Ok, I ran the combofix and I am posting the log file to this post. I went ahead and reran the DDS and GMER as well and posted those logs just in case something has changed. But I am fairly confident nothing has.
Thanks!
ComboFix 09-07-06.02 - Susan 07/06/2009 20:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.538 [GMT -5:00]
Running from: c:\documents and settings\Susan\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\SKYNETabncninf.sys
c:\windows\system32\SKYNEToffnwpuw.dll
c:\windows\system32\SKYNETqxobsbbn.dat
c:\windows\system32\SKYNETuoypvpfd.dat
c:\windows\system32\SKYNETvktaouat.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETuebwtoke
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.
2009-07-07 01:52 . 2009-07-07 02:12 1888800 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-07 01:52 . 2009-07-07 02:08 352288 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-05 04:56 . 2009-07-05 04:56 -------- d-----w- c:\temp\New Young Pony Club - Fantastic Playroom [2007.INDIE].By KELOLO
2009-07-01 15:19 . 2009-07-07 02:13 -------- d-----w- c:\temp\virus logs
2009-07-01 05:03 . 2009-07-01 05:03 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-07-01 05:03 . 2009-07-01 05:03 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-01 05:03 . 2009-07-01 05:03 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-07-01 01:17 . 2009-07-01 05:03 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-01 01:17 . 2009-07-01 05:03 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-01 01:16 . 2009-07-07 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-30 21:51 . 2009-06-30 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-30 16:39 . 2009-06-30 16:25 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-30 16:23 . 2009-06-30 16:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-30 16:23 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-30 16:22 . 2009-06-30 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-30 16:22 . 2009-06-30 16:22 -------- d-----w- c:\program files\Lavasoft
2009-06-30 14:28 . 2009-06-30 14:28 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-25 22:18 . 2009-06-25 22:18 488960 ----a-w- c:\documents and settings\Susan\Application Data\Macromedia\Flash Player\
http://www.macromedia.com\bin\octosh...070-0-main.dll
2009-06-25 22:18 . 2009-06-25 22:18 319488 ----a-w- c:\documents and settings\Susan\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\octoshape\octoshape.exe
2009-06-24 03:32 . 2009-03-09 16:34 971776 ----a-w- c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\vxmuqh80.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
2009-06-22 01:16 . 2009-06-22 01:33 -------- d-----w- c:\temp\wall pictures
2009-06-16 21:09 . 2009-06-16 21:09 -------- d-----w- c:\program files\Sling Media
2009-06-16 21:09 . 2009-06-16 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sling Media
2009-06-16 21:07 . 2009-06-16 21:07 -------- d-----w- c:\windows\Downloaded Installations
2009-06-16 17:49 . 2009-06-16 17:49 -------- d-----w- c:\program files\Games
2009-06-10 14:46 . 2009-06-10 14:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 14:44 . 2009-06-10 14:44 152576 ----a-w- c:\documents and settings\Susan\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-07 15:47 . 2009-06-07 15:48 -------- d-----w- c:\temp\wyatt games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 02:14 . 2008-09-08 16:07 -------- d-----w- c:\documents and settings\Susan\Application Data\Tunebite
2009-07-07 02:14 . 2009-07-07 01:52 16984 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-07 02:08 . 2009-07-07 01:52 2284 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-06 16:25 . 2009-06-30 16:25 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-06 16:25 . 2009-06-30 16:25 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-06 16:25 . 2009-06-30 16:25 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-05 14:24 . 2008-09-08 03:22 -------- d-----w- c:\documents and settings\Susan\Application Data\BitTorrent
2009-07-05 02:18 . 2009-03-25 23:06 -------- d-----w- c:\program files\Warcraft III
2009-07-01 05:03 . 2008-01-29 22:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-07-01 04:53 . 2009-05-25 02:59 -------- d-----w- c:\program files\Trend Micro
2009-06-30 14:28 . 2009-05-25 13:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 22:02 . 2008-06-10 00:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-29 17:30 . 2009-01-09 15:27 -------- d-----w- c:\documents and settings\Susan\Application Data\uTorrent
2009-06-24 20:52 . 2008-08-26 15:44 -------- d-----w- c:\documents and settings\Susan\Application Data\U3
2009-06-17 16:27 . 2009-05-25 13:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:27 . 2009-05-25 13:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 21:10 . 2008-05-17 19:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 19:29 . 2009-05-10 00:04 -------- d-----w- c:\documents and settings\Susan\Application Data\funkitron
2009-06-16 17:35 . 2009-03-15 17:52 -------- d-----w- c:\program files\Transcend
2009-06-10 14:45 . 2008-05-23 20:20 -------- d-----w- c:\program files\Java
2009-06-10 01:15 . 2009-05-28 22:48 35 ----a-w- c:\windows\popcinfo.dat
2009-06-03 00:47 . 2009-06-03 00:47 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-03 00:47 . 2009-06-03 00:47 -------- d-----w- c:\documents and settings\Susan\Application Data\SystemRequirementsLab
2009-06-03 00:47 . 2009-06-03 00:47 207872 ----a-w- c:\documents and settings\Susan\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-06-03 00:47 . 2009-06-03 00:47 207872 ----a-w- c:\documents and settings\Susan\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-06-03 00:47 . 2009-06-03 00:47 207872 ----a-w- c:\documents and settings\Susan\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-06-03 00:47 . 2009-06-03 00:47 207872 ----a-w- c:\documents and settings\Susan\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-05-31 20:23 . 2009-05-31 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Marlin
2009-05-28 23:35 . 2009-05-28 23:35 22 ----a-w- c:\windows\popcinfot.dat
2009-05-25 13:42 . 2009-05-25 13:42 -------- d-----w- c:\documents and settings\Susan\Application Data\Malwarebytes
2009-05-25 13:41 . 2009-05-25 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 02:45 . 2009-05-25 02:45 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2009-05-25 01:39 . 2009-05-25 01:39 23975176 ----a-w- C:\sdsetup.exe
2009-05-25 01:35 . 2009-05-25 01:36 38912 ----a-w- C:\AntiBrontokA-en.exe
2009-05-24 22:03 . 2009-05-24 22:03 422 ----a-w- c:\documents and settings\Susan\Application Data\Azureus\socks1.exe
2009-05-24 22:03 . 2009-05-24 22:03 16141 ----a-w- c:\documents and settings\Susan\Application Data\funkitron\lego.exe
2009-05-24 22:03 . 2009-05-24 22:03 145131 ----a-w- c:\documents and settings\Susan\Application Data\BitTorrent\nomad.exe
2009-05-24 22:03 . 2009-05-24 22:03 13221 ----a-w- c:\documents and settings\Susan\Application Data\Apple Computer\rengo.dll
2009-05-24 22:03 . 2009-05-24 22:03 11232 ----a-w- c:\documents and settings\Susan\Application Data\Adobe\shalom.exe
2009-05-24 22:03 . 2009-05-24 22:03 10121 ----a-w- c:\documents and settings\Susan\Application Data\GlobalSCAPE\kern.dll
2009-05-16 16:48 . 2009-05-16 16:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-16 14:57 . 2008-06-10 00:51 -------- d-----w- c:\program files\Shockwave.com
2009-05-14 23:15 . 2008-12-06 01:15 -------- d-----w- c:\program files\ABC Amber LIT Converter
2009-05-12 22:21 . 2009-05-12 22:20 -------- d-----w- c:\program files\Virtual Families
2009-05-11 23:12 . 2009-05-09 22:19 -------- d-----w- c:\program files\Ricochet Lost Worlds Recharged
2009-05-10 23:19 . 2009-05-09 22:20 -------- d-----w- c:\program files\Slingo Quest
2009-05-07 15:32 . 2001-08-23 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 01:56 . 2008-05-17 19:41 22928 ----a-w- c:\documents and settings\Susan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 12:26 . 2001-08-23 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 21:11 . 2009-04-15 21:11 32768 ----a-r- c:\documents and settings\Susan\Application Data\Microsoft\Installer\{EC918800-3986-4359-A7F9-EFAA3BDF46A9}\_106C25005944_4363_90EA_4E4354C64618.exe
2009-04-15 14:51 . 2001-08-23 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}]
2009-06-23 19:46 2094616 ----a-w- c:\program files\Isohunt-vuze\tbIso1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Tunebite"="c:\program files\RapidSolution\Tunebite\Tunebite.exe" [2008-06-12 6366512]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-10 148888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-02-02 246272]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-01 206088]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-02-28 53248]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-25 17567744]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V - Tribes of the East\\bin\\H5_Game.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2009-05-25 335376]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-07-01 33808]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-30 64160]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-02-02 317440]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-30 1029456]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2009-04-27 93960]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gmail.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=gvZ1F.tC4POBd.KJNUuIzw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {143A5FDE-5F70-4312-B79A-4795F3DB9F5B} = 192.168.0.5
FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\vxmuqh80.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2014090&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?ui=1
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2014090&SearchSource=2&q=
FF - plugin: c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\vxmuqh80.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-07-06 21:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1428)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2152)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\BRSVC01A.EXE
c:\windows\system32\BRSS01A.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-07-07 21:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 02:19
Pre-Run: 36,975,046,656 bytes free
Post-Run: 38,216,077,312 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
235 --- E O F --- 2009-06-11 08:03