Google Hijack - ecata?

Happy New Year. Please help me start off on the right foot
I am graphics artist who has had my google searches redirected. I am very sure it has something to do with "ecata.info".
I have run a number of spyware programs (portable and otherwise) but to no avail.
Thanks for this site - I hope there is hope. I have read a number of posts so have done a few prelim steps already......logs follow. Note that the warnings that combofix issued were noted.

EDIT: I deleted wdmaud.sys (the phony one) and stiil being redirected.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:04 AM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
D:\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
D:\ZoneAlarm\zlclient.exe
D:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
D:\iTunes\iTunesHelper.exe
D:\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gerry\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "D:\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\fix.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Portables\SUPERAntiSpyware Pro v4.15.1000\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cli.../wuweb_
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
---------------------------------------------------------------------------

Combofix text:

ComboFix 09-01-01.02 - Gerry 2009-01-02 11:41:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.699 [GMT -5:00]
Running from: c:\documents and settings\Gerry\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Pro Firewall *enabled*
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\msqpdxfmudrwul.sys
c:\windows\system32\drivers\msqpdxoehftymq.sys
c:\windows\system32\drivers\msqpdxrqjxdqjn.sys
c:\windows\system32\msqpdxrmyxymup.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-01-02 11:34 . 2009-01-02 11:35 <DIR> d-------- C:\32788R22FWJFW
2009-01-01 21:56 . 2009-01-01 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-01 21:54 . 2009-01-01 21:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-31 12:18 . 2008-12-31 12:18 79 --a------ c:\windows\wininit.ini
2008-12-21 15:46 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-21 15:45 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-21 15:45 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-21 15:45 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-21 15:45 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-21 15:45 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-21 15:45 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-21 15:45 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-21 15:45 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-21 15:44 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-21 10:32 . 2002-04-07 11:17 414 -ra------ c:\windows\system32\lame_acm.xml
2008-12-21 10:31 . 2008-09-24 20:41 839,680 --a------ c:\windows\system32\LameACM.acm
2008-12-19 17:20 . 2007-09-21 02:52 118,784 --a------ c:\windows\system32\AC3ACM.acm
2008-12-15 07:37 . 2008-12-15 07:37 <DIR> d-------- c:\documents and settings\Gerry\.dvdcss
2008-12-12 20:05 . 2008-12-12 20:05 <DIR> d-------- c:\program files\Common Files\EZB Systems
2008-12-12 16:11 . 2008-12-13 23:41 361 --a------ c:\windows\Vue 6 Infinite.reg
2008-12-07 14:45 . 2008-12-07 14:45 159,918 --a------ c:\windows\Marsu-Fix 2.3 Uninstaller.exe
2008-12-05 23:38 . 2008-12-05 23:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Braid

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 21:37 --------- d-----w c:\program files\Canon
2009-01-01 20:31 --------- d-----w c:\documents and settings\Gerry\Application Data\ZoomBrowser EX
2009-01-01 20:25 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-12-26 03:51 --------- d-----w c:\documents and settings\Gerry\Application Data\Thinstall
2008-12-17 17:22 --------- d-----w c:\documents and settings\Gerry\Application Data\dvdcss
2008-12-06 13:47 2,242,728 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-05 02:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-05 02:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
2008-11-29 03:45 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-29 03:44 --------- d-----w c:\program files\Microsoft.NET
2008-11-23 05:00 --------- d-----w c:\documents and settings\Gerry\Application Data\Apple Computer
2008-11-23 04:53 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 04:52 --------- d-----w c:\program files\iPod
2008-11-23 04:52 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 04:50 --------- d-----w c:\program files\QuickTime
2008-11-23 04:45 --------- d-----w c:\program files\Safari
2008-11-18 18:45 --------- d-----w c:\program files\MSXML 6.0
2008-11-18 03:26 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-18 03:26 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-18 03:26 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-18 03:26 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-15 21:21 --------- d-----w c:\documents and settings\Gerry\Application Data\Nero
2008-11-15 21:20 --------- d-----w c:\program files\Common Files\Nero
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\zonealarm\zlclient.exe" [2008-07-09 919016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7696384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-24 86016]
"!AVG Anti-Spyware"="d:\avg anti-spyware 7.5\avgas.exe" [2007-06-11 6731312]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2008-11-20 290088]
"egui"="d:\eset\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"TrialReset"="c:\windows\fix.exe" [2008-04-28 208353]
"nForce Tray Options"="sstray.exe" [2002-11-13 c:\windows\system32\sstray.exe]
"nwiz"="nwiz.exe" [2006-08-24 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 SASDIFSV;SASDIFSV;\??\d:\portables\Portable SUPER AntiSpyware Pro v4.15.1000\SASDIFSV.SYS [2008-10-10 8944]
R2 ekrn;Eset Service;"d:\eset\ESET NOD32 Antivirus\ekrn.exe" [2008-07-01 468224]
S1 SASKUTIL;SASKUTIL;\??\d:\portables\SUPERAntiSpyware Pro v4.15.1000\SASKUTIL.sys []
S3 CrystalSysInfo;CrystalSysInfo;\??\d:\portables\Portable MediaCoder-0.6.2.4226\MediaCoder_0.6.2.4226_Portable\MediaCoder_0.6.2.4226_Portable\SysInfo.sys [2008-12-19 15152]
S3 SASENUM;SASENUM;\??\d:\portables\SUPERAntiSpyware Pro v4.15.1000\SASENUM.SYS []
S4 WeOnlyDo wodAppUpdate Service;WeOnlyDo wodAppUpdate Service;d:\groboto\bin\wodUpdSv.exe [2008-05-13 28144]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - d:\portables\SUPERAntiSpyware Pro v4.15.1000\SUPERAntiSpyware.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gerry\Application Data\Mozilla\Firefox\Profiles\npms1a25.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: d:\mozilla firefox\components\iamfamous.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 11:43:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo R300 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"?1????????????????IB~z???????????????p????????????????????JB~????p???????????8?????????????C~????p?????????C~p??????????????|???????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxfmudrwul.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-01-02 11:45:08
ComboFix-quarantined-files.txt 2009-01-02 16:44:55

Pre-Run: 11,194,474,496 bytes free
Post-Run: 11,178,610,688 bytes free

160

Happy New Year and welcome to Lockergnome.

Double click on c:\windows\wininit.ini to open it up in Notepad. Copy and paste the contents of that file here and then delete all those lines. Copy and paste the following two lines back into the file and save it:

[rename]
nul=

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  Code:

  :services msqpdxserv.sys :reg [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys] :files c:\windows\system32\drivers\msqpdxfmudrwul.sys

  
  
  
• Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.+ vbCrLf+ vbCrLf
• Click the red MoveIt! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Run ComboFix manually again by double clicking on it. Post the new log here when ready.