...everything listed in the previous thread, apologies for not replying sooner.

Original thread
http://forums.spybot.info/showthread.php?t=31482

Failed ComboFix


ComboFix 08-08-13.02 - Computer 2008-08-14 21:09:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.676 [GMT 8:00]
Running from: C:\Documents and Settings\Computer\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\yKRegiqH.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-11 17:17 . 2008-08-11 17:17 106 --a------ C:\delete.bat
2008-07-31 15:56 . 2008-07-31 16:05 <DIR> d-------- C:\NoLopBackups
2008-07-26 15:13 . 2008-07-26 15:13 169 --a------ C:\WINDOWS\RtlRack.ini
2008-07-25 18:20 . 2008-07-25 18:22 <DIR> d-------- C:\Program Files\EarthView
2008-07-25 18:20 . 2008-07-25 18:20 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\DeskSoft
2008-07-25 18:20 . 2008-07-25 18:20 102,400 --a------ C:\WINDOWS\EarthView.scr
2008-07-24 18:43 . 2008-07-24 18:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 00:00 . 2008-07-24 00:01 <DIR> d-------- C:\Program Files\Crazy Machines II
2008-07-23 23:59 . 2008-01-29 18:53 782,336 -ra------ C:\WINDOWS\system32\tmpB8.tmp
2008-07-23 23:59 . 2008-01-29 18:53 782,336 -ra------ C:\WINDOWS\system32\tmpB7.tmp
2008-07-19 20:43 . 2008-07-19 20:43 0 --a------ C:\WINDOWS\system32\6kr8145h.exe.a_a
2008-07-19 18:27 . 2008-08-14 17:11 80,898 --a------ C:\WINDOWS\system32\6kr8145h.exe
2008-07-19 17:57 . 2008-07-19 17:56 29,760 --a------ C:\WINDOWS\system32\oKC04kco.exe
2008-07-19 17:57 . 2008-07-19 17:57 0 --a------ C:\WINDOWS\system32\oKC04kco.exe.a_a
2008-07-19 16:34 . 2008-07-18 19:15 36,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-19 16:31 . 2008-07-19 16:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 16:31 . 2008-07-19 16:31 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\Malwarebytes
2008-07-19 16:31 . 2008-07-19 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-19 16:31 . 2008-07-18 19:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 06:49 --------- d-----w C:\Program Files\Soulseek
2008-07-31 10:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 10:36 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-31 10:35 --------- d-----w C:\Program Files\Apple Software Update
2008-07-31 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlazeVideo
2008-07-23 15:59 --------- d-----w C:\Program Files\OpenAL
2008-07-23 15:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 15:58 --------- d-----w C:\Program Files\AGEIA Technologies
2008-07-22 08:39 --------- d-----w C:\Program Files\DC++
2008-07-21 17:14 --------- d-----w C:\Documents and Settings\Computer\Application Data\SPORE Creature Creator
2008-07-18 07:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-23 07:45 --------- d-----w C:\Program Files\Electronic Arts
2008-01-08 23:51 47,360 ----a-w C:\Documents and Settings\Computer\Application Data\pcouffin.sys
2007-09-12 06:53 22,328 ----a-w C:\Documents and Settings\Computer\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-28 05:48 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 20:06 167368]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-05-20 18:13 188416]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"SoundMan"="SOUNDMAN.EXE" [2003-12-18 14:00 64512 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\Computer\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-21 02:41 33792 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f7990e5-ce69-11dc-ba88-000d61754d8e}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Computer\Application Data\Mozilla\Firefox\Profiles\6helajcr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 21:13:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-08-14 21:18:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 13:18:34
ComboFix2.txt 2008-08-14 04:15:29

Pre-Run: 71,871,369,216 bytes free
Post-Run: 71,886,618,624 bytes free

127 --- E O F --- 2007-12-27 03:56:23


Fresh Hijack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:09 PM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\Computer\LOCALS~1\Temp\2x7xr0r7.exe
c:\windows\temp\2x7xr0r7.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.178.162:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\yKRegiqH.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4696 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

I will see if I can help, but first some information for you.

Blade81 would have been glad to keep the topic open if you could not respond for some reason if you had simply let him know.

Please make sure you read and follow the directions pinned (sticky) to the top of the forum and posted above, including this one:

All logs should be copy/pasted into topic and not attached unless requested by helper in that format.
Do NOT quote or code the logs, it does not help.

I will take a moment to remind you of the polocy here at Safer Networking. While I don't see this running, it is installed on your computer:
C:\Program Files\Soulseek
http://forums.spybot.info/showthread.php?t=282

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

Do you know what these are? I will ask CFScript to remove them if you do not. If you are positive they are valid, remove them when you create the CFScript.
C:\DOCUME~1\Computer\LOCALS~1\Temp\2x7xr0r7.exe
c:\windows\temp\2x7xr0r7.exe

(follow these instructions carefully)

Open notepad and copy/paste the text in the codebox below into it:


File::
c:\windows\temp\2x7xr0r7.exe
C:\DOCUME~1\Computer\LOCALS~1\Temp\2x7xr0r7.exe
C:\WINDOWS\system32\yKRegiqH.dll
C:\WINDOWS\RtlRack.ini
C:\WINDOWS\system32\tmpB8.tmp
C:\WINDOWS\system32\tmpB7.tmp
C:\WINDOWS\system32\6kr8145h.exe.a_a
C:\WINDOWS\system32\6kr8145h.exe
C:\WINDOWS\system32\oKC04kco.exe
C:\WINDOWS\system32\oKC04kco.exe.a_a

Folder::
C:\NoLopBackups

Save this as CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks

Thanks/Sorry

combo

ComboFix 08-08-13.02 - Computer 2008-08-20 16:04:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.695 [GMT 8:00]
Running from: C:\Documents and Settings\Computer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Computer\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\Computer\LOCALS~1\Temp\2x7xr0r7.exe
C:\WINDOWS\RtlRack.ini
C:\WINDOWS\system32\6kr8145h.exe
C:\WINDOWS\system32\6kr8145h.exe.a_a
C:\WINDOWS\system32\oKC04kco.exe
C:\WINDOWS\system32\oKC04kco.exe.a_a
C:\WINDOWS\system32\tmpB7.tmp
C:\WINDOWS\system32\tmpB8.tmp
C:\WINDOWS\system32\yKRegiqH.dll
c:\windows\temp\2x7xr0r7.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\NoLopBackups
C:\NoLopBackups\B4E4D8E0822B5404.job.01.infected
C:\WINDOWS\RtlRack.ini
C:\WINDOWS\system32\6kr8145h.exe
C:\WINDOWS\system32\6kr8145h.exe.a_a
C:\WINDOWS\system32\oKC04kco.exe
C:\WINDOWS\system32\oKC04kco.exe.a_a
C:\WINDOWS\system32\tmpB7.tmp
C:\WINDOWS\system32\tmpB8.tmp
C:\WINDOWS\system32\yKRegiqH.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.

2008-08-19 02:07 . 2008-08-19 02:07 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-08-11 17:17 . 2008-08-11 17:17 106 --a------ C:\delete.bat
2008-07-25 18:20 . 2008-07-25 18:22 <DIR> d-------- C:\Program Files\EarthView
2008-07-25 18:20 . 2008-07-25 18:20 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\DeskSoft
2008-07-25 18:20 . 2008-07-25 18:20 102,400 --a------ C:\WINDOWS\EarthView.scr
2008-07-24 18:43 . 2008-07-24 18:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 00:00 . 2008-07-24 00:01 <DIR> d-------- C:\Program Files\Crazy Machines II

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 18:08 --------- d-----w C:\Documents and Settings\Computer\Application Data\U3
2008-07-31 10:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 10:36 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-31 10:35 --------- d-----w C:\Program Files\Apple Software Update
2008-07-31 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlazeVideo
2008-07-23 15:59 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-23 15:59 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-23 15:59 --------- d-----w C:\Program Files\OpenAL
2008-07-23 15:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 15:58 --------- d-----w C:\Program Files\AGEIA Technologies
2008-07-22 08:39 --------- d-----w C:\Program Files\DC++
2008-07-21 17:14 --------- d-----w C:\Documents and Settings\Computer\Application Data\SPORE Creature Creator
2008-07-19 08:34 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 08:31 --------- d-----w C:\Documents and Settings\Computer\Application Data\Malwarebytes
2008-07-19 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-18 11:15 36,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-18 11:15 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 07:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-26 13:11 119,000 ----a-w C:\WINDOWS\system32\w32tm.dll
2008-06-23 07:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-23 07:45 --------- d-----w C:\Program Files\Electronic Arts
2008-01-08 23:51 47,360 ----a-w C:\Documents and Settings\Computer\Application Data\pcouffin.sys
2007-09-12 06:53 22,328 ----a-w C:\Documents and Settings\Computer\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-28 05:48 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 20:06 167368]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-05-20 18:13 188416]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"SoundMan"="SOUNDMAN.EXE" [2003-12-18 14:00 64512 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-12 04:04 190696]

C:\Documents and Settings\Computer\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-21 02:41 33792 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 16:10:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-20 16:13:30
ComboFix-quarantined-files.txt 2008-08-20 08:13:13
ComboFix2.txt 2008-08-14 13:18:38
ComboFix3.txt 2008-08-14 04:15:29

Pre-Run: 66,674,233,344 bytes free
Post-Run: 66,950,602,752 bytes free

130 --- E O F --- 2007-12-27 03:56:23

hijak

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:40 PM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.178.162:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4830 bytes

Thanks for returning your information, proceed like this.

1) C:\Program Files\Java\jre1.6.0_01\ <<< update your Java program, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may results in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Tell me how your computer is running now.

Thanks