Another instance of this ever so fun virus. Can you help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:29 AM, on 2/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {161D7242-41F0-4CEF-9DD0-C0D2756E1922} - C:\Windows\System32\dimsroam32.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Kitt\AppData\Roaming\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\dxgi32.dll,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe

--
End of file - 8211 bytes

Hello. We need to do some diagnostics to get started.

1. Please download Rooter and Save it to your desktop

• Double click it to start the tool.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

2. Download LockSearch to your desktop

• A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  
• A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply
  

3. Please download CKScanner by askey127 from here
Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

4. Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

5. I request the following logs to be posted in your next reply, please:
-Rooter
-LockSearch
-CKScanner
-Cheetah

Thanks.

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows Vista . (6.0.6002) Service Pack 2
[32_bits] - x86 Family 15 Model 75 Stepping 2, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18882
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:149 Go - Free:52 Go )
D:\ [CD_Rom]
.
Scan : 17:44.35
Path : C:\Users\Kitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIW4EOP5\Rooter[1].exe
User : Kitt ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (420)
Locked csrss.exe (488)
Locked wininit.exe (540)
Locked csrss.exe (552)
Locked avgchsvx.exe (560)
Locked avgrsx.exe (568)
Locked services.exe (604)
Locked lsass.exe (616)
Locked lsm.exe (628)
Locked winlogon.exe (700)
Locked svchost.exe (808)
Locked svchost.exe (868)
Locked svchost.exe (1016)
Locked svchost.exe (1044)
Locked svchost.exe (1060)
Locked audiodg.exe (1188)
Locked svchost.exe (1232)
Locked SLsvc.exe (1268)
Locked svchost.exe (1308)
Locked avgcsrvx.exe (1332)
Locked svchost.exe (1520)
Locked spoolsv.exe (1716)
Locked svchost.exe (1740)
Locked AppleMobileDeviceService.exe (280)
Locked avgwdsvc.exe (436)
Locked mDNSResponder.exe (1340)
Locked NBService.exe (1748)
Locked svchost.exe (2168)
Locked RosettaStoneDaemon.exe (2188)
Locked svchost.exe (2216)
Locked svchost.exe (2252)
Locked SearchIndexer.exe (2272)
Locked avgnsx.exe (2676)
Locked taskeng.exe (2912)
Locked wmpnetwk.exe (3716)
Locked ZuneNss.exe (3952)
______ C:\Windows\system32\taskeng.exe (2244)
______ C:\Windows\system32\Dwm.exe (2372)
______ C:\Windows\Explorer.EXE (3432)
______ C:\Windows\System32\rundll32.exe (2896)
______ C:\Program Files\iTunes\iTunesHelper.exe (2980)
______ C:\Program Files\Zune\ZuneLauncher.exe (2772)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2960)
______ C:\Program Files\Microsoft Office Communicator\communicator.exe (4000)
______ C:\Program Files\AVG\AVG9\avgtray.exe (2500)
______ C:\Program Files\Windows Sidebar\sidebar.exe (3908)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (1496)
______ C:\Windows\ehome\ehtray.exe (1288)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (1952)
______ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (2328)
______ C:\Users\Kitt\AppData\Roaming\SystemProc\lsass.exe (3016)
______ C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (3240)
______ C:\Windows\System32\rundll32.exe (3484)
Locked NMIndexingService.exe (3612)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (3896)
______ C:\Windows\ehome\ehmsas.exe (2956)
______ C:\Program Files\Internet Explorer\iexplore.exe (2380)
______ C:\Program Files\Internet Explorer\iexplore.exe (2360)
______ C:\Windows\system32\rundll32.exe (4220)
______ C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe (4452)
Locked iPodService.exe (4980)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (5804)
Locked infocard.exe (3268)
Locked SearchProtocolHost.exe (5348)
Locked SearchFilterHost.exe (3772)
______ C:\Program Files\Internet Explorer\iexplore.exe (5688)
______ C:\Windows\system32\SearchProtocolHost.exe (4572)
______ C:\Program Files\Internet Explorer\iexplore.exe (864)
______ C:\Users\Kitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIW4EOP5\Rooter[1].exe (1148)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:160038912000)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{B5918ED1-7392-4B05-96C6-F0CADEE06FB6}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\Users\Kitt\Documents\LimeWire\Saved\Sonic Foundry Acid Pro 4.0 + Sound FORGE 7.0 + kEYGENS + MANUALS\ACID Pro 4.0\Acid keygen.exe
C:\Users\Kitt\Documents\LimeWire\Saved\Sonic Foundry Acid Pro 4.0 + Sound FORGE 7.0 + kEYGENS + MANUALS\Sound Forge 7.0 + ssg keygen\keygen.exe
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 17:44.41
.
C:\Rooter$\Rooter_1.txt - (22/02/2010 | 17:44.41).c

______________________________________________________
LockSearch by jpshortstuff (05.11.09.1)
Log created at 17:45 on 22/02/2010 (Kitt)
Scanning C:\


C:\pagefile.sys
-------------------------

-=E.O.F=-
___________________________________________________
CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals.zip
c:\users\kitt\documents\limewire\saved\aoa dvd 100% working cracked release by under seh team\file_id.diz
c:\users\kitt\documents\limewire\saved\aoa dvd 100% working cracked release by under seh team\patch.[under seh team].exe
c:\users\kitt\documents\limewire\saved\aoa dvd 100% working cracked release by under seh team\setup.exe
c:\users\kitt\documents\limewire\saved\aoa dvd 100% working cracked release by under seh team\under seh team.nfo
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\acid pro 4.0\acid keygen.exe
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\acid pro 4.0\acid40_manual.exe
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\acid pro 4.0\acidpro40.exe
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\acid pro 4.0\toniccircle8pack.exe
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\acid pro 4.0\acid pro manual\acid40_manual.pdf
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\acid pro 4.0\tonic circle 8pack\numina tcpromo 01.sfk
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\acid pro 4.0\tonic circle 8pack\numina tcpromo 04.sfk
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\acid pro 4.0\tonic circle 8pack\tonic circle 8pack.txt
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\acid pro 4.0\tonic circle 8pack\tonic circle.acd
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\sound forge 7.0 + ssg keygen\file_id.diz
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\sound forge 7.0 + ssg keygen\keygen.exe
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\sound forge 7.0 + ssg keygen\soundforge70-trial.exe
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\sound forge 7.0 + ssg keygen\soundforge70_manual.exe
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\sound forge 7.0 + ssg keygen\ssg.nfo
c:\users\kitt\documents\limewire\saved\sonic foundry acid pro 4.0 + sound forge 7.0 + keygens + manuals\sound forge 7.0 + ssg keygen\sound forge 7.0 manual\soundforge7_manual.pdf
scanner sequence 3.JJ.11
----- EOF -----
___________________________________________

Cheetah-Anti-Rogue "Access is denied" was the only message I received.

Thanks!
Kitt

Try to re-run both Rooter and Cheetah-Anti-Rogue as administrator, by right-clicking on them and click Run as Administrator. See if they will run.

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista . (6.0.6002) Service Pack 2
[32_bits] - x86 Family 15 Model 75 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18882
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:149 Go - Free:52 Go )
D:\ [CD_Rom]
.
Scan : 19:25.34
Path : C:\Users\Kitt\Desktop\Rooter.exe
User : Kitt ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (420)
______ C:\Windows\system32\csrss.exe (488)
______ C:\Windows\system32\wininit.exe (540)
______ C:\Windows\system32\csrss.exe (552)
______ C:\Program Files\AVG\AVG9\avgchsvx.exe (560)
______ C:\Program Files\AVG\AVG9\avgrsx.exe (568)
______ C:\Windows\system32\services.exe (604)
______ C:\Windows\system32\lsass.exe (616)
______ C:\Windows\system32\lsm.exe (628)
______ C:\Windows\system32\winlogon.exe (700)
______ C:\Windows\system32\svchost.exe (808)
______ C:\Windows\system32\svchost.exe (868)
______ C:\Windows\System32\svchost.exe (1016)
______ C:\Windows\System32\svchost.exe (1044)
______ C:\Windows\system32\svchost.exe (1060)
Locked audiodg.exe (1188)
______ C:\Windows\system32\svchost.exe (1232)
______ C:\Windows\system32\SLsvc.exe (1268)
______ C:\Windows\system32\svchost.exe (1308)
______ C:\Program Files\AVG\AVG9\avgcsrvx.exe (1332)
______ C:\Windows\system32\svchost.exe (1520)
______ C:\Windows\System32\spoolsv.exe (1716)
______ C:\Windows\system32\svchost.exe (1740)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (280)
______ C:\Program Files\AVG\AVG9\avgwdsvc.exe (436)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1340)
______ C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (1748)
______ C:\Windows\system32\svchost.exe (2168)
______ C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (2188)
______ C:\Windows\system32\svchost.exe (2216)
______ C:\Windows\System32\svchost.exe (2252)
______ C:\Windows\system32\SearchIndexer.exe (2272)
______ C:\Program Files\AVG\AVG9\avgnsx.exe (2676)
______ C:\Windows\system32\taskeng.exe (2912)
______ C:\Program Files\Windows Media Player\wmpnetwk.exe (3716)
______ c:\Program Files\Zune\ZuneNss.exe (3952)
______ C:\Windows\system32\taskeng.exe (2244)
______ C:\Windows\system32\Dwm.exe (2372)
______ C:\Windows\Explorer.EXE (3432)
______ C:\Windows\System32\rundll32.exe (2896)
______ C:\Program Files\iTunes\iTunesHelper.exe (2980)
______ C:\Program Files\Zune\ZuneLauncher.exe (2772)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2960)
______ C:\Program Files\Microsoft Office Communicator\communicator.exe (4000)
______ C:\Program Files\AVG\AVG9\avgtray.exe (2500)
______ C:\Program Files\Windows Sidebar\sidebar.exe (3908)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (1496)
______ C:\Windows\ehome\ehtray.exe (1288)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (1952)
______ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (2328)
______ C:\Users\Kitt\AppData\Roaming\SystemProc\lsass.exe (3016)
______ C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (3240)
______ C:\Windows\System32\rundll32.exe (3484)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (3612)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (3896)
______ C:\Windows\ehome\ehmsas.exe (2956)
______ C:\Program Files\iPod\bin\iPodService.exe (4980)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (5804)
______ C:\Program Files\Internet Explorer\iexplore.exe (4492)
______ C:\Program Files\Internet Explorer\iexplore.exe (3292)
______ C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe (4464)
______ C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (5328)
______ C:\Windows\system32\SearchProtocolHost.exe (3296)
______ C:\Program Files\Internet Explorer\iexplore.exe (3876)
______ C:\Program Files\Internet Explorer\iexplore.exe (2640)
______ ?? (4600)
______ C:\Windows\system32\SearchProtocolHost.exe (1360)
______ C:\Windows\system32\SearchFilterHost.exe (4048)
______ C:\Users\Kitt\Desktop\Rooter.exe (1352)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:160038912000)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{B5918ED1-7392-4B05-96C6-F0CADEE06FB6}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\Users\Kitt\Documents\LimeWire\Saved\Sonic Foundry Acid Pro 4.0 + Sound FORGE 7.0 + kEYGENS + MANUALS\ACID Pro 4.0\Acid keygen.exe
C:\Users\Kitt\Documents\LimeWire\Saved\Sonic Foundry Acid Pro 4.0 + Sound FORGE 7.0 + kEYGENS + MANUALS\Sound Forge 7.0 + ssg keygen\keygen.exe
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 19:25.36
.
C:\Rooter$\Rooter_3.txt - (22/02/2010 | 19:25.36).c

Cheetah-Anti-Rogue v1.3.9
by DragonMaster Jay

Microsoft Windows [Version 6.0.6002]
Date: 02/22/2010 - Time: 19:26:50 - Arch.: x86


-- Malware removal tools check --
Trend Micro HijackThis 2.0.2


-- Known infection --



Extra message: Detection only.


EOF

That worked...
Thanks!
Kitt

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.