I installed Norton and ran the scan. it detects that my computer has w32.spybot.worm virus. How can i remove it? I am using windows vista. thank you in advance!

Infamous Norton has the manual removal here:
http://www.symantec.com/security_re...

Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

i tried that manual removal on symantec.com, but it doesn't work. also, whenever i tried to open windows explorer, it crashes. My desktop and taskbar everything r gone.

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Hijack This log::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:49, on 8/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEUser.exe
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\helppane.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
c:\Users\cheapiedevil\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yayxuss.dll,#1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\CHEAPI~1\AppData\Local\Temp\byvsr.dll,#1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [BMb5094cf6] Rundll32.exe "C:\Users\CHEAPI~1\AppData\Local\Temp\ilueougo.dll",s
O4 - HKCU\..\Run: [b63a7f6a] rundll32.exe "C:\Users\CHEAPI~1\AppData\Local\Temp\fntrrjpk.dll",b
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/res...
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Drive...
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_ins...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWXZYTouchPad - Unknown owner - C:\Windows\jwpad.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod ?? (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12542 bytes

ComboFix log::

ComboFix 08-03-08.1 - cheapiedevil 2008-03-08 19:11:25.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1005 [GMT -8:00]
Running from: C:\Users\cheapiedevil\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\Users\cheapiedevil\AppData\Roaming\macromedia\Flash Player\#SharedObjects\5UH49CYL\www.broadcaster.com
C:\Users\cheapiedevil\AppData\Roaming\macromedia\Flash Player\#SharedObjects\5UH49CYL\www.broadcaster.com\played_list.sol
C:\Users\cheapiedevil\AppData\Roaming\macromedia\Flash Player\#SharedObjects\5UH49CYL\www.broadcaster.com\video_queue.sol
C:\Users\cheapiedevil\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Users\cheapiedevil\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Windows\system32\fcyxwxv.dll
C:\Windows\system32\iifeefe.dll
C:\Windows\system32\yayxuss.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 16:05 . 2007-12-24 17:37 138,384 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-03-08 16:05 . 2007-12-24 17:37 52,496 --a------ C:\Windows\System32\drivers\tmactmon.sys
2008-03-08 16:05 . 2007-12-24 17:37 52,240 --a------ C:\Windows\System32\drivers\tmevtmgr.sys
2008-03-08 16:00 . 2008-03-08 16:06 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Registry Booster
2008-03-08 15:51 . 2008-03-08 15:51 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Uniblue
2008-03-08 14:47 . 2008-03-08 14:47 <DIR> d-------- C:\ProgramData\Trend Micro
2008-03-08 14:47 . 2008-03-08 14:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-08 14:02 . 2008-03-08 14:02 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-03-08 12:51 . 2008-03-08 13:01 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Symantec
2008-03-08 12:04 . 2008-03-08 12:16 <DIR> d-------- C:\Program Files\RegCure
2008-03-08 11:58 . 2008-03-08 11:58 <DIR> d-------- C:\Program Files\Uniblue
2008-03-07 15:54 . 2008-03-07 15:54 0 --a------ C:\Windows\Irremote.ini
2008-03-07 13:25 . 2008-03-07 13:30 167,936 --a------ C:\Windows\System32\drivers\riode32.sys
2008-03-07 13:25 . 2008-03-07 13:30 159,744 --a------ C:\onhtp.exe
2008-03-07 13:25 . 2008-03-07 13:30 51,200 --a------ C:\rsvlqer.exe
2008-03-07 13:25 . 2008-03-07 13:25 37,376 --a------ C:\Windows\mrofinu1535.exe.tmp
2008-03-07 13:25 . 2008-03-07 13:30 2 --a------ C:\-1237680187
2008-03-07 13:06 . 2008-03-07 13:06 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Nero
2008-03-07 13:02 . 2008-03-07 16:36 <DIR> d-------- C:\ProgramData\Nero
2008-03-07 13:02 . 2008-03-07 13:51 <DIR> d-------- C:\Program Files\Nero
2008-03-07 13:02 . 2008-03-07 16:39 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-07 12:18 . 2008-03-07 12:18 26 --a------ C:\Windows\dvdSanta.INI
2008-03-07 12:15 . 2008-03-07 12:15 <DIR> d-------- C:\TempDVD
2008-03-07 12:14 . 2008-03-07 12:21 <DIR> d-------- C:\Program Files\dvdSanta
2008-03-07 12:07 . 2008-03-07 12:07 <DIR> d-------- C:\Click to DVD 2
2008-03-03 21:25 . 2008-03-03 21:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 21:24 . 2008-03-03 21:24 <DIR> d-------- C:\ProgramData\WLInstaller
2008-03-03 21:24 . 2008-03-03 21:24 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-02-15 21:30 . 2008-01-09 21:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 08:26 . 2008-02-14 08:26 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\EPSON
2008-02-13 03:11 . 2008-02-13 03:11 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 03:11 . 2008-02-13 03:11 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 03:06 . 2008-02-13 03:06 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 03:06 . 2008-02-13 03:06 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 03:06 . 2008-02-13 03:06 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 03:06 . 2008-02-13 03:06 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 03:06 . 2008-02-13 03:06 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 03:06 . 2008-02-13 03:06 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 03:06 . 2008-02-13 03:06 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 03:05 . 2008-02-13 03:05 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 03:05 . 2008-02-13 03:05 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 03:05 . 2008-02-13 03:05 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 03:05 . 2008-02-13 03:05 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 03:05 . 2008-02-13 03:05 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 03:05 . 2008-02-13 03:05 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 03:05 . 2008-02-13 03:05 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 03:01 . 2008-02-13 03:01 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-13 03:01 . 2008-02-13 03:01 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-13 03:01 . 2008-02-13 03:01 26,624 --a------ C:\Windows\System32\ieUnatt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 22:13 --------- d-----w C:\ProgramData\Symantec
2008-03-08 22:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 22:02 --------- d-----w C:\Program Files\Symantec
2008-03-07 20:07 --------- d-----w C:\Users\cheapiedevil\AppData\Roaming\Sony Corporation
2008-03-04 05:40 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-04 05:27 --------- d-----w C:\Program Files\MSN Messenger
2008-03-04 05:25 --------- d-----w C:\Program Files\Windows Live
2008-03-04 05:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 22:07 --------- d-----w C:\ProgramData\Roxio
2008-02-23 02:18 10,992 ----a-w C:\Users\cheapiedevil\AppData\Roaming\wklnhst.dat
2008-02-19 09:47 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-18 01:42 --------- d-----w C:\Program Files\Java
2008-02-13 11:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 11:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 11:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 11:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 11:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 11:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-29 20:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2008-01-29 20:01 16,168 ----a-w C:\Windows\system32\drivers\GEARAspiWDM.sys
2008-01-15 05:53 --------- d-----w C:\Users\cheapiedevil\AppData\Roaming\Move Networks
2008-01-09 06:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 06:38 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 06:29 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 06:29 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 06:28 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-12 23:53 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 23:53 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 23:53 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-08-30 10:10 174 --sha-w C:\Program Files\desktop.ini
2006-12-28 00:47 1,132,112 ----a-w C:\ProgramData\pswi_preloaded.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 22:28 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-09-20 15:35 1410344]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-02-01 10:51 99608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-27 19:23 1006264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 10:46 411768]
"AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2006-11-15 15:48 415864]
"VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 14:30 2150400]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-04 05:15 7757824]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-04 05:15 81920]
"VAIOSurvey"="C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe" [2006-12-06 17:08 577536]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-28 00:13 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-21 12:16 1393928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-11-24 10:36 73728 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{658B904B-6626-427A-9B5E-9E4364682C98}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{467D397E-228C-4CF3-9FE0-DCDFC61AA586}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D069AB18-5B93-4FB7-BF41-B92C8346A01D}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{ABA100D1-6F45-4DD2-BAA3-660E1804EDC7}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{1F6F2174-2FA5-4BEB-994D-E4FC02CAB5F4}C:\program files\bitcomet\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client
"UDP Query User{89825BF8-BB66-48DA-97F3-AFA9706E6E74}C:\program files\bitcomet\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client
"{90FC2A52-031D-4F1B-BF9C-34CD5479D011}"= UDP:25291:BitComet 25291 TCP
"{AB2BC3E8-2B9F-4D2B-891D-60BD154AA6C0}"= TCP:25291:BitComet 25291 UDP
"{04BC0947-B020-403E-A5D3-8F7B79EDC4F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0FF845F1-DE16-4784-A348-D6E7A682C19F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5CB73472-A71A-4B76-B240-906B257E2C9E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 HWXZYTouchPad;HWXZYTouchPad;C:\Windows\jwpad.exe [2006-11-16 09:19]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-13 19:07]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-11-28 17:58]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-11-28 17:58]
R3 slim;Sony Lucid Integrated Mpeg encoder;C:\Windows\system32\drivers\slim.sys [2006-11-16 05:10]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2006-11-08 05:00]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2006-11-10 13:50]
R3 VHWDrawing;HanWang Drawing Tablet;C:\Windows\system32\DRIVERS\HWDrawing.sys [2007-03-26 09:09]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-01 23:30]
S2 riode32;riode32;C:\Windows\system32\drivers\riode32.sys [2008-03-07 13:30]
S3 HWTouchPad;HanWang Touch Pad;C:\Windows\system32\DRIVERS\HWXZYPad.sys [2007-03-27 16:15]
S3 USBAVCap;AVerMedia USB TV Tuner Device;C:\Windows\system32\drivers\USBAVCap.sys [2006-11-27 17:46]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2006-10-11 18:36]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-10-11 15:52]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-09 01:54:24 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-08 20:27:20 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-08 23:37:13 C:\Windows\Tasks\User_Feed_Synchronization-{7A7EA5C8-7F37-4470-824F-58B858336092}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 19:15:00
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-08 19:16:00
ComboFix-quarantined-files.txt 2008-03-09 03:15:57
.
2008-03-07 07:13:22 --- E O F ---

thanks!

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
C:\onhtp.exe
C:\rsvlqer.exe
C:\Windows\mrofinu1535.exe.tmp
C:\Users\CHEAPI~1\AppData\Local\Temp\ilueougo.dll
C:\Users\CHEAPI~1\AppData\Local\Temp\byvsr.dll
C:\Users\CHEAPI~1\AppData\Local\Temp\fntrrjpk.dll

Folder::
C:\-1237680187

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Post a new Combofix log and a new Hijack This log.

.

KScran Report::

---------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 09, 2008 5:57:52 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/03/2008
Kaspersky Anti-Virus database records: 617086
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 100680
Number of viruses found: 8
Number of infected objects: 22
Number of suspicious objects: 0
Duration of the scan process: 01:25:09

Infected Object Name / Virus Name / Last Action
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080308-191906.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_103.trc Object is locked skipped
C:\Program Files\Nero\Nero8\keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped
C:\Program Files\Nero\Nero8\Nero\keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIUAB5B.txt Object is locked skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\ffdcahl.exe Infected: Trojan.Win32.Agent.giy skipped
C:\Program Files\Uniblue\RegistryBooster 2\keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped
C:\Program Files\Uniblue\RegistryBooster 2\serial.exe Infected: Trojan-Downloader.Win32.Small.snf skipped
C:\ProgramData\avg7\Log\emc.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7eb9f80f8172c3b63c6469b30d8679b7_6e48b03c-3d39-4141-8b6b-e27cd6a2e003 Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.268.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.268.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010028.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\000100DC.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\000100DC.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\000100DC.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy1201.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf5284.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf5285.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\ProgramData\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\ProgramData\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.ldf Object is locked skipped
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.mdf Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-03-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\QooBox\Quarantine\C\d.exe.vir Infected: Trojan.Win32.Pakes.chm skipped
C:\QooBox\Quarantine\C\onhtp.exe.vir Infected: Trojan.Win32.Pakes.chp skipped
C:\QooBox\Quarantine\C\rsvlqer.exe.vir Infected: Trojan-Dropper.Win32.FriJoiner.ms skipped
C:\QooBox\Quarantine\C\Windows\mrofinu1535.exe.tmp.vir Infected: Trojan-Downloader.Win32.Agent.krh skipped
C:\QooBox\Quarantine\C\Windows\System32\fcyxwxv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\iifeefe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\yayxuss.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\InputPersonalization\edb.log Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\InputPersonalization\tmp.edb Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\Working\database_BAB6_3AC3_B63A_7FC5\dfsr.db Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\Working\database_BAB6_3AC3_B63A_7FC5\fsr.log Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\Working\database_BAB6_3AC3_B63A_7FC5\fsrtmp.log Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\Working\database_BAB6_3AC3_B63A_7FC5\tmp.edb Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008030920080310\index.dat Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster[1].exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster[1].exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster[1].exe/data.rar/serial.exe Infected: Trojan-Downloader.Win32.Small.snf skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster[1].exe/data.rar Infected: Trojan-Downloader.Win32.Small.snf skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster[1].exe RarSFX: infected - 4 skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster_all[1].exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster_all[1].exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster_all[1].exe/data.rar/serial.exe Infected: Trojan-Downloader.Win32.Small.snf skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster_all[1].exe/data.rar Infected: Trojan-Downloader.Win32.Small.snf skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster_all[1].exe RarSFX: infected - 4 skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat{78e334c5-0cc3-11dc-9af3-0013a94c341a}.TM.blf Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat{78e334c5-0cc3-11dc-9af3-0013a94c341a}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat{78e334c5-0cc3-11dc-9af3-0013a94c341a}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows Live Contacts\cheapiedevil@hotmail.com\real\members.stg Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows Live Contacts\cheapiedevil@hotmail.com\shadow\members.stg Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Temp\~DF4AAB.tmp Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Temp\~DF4B57.tmp Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Temp\~DFC4A7.tmp Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Temp\~DFDEA0.tmp Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Temp\~DFE0EE.tmp Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Temp\~DFFB88.tmp Object is locked skipped
C:\Users\cheapiedevil\AppData\Local\Temp\~DFFD19.tmp Object is locked skipped
C:\Users\cheapiedevil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\cheapiedevil\Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Users\cheapiedevil\NTUSER.DAT Object is locked skipped
C:\Users\cheapiedevil\ntuser.dat.LOG1 Object is locked skipped
C:\Users\cheapiedevil\ntuser.dat.LOG2 Object is locked skipped
C:\Users\cheapiedevil\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\cheapiedevil\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\cheapiedevil\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehmsdri.log Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehRecvr.log Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WMI\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\JET5D2C.tmp Object is locked skipped

Scan process completed.

ComboFix Log::

ComboFix 08-03-08.1 - cheapiedevil 2008-03-08 21:01:13.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.840 [GMT -8:00]
Running from: C:\Users\cheapiedevil\Desktop\ComboFix.exe
Command switches used :: C:\Users\cheapiedevil\Desktop\CFScript.txt

FILE ::
C:\onhtp.exe
C:\rsvlqer.exe
C:\Users\CHEAPI~1\AppData\Local\Temp\byvsr.dll
C:\Users\CHEAPI~1\AppData\Local\Temp\fntrrjpk.dll
C:\Users\CHEAPI~1\AppData\Local\Temp\ilueougo.dll
C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
C:\Windows\mrofinu1535.exe.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1237680187\
C:\onhtp.exe
C:\rsvlqer.exe
C:\Windows\mrofinu1535.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 20:19 . 2008-03-08 20:19 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\AVG7
2008-03-08 20:18 . 2008-03-08 20:18 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-03-08 20:17 . 2008-03-08 20:17 <DIR> d-------- C:\ProgramData\Grisoft
2008-03-08 20:17 . 2008-03-08 20:19 <DIR> d-------- C:\ProgramData\avg7
2008-03-08 20:17 . 2008-03-08 20:17 47,104 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-03-08 16:05 . 2007-12-24 17:37 138,384 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-03-08 16:05 . 2007-12-24 17:37 52,496 --a------ C:\Windows\System32\drivers\tmactmon.sys
2008-03-08 16:05 . 2007-12-24 17:37 52,240 --a------ C:\Windows\System32\drivers\tmevtmgr.sys
2008-03-08 16:00 . 2008-03-08 16:06 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Registry Booster
2008-03-08 15:51 . 2008-03-08 15:51 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Uniblue
2008-03-08 14:47 . 2008-03-08 14:47 <DIR> d-------- C:\ProgramData\Trend Micro
2008-03-08 14:47 . 2008-03-08 14:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-08 14:02 . 2008-03-08 14:02 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-03-08 12:51 . 2008-03-08 13:01 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Symantec
2008-03-08 12:04 . 2008-03-08 12:16 <DIR> d-------- C:\Program Files\RegCure
2008-03-08 11:58 . 2008-03-08 11:58 <DIR> d-------- C:\Program Files\Uniblue
2008-03-07 15:54 . 2008-03-07 15:54 0 --a------ C:\Windows\Irremote.ini
2008-03-07 13:25 . 2008-03-07 13:30 167,936 --a------ C:\Windows\System32\drivers\riode32.sys
2008-03-07 13:25 . 2008-03-07 13:30 2 --a------ C:\-1237680187
2008-03-07 13:06 . 2008-03-07 13:06 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Nero
2008-03-07 13:02 . 2008-03-07 16:36 <DIR> d-------- C:\ProgramData\Nero
2008-03-07 13:02 . 2008-03-07 13:51 <DIR> d-------- C:\Program Files\Nero
2008-03-07 13:02 . 2008-03-07 16:39 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-07 12:18 . 2008-03-07 12:18 26 --a------ C:\Windows\dvdSanta.INI
2008-03-07 12:15 . 2008-03-07 12:15 <DIR> d-------- C:\TempDVD
2008-03-07 12:14 . 2008-03-07 12:21 <DIR> d-------- C:\Program Files\dvdSanta
2008-03-07 12:07 . 2008-03-07 12:07 <DIR> d-------- C:\Click to DVD 2
2008-03-03 21:25 . 2008-03-03 21:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 21:24 . 2008-03-03 21:24 <DIR> d-------- C:\ProgramData\WLInstaller
2008-03-03 21:24 . 2008-03-03 21:24 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-02-15 21:30 . 2008-01-09 21:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 08:26 . 2008-02-14 08:26 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\EPSON
2008-02-13 03:11 . 2008-02-13 03:11 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 03:11 . 2008-02-13 03:11 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 03:06 . 2008-02-13 03:06 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 03:06 . 2008-02-13 03:06 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 03:06 . 2008-02-13 03:06 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 03:06 . 2008-02-13 03:06 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 03:06 . 2008-02-13 03:06 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 03:06 . 2008-02-13 03:06 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 03:06 . 2008-02-13 03:06 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 03:05 . 2008-02-13 03:05 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 03:05 . 2008-02-13 03:05 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 03:05 . 2008-02-13 03:05 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 03:05 . 2008-02-13 03:05 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 03:05 . 2008-02-13 03:05 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 03:05 . 2008-02-13 03:05 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 03:05 . 2008-02-13 03:05 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 03:01 . 2008-02-13 03:01 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-13 03:01 . 2008-02-13 03:01 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-13 03:01 . 2008-02-13 03:01 26,624 --a------ C:\Windows\System32\ieUnatt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 22:13 --------- d-----w C:\ProgramData\Symantec
2008-03-08 22:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 22:02 --------- d-----w C:\Program Files\Symantec
2008-03-07 20:07 --------- d-----w C:\Users\cheapiedevil\AppData\Roaming\Sony Corporation
2008-03-04 05:40 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-04 05:27 --------- d-----w C:\Program Files\MSN Messenger
2008-03-04 05:25 --------- d-----w C:\Program Files\Windows Live
2008-03-04 05:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 22:07 --------- d-----w C:\ProgramData\Roxio
2008-02-23 02:18 10,992 ----a-w C:\Users\cheapiedevil\AppData\Roaming\wklnhst.dat
2008-02-19 09:47 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-18 01:42 --------- d-----w C:\Program Files\Java
2008-02-13 11:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 11:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 11:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 11:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 11:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 11:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-29 20:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2008-01-29 20:01 16,168 ----a-w C:\Windows\system32\drivers\GEARAspiWDM.sys
2008-01-15 05:53 --------- d-----w C:\Users\cheapiedevil\AppData\Roaming\Move Networks
2008-01-09 06:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 06:38 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 06:29 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 06:29 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 06:28 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-12 23:53 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 23:53 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 23:53 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-08-30 10:10 174 --sha-w C:\Program Files\desktop.ini
2006-12-28 00:47 1,132,112 ----a-w C:\ProgramData\pswi_preloaded.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-08_19.15.34.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-09 01:54:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-09 03:18:56 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-09 02:34:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-09 04:18:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-03-09 02:35:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-09 04:18:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-03-09 03:02:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-09 04:53:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-09 03:02:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-09 04:53:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-09 03:02:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-09 04:53:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-09 04:17:47 821,856 ----a-w C:\Windows\System32\drivers\avg7core.sys
+ 2008-03-09 04:17:47 4,224 ----a-w C:\Windows\System32\drivers\avg7rsw.sys
+ 2008-03-09 04:17:47 27,776 ----a-w C:\Windows\System32\drivers\avg7rsxp.sys
+ 2008-03-09 04:18:01 3,968 ----a-w C:\Windows\System32\drivers\avgclean.sys
+ 2008-03-09 04:17:47 19,904 ----a-w C:\Windows\System32\drivers\avgmfx86.sys
- 2008-03-09 02:00:40 125,090 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-09 03:25:18 125,090 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-09 02:00:40 673,446 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-09 03:25:18 673,446 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-09 01:25:06 8,296 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1217593345-662086654-1042257533-1005_UserData.bin
+ 2008-03-09 03:22:11 8,344 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1217593345-662086654-1042257533-1005_UserData.bin
- 2008-03-09 01:56:11 79,668 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-09 03:22:11 79,890 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-09 01:56:00 44,252 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-09 03:22:06 44,348 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 22:28 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-09-20 15:35 1410344]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-02-01 10:51 99608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-27 19:23 1006264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 10:46 411768]
"AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2006-11-15 15:48 415864]
"VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 14:30 2150400]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-04 05:15 7757824]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-04 05:15 81920]
"VAIOSurvey"="C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe" [2006-12-06 17:08 577536]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-28 00:13 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-21 12:16 1393928]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-08 20:17 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-08 20:17 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-03-08 20:18 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-11-24 10:36 73728 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{658B904B-6626-427A-9B5E-9E4364682C98}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{467D397E-228C-4CF3-9FE0-DCDFC61AA586}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D069AB18-5B93-4FB7-BF41-B92C8346A01D}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{ABA100D1-6F45-4DD2-BAA3-660E1804EDC7}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{1F6F2174-2FA5-4BEB-994D-E4FC02CAB5F4}C:\program files\bitcomet\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client
"UDP Query User{89825BF8-BB66-48DA-97F3-AFA9706E6E74}C:\program files\bitcomet\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client
"{90FC2A52-031D-4F1B-BF9C-34CD5479D011}"= UDP:25291:BitComet 25291 TCP
"{AB2BC3E8-2B9F-4D2B-891D-60BD154AA6C0}"= TCP:25291:BitComet 25291 UDP
"{04BC0947-B020-403E-A5D3-8F7B79EDC4F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0FF845F1-DE16-4784-A348-D6E7A682C19F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5CB73472-A71A-4B76-B240-906B257E2C9E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 HWXZYTouchPad;HWXZYTouchPad;C:\Windows\jwpad.exe [2006-11-16 09:19]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-13 19:07]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-08 20:17]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-11-28 17:58]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-11-28 17:58]
R3 slim;Sony Lucid Integrated Mpeg encoder;C:\Windows\system32\drivers\slim.sys [2006-11-16 05:10]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2006-11-08 05:00]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2006-11-10 13:50]
R3 VHWDrawing;HanWang Drawing Tablet;C:\Windows\system32\DRIVERS\HWDrawing.sys [2007-03-26 09:09]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-01 23:30]
S2 riode32;riode32;C:\Windows\system32\drivers\riode32.sys [2008-03-07 13:30]
S3 HWTouchPad;HanWang Touch Pad;C:\Windows\system32\DRIVERS\HWXZYPad.sys [2007-03-27 16:15]
S3 USBAVCap;AVerMedia USB TV Tuner Device;C:\Windows\system32\drivers\USBAVCap.sys [2006-11-27 17:46]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2006-10-11 18:36]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-10-11 15:52]

*Newly Created Service* - AVGCLEAN
*Newly Created Service* - AVGMFX86
*Newly Created Service* - AVGWFP
.
Contents of the 'Scheduled Tasks' folder
"2008-03-09 03:19:32 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-08 20:27:20 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-08 23:37:13 C:\Windows\Tasks\User_Feed_Synchronization-{7A7EA5C8-7F37-4470-824F-58B858336092}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 21:06:11
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-08 21:07:24
ComboFix-quarantined-files.txt 2008-03-09 05:07:20
ComboFix2.txt 2008-03-09 03:16:02
.
2008-03-07 07:13:22 --- E O F ---

Hijack This Log::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:47, on 9/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\cheapiedevil\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/res...
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Drive...
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_ins...
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWXZYTouchPad - Unknown owner - C:\Windows\jwpad.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod ?? (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13346 bytes

cheapiedevil, why not paste your HJT results into http://hijackthis.de/
and then google the questionable results....it will save you lots of time.
HTH

Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Next set up the computer to view Hidden Files.
Click on the Start button.
Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:
If you are in the Classic View do the following:
Double-click on the Folder Options icon
Click on the View tab..
Or if you are in the Control Panel Home view do the following:
Click on the Appearance and Personalization link.

Now click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
You should now be able to view hidden files

Navigate to an ddelete the folder if found

C:\-1237680187

Post a new Hijack This log please.