FLV Virus

Hello.
Before I go to the extreme to fix this, I want to try one more thing.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
FCopy::
c:\windows\$NtServicePackUninstall$\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-10-27.01 - Matthew 10/29/2010 21:12:20.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1254 [GMT -6:00]
Running from: c:\documents and settings\Matthew\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Matthew\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-29 14:34 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0C1BC6AA-4FBE-489F-998E-946535794BF3}\mpengine.dll
2010-10-28 03:10 . 2010-10-28 03:25 -------- d-----w- C:\Combo-Fix
2010-10-26 23:50 . 2010-10-26 23:50 -------- d-----w- c:\documents and settings\Matthew\Application Data\Malwarebytes
2010-10-26 23:49 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 23:49 . 2010-10-26 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 23:49 . 2010-10-26 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 23:49 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-26 01:31 . 2010-10-26 01:32 -------- d-----w- c:\windows\system32\NtmsData
2010-10-23 05:14 . 2010-10-23 05:14 -------- d-----w- c:\documents and settings\Matthew\Application Data\OpenDNS Updater
2010-10-14 05:05 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 05:05 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 05:04 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-03 04:48 . 2010-10-03 04:48 -------- d-----w- c:\program files\iPod
2010-10-03 04:48 . 2010-10-03 04:50 -------- d-----w- c:\program files\iTunes
2010-10-02 15:07 . 2010-10-02 15:07 -------- d-----w- c:\program files\Common Files\Java
2010-10-02 03:52 . 2010-10-01 22:20 4501 ----a-w- C:\eprint.vbs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 17:41 . 2009-10-03 15:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2008-11-16 07:11 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-18 18:23 . 2004-08-04 06:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 06:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-04 06:56 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 06:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 06:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 06:56 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 17:17 . 2010-09-08 17:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17 . 2010-09-08 17:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57 . 2004-08-03 22:59 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 06:56 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-03 23:17 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 06:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 06:56 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-03 23:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 16:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 06:56 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 06:56 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 06:56 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-10-28_03.22.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-28 15:53 . 2010-10-28 15:53 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
+ 2004-08-04 06:56 . 2004-08-04 06:56 502272 c:\windows\system32\dllcache\winlogon.exe
+ 2004-08-04 06:56 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"Google Update"="c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-12-20 125632]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Matthew\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\documents and settings\Matthew\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]
SyncBack.lnk - c:\program files\SyncBack\SyncBack.exe [2008-11-16 2990848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\~[Filtered JS Events]~\~[Filtered JS Events]~.exe [2008-11-15 708608]
Shortcut to eprint.vbs.lnk - C:\eprint.vbs [2010-10-1 4501]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Symantec AntiVirus\Rtvscan.exe"= c:\program files\Symantec AntiVirus\Rtvscan.exe:128.187.21.147/255.255.255.255,128.187.21.148/255.255.255.255:Enabled:VirusScan(rtvscan.exe)
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Stanza.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Matthew\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Matthew\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Matthew\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8888:TCP"= 8888:TCP:WiFi HDD

R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [3/9/2010 10:00 PM 6656]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [5/3/2010 8:56 PM 91392]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [11/15/2008 11:36 PM 14416]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [5/6/2009 5:50 PM 151552]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/20/2006 12:29 PM 116928]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/5/2010 10:56 AM 102448]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2009 9:06 PM 135664]
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [11/15/2008 11:36 PM 44344]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [5/27/2009 11:07 PM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [5/27/2009 11:07 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [5/3/2010 8:59 PM 23936]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [5/1/2010 10:27 AM 9472]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [5/1/2010 9:00 PM 103424]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys [5/1/2010 9:00 PM 105984]
S3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys --> c:\windows\system32\DRIVERS\SmartpenBus.sys [?]
S3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys --> c:\windows\system32\DRIVERS\SmartpenCom.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 03:06]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 03:06]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1343024091-1909907507-1003Core.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-26 21:21]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1343024091-1909907507-1003UA.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-26 21:21]

2010-10-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2010-10-04 c:\windows\Tasks\SyncBack T41 Backup Matthew.job
- c:\program files\SyncBack\SyncBack.exe [2008-11-17 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?rls=ig
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: Send from PC to TV Bookmark - file://c:\program files\Send from PC to TV\SendFromPC2TV_Bookmark.htm
IE: Send from PC to TV Play/Pause - file://c:\program files\Send from PC to TV\SendFromPC2TV_PlayPause.htm
IE: Send from PC to TV Stop - file://c:\program files\Send from PC to TV\SendFromPC2TV_Stop.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\h6qb81hb.default\
FF - prefs.js: browser.startup.homepage - hxxp://mattimblerphotography.smugmug.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-29 21:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-1343024091-1909907507-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\.Curren*]
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Fail.wav"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-29 21:21:31
ComboFix-quarantined-files.txt 2010-10-30 03:21
ComboFix2.txt 2010-10-29 20:53
ComboFix3.txt 2010-10-28 03:25

Pre-Run: 3,776,221,184 bytes free
Post-Run: 3,750,502,400 bytes free

- - End Of File - - B8EEDD1C4FE674C86923FD66EA79DB25

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java(TM) 6 Update 21
LimeWire 5.4.8

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0900a38912bf54db2787a88e9d175a4
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-10-31 01:23:59
# local_time=2010-10-30 07:23:59 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=3547
# found=0
# cleaned=0
# scan_time=143
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0900a38912bf54db2787a88e9d175a4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-10-31 02:53:25
# local_time=2010-10-30 08:53:25 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=141450
# found=3
# cleaned=3
# scan_time=5187
C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EK trojan (cleaned by deleting - quarantined) 767C7D6126932D6D2887335F57F3B0C8 C
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\7\60f28f07-3f022b5d MSIL/Restamdos.AB trojan (cleaned by deleting - quarantined) 1DB82BF208957AE93DAA14FD42D67F50 C
C:\Documents and Settings\Matthew\My Documents\My Download Files\MsgPlusLive-460.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 6EE28670801DA626DE56A8217711C9EC C

Hello.

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 22.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version.
  

Download and install VLC Player 1.1.4
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

How is the machine running now?

Machine seems to be running well now. No sign of the original problem in several days. Thank you!