediaImpression Slideshow.scr
2008-05-24 21:00 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-05-24 20:59 . 2008-05-24 20:59 <DIR> d-------- C:\WINDOWS\system32\MediaImpression Slideshow
2008-05-24 20:59 . 2008-05-24 20:59 <DIR> d-------- C:\Documents and Settings\gan\Application Data\Panasonic
2008-05-24 20:57 . 2008-05-24 20:57 <DIR> d-------- C:\Program Files\Panasonic
2008-05-24 20:57 . 2005-03-07 19:44 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-05-24 20:56 . 2008-05-24 20:57 <DIR> d-------- C:\Documents and Settings\gan\Application Data\InstallShield
2008-05-21 20:45 . 2008-05-21 20:45 <DIR> d--hs---- C:\FOUND.003
2008-05-15 21:51 . 2008-05-15 21:51 <DIR> d--hs---- C:\FOUND.002
2008-05-05 00:11 . 2008-05-05 00:11 <DIR> d--hs---- C:\FOUND.001
2008-05-01 10:20 . 2008-05-01 10:20 472 --a------ C:\WINDOWS\system32\BPEDHKKFSHZ.reg
2008-04-29 21:07 . 2008-04-29 21:07 244 --ah----- C:\sqmnoopt17.sqm
2008-04-29 21:07 . 2008-04-29 21:07 232 --ah----- C:\sqmdata17.sqm
2008-04-29 20:49 . 2008-04-29 20:49 <DIR> d--hs---- C:\FOUND.000
2008-04-26 22:30 . 2008-04-26 22:30 <DIR> d-------- C:\Documents and Settings\gan\Application Data\funkitron
2008-04-26 15:40 . 2008-05-21 23:46 1,056 --a------ C:\tesvlog.lvr
2008-04-18 21:31 . 2008-04-18 21:31 <DIR> d-------- C:\Documents and Settings\Administrator.GAN.000\Application Data\OnlineArmor
2008-04-18 21:31 . 2008-04-18 21:31 <DIR> d-------- C:\Documents and Settings\Administrator.GAN.000\Application Data\AVG7
2008-04-14 21:53 . 2003-08-20 14:45 <DIR> d-------- C:\Documents and Settings\Administrator.GAN.000\WINDOWS
2008-04-14 21:53 . 2003-08-20 15:32 <DIR> d---s---- C:\Documents and Settings\Administrator.GAN.000\UserData
2008-04-14 21:53 . 2008-04-14 21:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAN.000
2008-04-14 21:27 . 2003-08-20 14:45 <DIR> d-------- C:\Documents and Settings\Administrator.GAN\WINDOWS
2008-04-14 21:27 . 2003-08-20 15:32 <DIR> d---s---- C:\Documents and Settings\Administrator.GAN\UserData
2008-04-14 21:27 . 2008-04-14 21:27 <DIR> d-------- C:\Documents and Settings\Administrator.GAN
2008-04-14 20:24 . 2008-04-14 20:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-14 20:22 . 2003-08-20 14:45 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-14 20:22 . 2003-08-20 15:32 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-14 20:22 . 2008-04-14 20:22 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-14 19:26 . 2008-04-14 19:26 <DIR> d-------- C:\Program Files\Tall Emu
2008-04-14 19:26 . 2008-04-14 19:26 <DIR> d-------- C:\OnlineArmor
2008-04-14 19:26 . 2008-04-14 19:27 <DIR> d-------- C:\Documents and Settings\gan\Application Data\OnlineArmor
2008-04-14 19:26 . 2008-04-14 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-04-14 19:26 . 2008-03-23 10:21 80,072 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-04-14 19:26 . 2008-03-23 10:21 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-04-14 19:26 . 2008-03-23 10:21 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-04-13 18:50 . 2008-04-13 18:50 <DIR> d-------- C:\Program Files\Thunder Network
2008-04-10 19:51 . 2008-04-10 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 22:23 . 2008-04-09 22:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-09 22:23 . 2008-04-09 22:23 <DIR> d-------- C:\Documents and Settings\gan\Application Data\Malwarebytes
2008-04-09 22:23 . 2008-04-09 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-09 21:54 . 2008-04-09 21:54 <DIR> d-------- C:\Program Files\CCleaner
2008-04-06 01:04 . <DIR> C:\WINDOWS\¿ÆÁÖ·¨ÓïÈÕ³£ÓÃÓï
2008-04-06 01:04 . <DIR> C:\Program Files\¿ÆÁÖ·¨ÓïÈÕ³£ÓÃÓï
2008-04-06 00:32 . 2006-02-23 05:30 258,048 --a------ C:\WINDOWS\ctpu.exe
2008-04-06 00:32 . 2006-02-23 05:30 196,608 --a------ C:\WINDOWS\ResENU.PPC.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 17:04 --------- d-----w C:\Program Files\¿ÆÁÖ·¨ÓïÈÕ³£ÓÃÓï
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 10:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-26 11:59 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-26 11:59 294,912 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot_2008-05-26_23.01.16.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 12:55:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-31 14:55:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-01-09 13:59:52 278,528 ----a-w C:\WINDOWS\system32\Pncrt.dll
+ 2008-04-28 03:00:00 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2008-01-09 13:59:54 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-04-28 03:00:00 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2008-01-09 13:59:54 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-04-28 03:00:00 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-01-09 14:00:08 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-04-28 03:00:00 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-23 18:51 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-23 18:44 610304]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00 455168]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 20:25 579584]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-03-23 10:21 5519424]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 14:14 98616]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe" [2003-09-16 19:01 32881]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-02 23:30 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\Explorer.exe"=

R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-03-23 10:21]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-03-23 10:21]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-03-23 10:21]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2004-10-15 10:46]
R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 14:14]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 14:01]
S2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2008-03-23 10:21]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;C:\WINDOWS\system32\DRIVERS\tnet1130x.sys []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [2006-06-05 11:32]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
conime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81010eb7-0b5d-11dc-b4fd-101111111111}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 00:15:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

C:\WINDOWS\EXPLORER.EXE [1988] 0x83545DA0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Completion time: 2008-06-01 0:15:50
ComboFix-quarantined-files.txt 2008-05-31 16:15:46
ComboFix5.txt 2008-04-29 14:14:56
ComboFix4.txt 2008-05-18 04:51:34
ComboFix3.txt 2008-05-26 15:01:34
ComboFix2.txt 2008-05-28 15:19:48

Pre-Run: 13,437,796,352 bytes free
Post-Run: 13,495,762,944 bytes free

163 --- E O F --- 2008-05-28 15:39:27

Hi,

We are going to have to test your hard drive's hardware. You still have some strange named folders, and I want to make sure that your hard drive is working properly before I force delete them. And, another one appeared in this ComboFix run as well, that bothers me.

C:\qoobox is the quarantine used by ComboFix, so don't worry about that. Hold off on deleting the FOUND.xxx folders, because I am definitely seeing malware on your system now, and I'll force delete those folders after we test your hard drive and then do one additional thing before removing the malware. What I will want to do if your hard drive is working correctly is change the hard drive format to NTFS.

First, let's test the hard drive.

Determine what brand hard drive you have. Unless you happen to know that information, the easiest way to find out is simply to look at the drive itself, and the manufacturer's name will be on a label on the top of the drive. To do this, turn off your computer, unplug it from the wall and wait an hour. Then open the case and you should have a clear view of the hard drive. Alternatively, the drive's manufacturer may be listed in Device Manager. The manufacturer will be either:

Maxtor
Western Digital
Seagate
Hitachi (or IBM for older Hitachi drives)
Samsung

There are a couple of more minor manufacturers, but those are the "big-5" with over a 90% market share.

Once you know who made the drive, close the case and plug the system back into the wall.

Now, go to the manufacturer's web site. Under Downloads or Support, etc., you will find the manufacturer's hard drive diagnostics. You should find two versions, one that creates a bootable floppy, the other that creates a bootable CD. Pick one or the other, whichever is more convenient. Then create the bootable disk following the manufacturer's instructions, boot from the disk, and run the diagnostics - there are usually two of them, a Quick one and a much longer Complete one. Run the Quick one first, and if there are no errors, run the Complete one. It isn't necessary to run the Complete one if the Quick one shows errors. Post what you discover.

If you decide to download the CD version, that will be an iso file. To burn an .iso file, you need to use something like Nero, and do an image burn. If you do a regular burn the CD won't work. Alternatively, you can grab a free .iso burner here:

http://isorecorder.alexfeinman.com/isorecorder.htm

Watch the versions, v1 is for doing the burn on an XP SP1 system, v2 for XP SP2. After you download the file, right click on it, and choose Install from the context menu. That will install the .iso burner. You may need to reboot.

After that, navigate to the .iso file, right click on it and there will be a new context menu item called something like "Copy file to CD". Use that, and it will correctly burn the .iso file for you.

Hi PCB..

Hmm.. I'm not confidence enough to open up the case.
Anyway, I've went through the whole list, but I can't find the manufacturer information in Device Manager, could you please guide me?
(Or, is there any software that can detect the hard drive by a touch of a mouse? )

Again, thank you very much for your kind assistance.
Wish you have a great weekend!

Regards,
girl17

Hi PCB, how are you recently?
You know what, I decided to buy a new PC. =)
So.. you may close this topic for time being.
Anyway, I really appeaciate for kind assistance. =)

Good day to you!