ComboFix 08-10-03.01 - Neymore 2008-10-04 12:47:36.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.246 [GMT -4:00]
Running from: C:\Documents and Settings\Neymore\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Neymore\Application Data\inst.exe
C:\WINDOWS\system32\systeminfo.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV

((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.
2008-10-03 02:22 . 2008-10-03 02:22 <DIR> d----c--- C:\rsit
2008-10-03 02:22 . 2008-10-03 02:22 <DIR> d----c--- C:\Program Files\trend micro
2008-10-03 02:12 . 2008-10-03 02:12 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-03 02:12 . 2008-10-03 02:12 <DIR> d----c--- C:\Documents and Settings\Neymore\Application Data\Malwarebytes
2008-10-03 02:12 . 2008-10-03 02:12 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-03 02:12 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-03 02:12 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-03 01:53 . 2008-10-03 01:53 <DIR> d----c--- C:\Sandbox
2008-10-03 01:52 . 2008-10-03 01:52 <DIR> d----c--- C:\Program Files\Sandboxie
2008-10-03 01:52 . 2008-10-04 12:06 1,664 --a------ C:\WINDOWS\Sandboxie.ini
2008-10-02 21:41 . 2008-10-02 21:41 <DIR> d--hsc--- C:\Documents and Settings\Neymore\PrivacIE
2008-10-02 21:27 . 2007-08-13 18:45 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-02 21:27 . 2007-08-13 18:45 78,336 --a------ C:\WINDOWS\system32\dllcache\ieencode.dll
2008-10-02 19:46 . 2008-10-02 19:46 <DIR> d----c--- C:\Program Files\MySpace
2008-10-02 19:46 . 2008-10-02 19:46 <DIR> d----c--- C:\Documents and Settings\Neymore\Application Data\MySpace
2008-09-29 02:12 . 2008-09-29 02:12 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-26 00:04 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-09-25 23:53 . 2008-09-26 00:03 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-09-25 23:53 . 2008-09-25 23:53 <DIR> d-------- C:\WINDOWS\Logs
2008-09-25 23:47 . 2008-09-25 23:47 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-23 17:38 . 2006-11-30 16:24 86,016 --a------ C:\WINDOWS\system32\custmon32.dll
2008-09-04 17:24 . 2008-09-06 13:29 <DIR> d----c--- C:\Documents and Settings\Neymore\Application Data\Yahoo!
2008-09-04 17:22 . 2008-09-29 19:58 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-09-04 17:21 . 2008-10-02 01:24 <DIR> d----c--- C:\Program Files\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-10-04 03:15 --------- dc----w C:\Documents and Settings\Neymore\Application Data\uTorrent
2008-10-04 02:56 --------- d-----w C:\Program Files\Google
2008-10-02 16:32 --------- dc----w C:\Documents and Settings\Neymore\Application Data\LimeWire
2008-09-28 06:35 --------- dc----w C:\Documents and Settings\Neymore\Application Data\Paltalk
2008-09-28 06:34 --------- dc----w C:\Program Files\Elaborate Bytes
2008-09-23 22:15 --------- dc--a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-09-23 21:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 04:38 --------- dc----w C:\Program Files\Stardock
2008-09-03 07:49 --------- dc----w C:\Program Files\Common Files\Stardock
2008-09-03 07:31 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-08-31 20:57 --------- dc----w C:\Program Files\LimeWire
2008-08-29 02:40 --------- dc----w C:\Program Files\Conduit
2008-08-29 02:36 --------- dc----w C:\Documents and Settings\Neymore\Application Data\Corel
2008-08-29 01:59 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
2008-08-29 01:43 --------- dc----w C:\Documents and Settings\Neymore\Application Data\InstallShield
2008-08-29 01:33 --------- dc----w C:\Program Files\Common Files\Adobe
2008-08-22 21:16 --------- dc----w C:\Program Files\Java
2008-08-21 19:46 --------- dc----w C:\Documents and Settings\Neymore\Application Data\Apple Computer
2008-08-21 16:59 --------- dc----w C:\Documents and Settings\Neymore\Application Data\Vso
2008-08-20 10:45 --------- dc----w C:\Documents and Settings\Neymore\Application Data\CoreCodec
2008-08-17 22:25 --------- dc----w C:\Program Files\DivX
2008-08-04 06:36 --------- dc----w C:\Documents and Settings\Neymore\Application Data\Azureus
2008-08-01 05:45 47,360 -c--a-w C:\Documents and Settings\Neymore\Application Data\pcouffin.sys
2008-07-13 05:57 286,720 ----a-w C:\WINDOWS\iun507.exe
.
------- Sigcheck -------
2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2004-08-04 08:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
2005-03-01 20:34 2068608 700e4ad3775420daa937ee3935c0d74f C:\WINDOWS\system32\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2004-08-04 08:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2005-03-01 20:59 2191104 fd4a858c7ccb63fcd8907294b4de1511 C:\WINDOWS\system32\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2004-08-04 08:00 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f 0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f 0595a363bcec5e9229d8564\sp2qfe\explorer.exe
2004-08-04 08:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 08:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-06-19 68856]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2008-09-02 716800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-19 185896]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-07-22 16:42 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-06-19 15:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a--c--- 2008-09-19 17:34 4347120 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Aim6"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.s ys [2007-04-19 194048]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-09-02 100352]
S2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [ ]
S3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [ ]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Aim6 - C:\Program Files\AIM6\aim6.exe
MSConfigStartUp-CursorFX - C:\Program Files\Stardock\CursorFX\CursorFX.exe
MSConfigStartUp-LClock - C:\Program Files\LClock\lclock.exe
MSConfigStartUp-SMrhcjvqj0e3aj - C:\Program Files\rhcjvqj0e3aj\rhcjvqj0e3aj.exe
MSConfigStartUp-SpybotSnD - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
MSConfigStartUp-Veoh - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-ViOrb - C:\Program Files\ViOrb\ViOrb.exe
MSConfigStartUp-ViStart - C:\Program Files\ViStart\ViStart.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.fxeyes.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Neymore\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Neymore\Start Menu\Programs\IMVU\Run IMVU.lnk -
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf
C:\WINDOWS\Downloaded Program Files\Manager.exe
C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 12:53:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\DOCUME~1\Neymore\LOCALS~1\temp\RtkBtMnt.exe
.
************************************************** ************************
.
Completion time: 2008-10-04 12:55:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-04 16:55:41
Pre-Run: 69,862,735,872 bytes free
Post-Run: 69,951,643,648 bytes free
193 --- E O F --- 2008-06-24 07:07:49

i also noted that when it did the reboot that the screen that said harddrive failure immenint still poped up and i had to press f1 just to get to the log on screen(this screen that pops up is before the boot screen and logon screen)

I will get one of the other mods to take a looks at you hard drive problem.

Hello master Pancake asked me to help with your hard drive issue.

Have you logged onto windows?

I need you to run chkdsk /r on your hard drive.

Click start/run/type in box cmd hit ok/then type in black box chkdsk /r and hit enter.

That is chkdsk space /r.

Do you have any clicking or ticking noise coming from your computer?

hello ty for helping me do i need to dissconnect from the internet in order to do the check? no i do not hear any beeping when i turn on the pc but i get a scree that says harddrive failure immenint and to press f1 to continue,of corse nothing bad happens when i press it, it just takes me to the screen where it lets me choose recorvery consol or my operating system.EDIT: i did the thing u said with cmd and it says this.
C:\Documents and Settings\Neymore>chkdsk /r
The type of the file system is NTFS.
Cannot lock current drive.
Chkdsk cannot run because the volume is in use by an
process. Would you like to schedule this volume to
checked the next time the system restarts? (Y/N)

should i tell it yes?

edit i wen ahead and told it yes to run at next restart, i did the restart,and that screen still comes up however the check said drive clean it did the check in all of about 3-6 sec. i think it did not really check but i may be wrong, i m now begining to belive that the screen that pops os saying that the hard drive is going to fail must have been put there by the hacker that somehow got into my pc from yahoo instant messanger. and the screen that lets me chose between the recorvery consol and my os has a new entry that is also my os but next to it it says (bootscreen) and has a time limit to chose or it pics a defualt ie(bootscreen) i need all this extra stuff and that other prob screen gone please

Yes it is possible that who ever hacked or infected your computer may of sent this false warning.

How old is this computer?You do not hear clicking coming from the computer?

chkdsk should take a little longer although this depends on your size of hard drive.