win32.tdss.rtk

I found it with spybot search and destroy, tried to fix it with spybot search and destroy but it still there.

Here is my HiJack log, help would be appreciated and i'll wait for you instructions .


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:50 PM, on 6/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP United States - Computers, Laptops, Servers, Printers and more
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP United States - Computers, Laptops, Servers, Printers and more
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP United States - Computers, Laptops, Servers, Printers and more
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\HmelyoffLabs\VHToolkit\Skype4COM.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8725 bytes

ComboFix 09-07-20.05 - Owner 07/21/2009 13:55.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1830 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2819622920-1267921210-1453625548-500
c:\$recycle.bin\S-1-5-21-4021726340-1805261559-3082432366-500
c:\everex\wlan\_DESKTOP.INI
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\SKYNETtobcnstc.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SKYNETbuiqqmxt.dat
c:\windows\system32\SKYNETewdqxibb.dll
c:\windows\system32\SKYNETfepvrlnj.dll
c:\windows\system32\SKYNEThnhxcusv.dat
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETxvusvsic


((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-21 21:12 . 2009-07-21 21:12 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-07-20 23:17 . 2009-07-21 20:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-20 23:17 . 2009-07-21 01:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 21:12 . 2009-07-20 21:12 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
2009-07-20 18:09 . 2009-07-20 18:14 -------- d-----w- c:\users\Owner\AppData\Roaming\Hamachi
2009-07-20 07:47 . 2009-07-21 07:23 35 ----a-w- c:\users\Owner\AppData\Roaming\SetValue.bat
2009-07-20 07:07 . 2009-07-20 07:51 -------- d-----w- c:\users\Owner\SmitfraudFix
2009-07-20 06:05 . 2009-07-20 06:05 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-19 00:47 . 2009-07-19 00:48 -------- d-----w- c:\program files\SmitfraudFix
2009-07-19 00:19 . 2009-07-19 00:19 1885088 ----a-w- c:\users\Owner\SmitfraudFix.exe
2009-07-17 22:29 . 2009-07-20 01:15 -------- d-----w- c:\users\Owner\AppData\Roaming\mIRC
2009-07-17 22:29 . 2009-07-17 22:29 -------- d-----w- c:\program files\mIRC
2009-07-17 18:44 . 2009-07-17 18:44 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-17 02:47 . 2009-07-17 02:47 -------- d-----w- c:\program files\iPod
2009-07-17 02:47 . 2009-07-17 02:47 -------- d-----w- c:\program files\iTunes
2009-07-17 02:41 . 2009-07-17 02:41 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 02:00 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 02:00 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-17 02:00 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 02:00 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-17 02:00 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-17 01:59 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-07-17 01:59 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-07-17 01:59 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-06-30 19:09 . 2009-06-30 19:09 290816 ----a-w- c:\users\Owner\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-30 19:09 . 2009-06-30 19:09 290816 ----a-w- c:\users\Owner\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-30 19:09 . 2009-06-30 19:09 290816 ----a-w- c:\users\Owner\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-30 19:09 . 2009-06-30 19:09 290816 ----a-w- c:\users\Owner\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-30 19:01 . 2009-06-30 19:01 -------- d-----w- c:\programdata\acccore
2009-06-30 19:01 . 2009-06-30 19:01 -------- d-----w- c:\program files\AIM6
2009-06-30 00:02 . 2009-06-30 00:02 -------- d-----w- c:\program files\Electronic Arts
2009-06-29 20:07 . 2009-06-29 20:07 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-29 18:47 . 2009-06-29 18:47 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-26 19:11 . 2009-07-20 07:58 -------- d-----w- c:\program files\Auslogics
2009-06-26 19:11 . 2009-06-26 19:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-06-26 19:10 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 19:10 . 2009-07-17 18:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 19:10 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-26 19:10 . 2009-06-26 19:10 -------- d-----w- c:\programdata\Malwarebytes
2009-06-26 19:01 . 2007-03-28 01:06 857600 ----a-w- c:\windows\system32\drivers\athrusb.sys
2009-06-26 19:01 . 2007-03-28 01:06 857600 ----a-w- c:\windows\system32\athrusb.sys
2009-06-26 08:19 . 2009-06-29 20:01 -------- d-----w- C:\Temp
2009-06-25 22:26 . 2009-06-26 19:08 -------- d-----w- c:\program files\Defraggler
2009-06-24 21:58 . 2009-06-24 21:58 -------- d-----w- c:\users\Owner\AppData\Local\2Wire
2009-06-24 21:57 . 2009-06-26 19:06 -------- d-----w- c:\program files\2Wire Wireless Manager
2009-06-24 21:52 . 2009-06-26 19:06 -------- d-----w- c:\programdata\2WIRE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 21:01 . 2008-05-28 03:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 20:55 . 2008-03-28 09:41 -------- d-----w- c:\programdata\NVIDIA
2009-07-21 20:34 . 2009-05-07 02:41 -------- d-----w- c:\program files\Steam
2009-07-21 07:23 . 2009-07-20 07:47 691 ----a-w- c:\users\Owner\AppData\Roaming\GetValue.vbs
2009-07-20 18:07 . 2008-08-12 06:10 -------- d-----w- c:\users\Owner\AppData\Roaming\HamachiBackup
2009-07-20 07:01 . 2008-09-15 22:19 1356 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat
2009-07-20 06:06 . 2009-01-13 05:25 -------- d-----w- c:\program files\Hamachi
2009-07-19 06:11 . 2009-06-17 00:10 -------- d-----w- c:\program files\Combat Arms
2009-07-19 05:55 . 2008-09-07 05:13 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-07-19 05:55 . 2008-09-07 05:13 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-07-19 05:31 . 2008-06-05 23:51 -------- d-----w- c:\users\Owner\AppData\Roaming\LimeWire
2009-07-17 19:14 . 2009-05-07 02:41 -------- d-----w- c:\program files\Common Files\Steam
2009-07-17 18:52 . 2009-06-30 19:19 31871 ----a-w- c:\programdata\nvModes.dat
2009-07-17 02:47 . 2008-10-30 03:39 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 02:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-01 19:17 . 2009-04-12 05:28 -------- d-----w- c:\program files\DivX
2009-06-30 19:10 . 2009-03-28 16:48 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-30 19:09 . 2009-03-28 16:48 -------- d-----w- c:\users\Owner\AppData\Roaming\SystemRequirementsLab
2009-06-30 19:01 . 2008-06-12 01:41 -------- d-----w- c:\programdata\Viewpoint
2009-06-30 19:01 . 2008-06-12 01:39 -------- d-----w- c:\program files\Common Files\AOL
2009-06-29 20:07 . 2008-03-28 09:56 -------- d-----w- c:\program files\Java
2009-06-29 18:46 . 2008-05-27 01:55 -------- d-----w- c:\program files\Trend Micro
2009-06-25 21:20 . 2008-03-28 09:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 00:10 . 2008-09-07 05:13 81920 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-06-17 00:10 . 2008-09-07 05:13 98304 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-06-17 00:10 . 2008-09-07 05:13 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-06-17 00:10 . 2008-09-07 05:13 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-06-17 00:10 . 2009-06-16 21:47 -------- d-----w- c:\programdata\PMB Files
2009-06-16 21:46 . 2009-06-16 21:46 -------- d-----w- c:\program files\Pando Networks
2009-06-15 20:56 . 2009-06-06 19:02 -------- d-----w- c:\program files\Uniblue
2009-06-15 17:28 . 2009-06-06 19:02 -------- d-----w- c:\users\Owner\AppData\Roaming\Uniblue
2009-06-15 00:30 . 2009-06-15 00:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Atari
2009-06-14 19:13 . 2009-05-25 23:54 -------- d-----w- c:\program files\HmelyoffLabs
2009-06-14 18:52 . 2009-06-14 18:51 -------- d-----w- c:\users\Owner\AppData\Roaming\Webcammax
2009-06-14 18:43 . 2009-06-14 18:37 -------- d-----w- c:\users\Owner\AppData\Roaming\ManyCam
2009-06-12 22:54 . 2009-06-12 22:51 -------- d-----w- c:\program files\GameKiss
2009-06-12 20:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-12 20:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-12 20:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-12 20:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-12 20:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-12 20:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-12 20:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-12 20:38 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-10 15:35 . 2009-06-10 15:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 15:35 . 2009-06-10 15:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 15:34 . 2009-06-10 15:34 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-06-10 13:33 . 2009-06-10 13:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 13:33 . 2009-06-10 13:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 13:33 . 2009-06-10 13:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 13:33 . 2009-06-10 13:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 13:33 . 2009-06-10 13:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 13:33 . 2009-06-10 13:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 13:32 . 2009-06-10 13:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 13:32 . 2009-06-10 13:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 13:32 . 2009-06-10 13:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 13:32 . 2009-06-10 13:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 13:31 . 2009-06-10 13:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 13:31 . 2009-06-10 13:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 13:31 . 2009-06-10 13:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 13:31 . 2009-06-10 13:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 13:29 . 2009-06-10 13:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-10 13:03 . 2009-06-10 13:03 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-06-10 13:03 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 13:03 . 2009-06-10 13:03 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 13:03 . 2009-06-10 13:03 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 02:45 . 2008-03-28 09:57 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 02:45 . 2008-05-27 01:27 -------- d-----w- c:\programdata\Microsoft Help
2009-06-06 19:24 . 2009-06-06 19:24 -------- d-----w- c:\program files\Curse
2009-06-06 19:16 . 2008-09-13 22:17 -------- d-----w- c:\program files\Realtek
2009-06-06 19:16 . 2009-06-06 19:16 -------- d-----w- c:\users\Owner\AppData\Roaming\InstallShield
2009-06-04 23:39 . 2008-03-28 09:38 457248 ----a-w- c:\windows\system32\nvuninst.exe
2009-06-03 01:38 . 2009-06-03 01:38 -------- d-----w- c:\program files\QuickTime
2009-05-29 20:36 . 2009-05-29 20:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 20:36 . 2009-05-29 20:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-28 04:05 . 2008-05-27 01:56 -------- d-----w- c:\programdata\Trend Micro
2009-05-27 03:28 . 2009-04-25 02:25 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2009-05-27 03:23 . 2008-06-25 20:51 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2009-05-24 19:56 . 2009-05-24 19:56 -------- d-----w- c:\program files\EA Games
2009-05-18 23:52 . 2009-05-18 23:52 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-14 01:55 . 2008-05-27 00:21 76568 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-09 05:50 . 2009-06-10 00:08 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 00:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-28 00:24 . 2009-03-26 01:48 164 ----a-w- c:\windows\install.dat
2009-04-23 12:15 . 2009-06-10 00:08 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 00:08 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-12 00:23 . 2008-06-19 16:20 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-05-27 01:17 . 2008-05-27 01:17 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-01 133104]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-11 1217784]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-29 497008]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-29 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-11-15 44168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-29 497008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):24,98,01,6c,9f,eb,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3F287056-BED4-4973-8EF2-7AE18F51C938}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{439E27A3-3D37-4024-9D6D-E03F4007F6BF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8CAAEB9F-8248-4471-91E5-B91F1BC209C0}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D37D44AC-8C3D-4B1C-87C2-FEFFBC29F089}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CE8D92F2-F989-425E-B74E-B181E4625298}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{74BA3048-7AC4-4876-9926-697E21A8B9B8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2E4F3330-7C5C-4309-BF1E-1C7DB3E324C7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A5D0A444-8993-402B-AE54-380AB1565F8E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B721B440-1F4E-4333-AE85-6264C9AC72E2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B2BCD807-B856-4B89-B880-FA3617CFB6D0}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{35B2B32B-049D-47C9-9D3A-8E130FBD8E7D}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{EAC38BC1-FB50-4FC9-BDA0-C2F917C8FC8B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{06BE4DD9-71BB-4C67-AAB1-A7F519C2B4D8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F83E2B82-2402-4EB9-85CF-7410A918A6FD}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{98C504C1-FF01-4D63-9080-AB7A07A11AA0}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{6C3125CF-BA00-42ED-B545-A7228BCEE2D6}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{A77DEC0B-1514-465F-BA77-D3EF14AAC277}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"TCP Query User{45871085-8126-4657-97B1-4EFA3CE737B4}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{4A6A1352-E885-4E1C-B8CF-309D7AF90279}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"TCP Query User{81C5DBA8-6F07-4FAF-90A5-CF199AA4E783}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{0817B22B-3A84-4D0C-BBB4-BD03F6A2857C}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"{3689E69C-A3D6-4931-BCC2-BCB88874179E}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{E5EC104B-BF18-4091-ADD3-E25BEEC4FA85}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"TCP Query User{034AC903-2A06-489D-9E90-F8EAA842755F}c:\\program files\\teamviewer3\\teamviewer.exe"= UDP:c:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"UDP Query User{1C087AD5-6A42-4FD1-A28D-E2CD27A8A3BF}c:\\program files\\teamviewer3\\teamviewer.exe"= TCP:c:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"{A4A8E218-465D-4D80-9C31-2BA47C5B0F6D}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{1A4D7958-FC18-4036-8AE3-B65AEB124598}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B9CC8E5A-27B3-4DC1-A019-3CE67605726A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{66F200F4-8820-4BA4-A342-315614691A02}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.1.8125-to-2.4.2.8278-enUS-downloader.exe:Blizzard Downloader
"{C171E7DC-D1E1-4F36-9E5F-EE3A682C3F5F}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.1.8125-to-2.4.2.8278-enUS-downloader.exe:Blizzard Downloader
"{72B4A89A-3B0D-42AC-BBBA-6B33E2069F7A}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{09AD03B4-FA0F-4A65-8B3C-38FEDEA8BAB5}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{0052DF65-2A26-4F43-AD61-C4D898E48D24}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe:Blizzard Downloader
"{E34CA743-B053-40EB-98B4-EAE47A0428CD}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{99ED5B14-E4C0-4CE0-848E-B5D89EFC9362}c:\\users\\owner\\appdata\\locallow\\dyyno receiver\\dppm.exe"= UDP:c:\users\owner\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"UDP Query User{30112274-70D1-4413-97BD-9AA68DBF9A4D}c:\\users\\owner\\appdata\\locallow\\dyyno receiver\\dppm.exe"= TCP:c:\users\owner\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"{EE737EED-7040-4BEF-9EB5-8190DE87ECF7}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{60E494BC-6C2C-49AE-AE16-561E5397A99B}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{194F827E-7397-4EE9-B4FD-0D8A620ED417}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{47896B57-D371-4AD5-BA88-20EC695CC675}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2F5FDD8D-A6CB-4F4E-8F40-E56B5FFABEEB}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:Blizzard Downloader
"{0F6D616E-99FA-410B-AA48-0E0E0E8777B7}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:Blizzard Downloader
"{DB4B7E08-7738-4997-9B8F-285FC8A1EA64}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{F3BE4748-1E11-426C-8F57-0A4415546979}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{93C2C16F-9062-4678-A9D6-2A53695A1A27}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{5254C05A-CC47-4DCE-AB9F-702B749587C2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C3C3143B-FCED-4F81-AED0-7EAC4DD78095}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{E6053FF9-6C75-4C8D-B597-E4A8D2799837}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{456364CD-1C0E-4590-9972-CDB881EA9750}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{D183D9C6-E05D-4581-B930-34812C04E490}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{CC1887C7-E6D0-47B8-A682-9B02F172BE8B}"= UDP:c:\program files\Combat Arms\NMService.exe:Nexon Messenger Core
"{8038BD48-CC55-4AA7-91A5-B0E5F2B60C05}"= TCP:c:\program files\Combat Arms\NMService.exe:Nexon Messenger Core
"{9AC44699-8C11-4662-94DF-D446E287D2A5}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{22EF2919-C248-4367-A0C4-437073555304}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{59497B1E-3C07-4403-8918-2368C076895A}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{696B576D-8E57-483A-BA36-1C772C0D3FC8}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{4D07E744-F250-46B1-A456-24B4A945F53C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B6A2128A-8F00-4093-A56D-E49CCAB24EC9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1C837D02-7F02-4B66-A174-F1A225E2FC43}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{29157F81-A3D7-4F07-95F9-482E0A0CD22B}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{9FB9B16C-B696-4EF8-9111-96C36E0C367B}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{FB58BD20-3306-473E-A833-4C6A1C04CABF}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\Combat Arms\\CombatArms.exe"= c:\program files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Program Files\\Combat Arms\\Engine.exe"= c:\program files\Combat Arms\Engine.exe:*Enabled:Engine.exe

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [7/29/2008 09:06 145424]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [7/20/2009 16:17 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [6/10/2009 06:33 232960]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [8/5/2008 23:42 181544]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [7/29/2008 09:06 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [5/27/2009 17:50 497008]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [7/16/2009 18:59 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [5/26/2008 18:56 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [7/29/2008 09:06 256528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/11/2008 18:41 24652]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\System32\drivers\RTS5121.sys [6/6/2009 12:16 157696]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [6/26/2009 12:01 857600]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021726340-1805261559-3082432366-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-01 06:09]

2009-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021726340-1805261559-3082432366-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-01 06:09]

2009-07-21 c:\windows\Tasks\User_Feed_Synchronization-{64C09650-D59B-494A-B504-5C5494C25A63}.job
- c:\windows\system32\msfeedssync.exe [2009-03-31 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\49ebpzeu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Owner\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\49ebpzeu.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\49ebpzeu.default\extensions\[email protected]\plugins\npDyyno.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&1fbdd9f8&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&1fbdd9f8&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&1fbdd9f8&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&1fbdd9f8&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&1fbdd9f8&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&1fbdd9f8&0&UID852224\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2800\4&1fbdd9f8&0&UID852224\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM0063\4&1fbdd9f8&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM0063\4&1fbdd9f8&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2009-07-21 14:16
ComboFix-quarantined-files.txt 2009-07-21 21:16

Pre-Run: 272,428,773,376 bytes free
Post-Run: 271,711,870,976 bytes free

371 --- E O F --- 2009-07-21 21:01

Did you refer to Spybot's advice?

Manual Removal Guide for Win32.TDSS.rtk - Safer Networking Forums

win32.tdss.rtk help! - Safer Networking Forums


Refer also -

http://www.geekstogo.com/forum/Win32-TDSS-rtk-Packed-Win32-Tdss-c-t232896.html


http://forums.techarena.in/security-home-users/1172514.htmhttp://www.geekstogo.com/forum/Win32-TDSS-rtk-Packed-Win32-Tdss-c-t232896.html