Here is my combofix log. Thank you so much for your help!
ComboFix 09-01-21.04 - Mike 2009-01-29 10:34:51.1 - NTFSx86
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\Mike\Application Data\GetModule
c:\documents and settings\Mike\Application Data\GetModule\dicik.gz
c:\documents and settings\Mike\Application Data\GetModule\kwdik.gz
c:\documents and settings\Mike\Application Data\GetModule\ofadik.gz
c:\documents and settings\Mike\Application Data\twain\Twain.exe
c:\documents and settings\Mike\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Mike\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\GetModule
c:\program files\GetModule\GetModule35.exe
c:\program files\GetPack
c:\program files\GetPack\dictame.gz
c:\program files\GetPack\GetPack28.exe
c:\program files\GetPack\trgtame.gz
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\Mjcore
c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\settings.dat
c:\program files\Need2Find\bar\Settings\settings.htm
c:\program files\security toolbar
c:\program files\security toolbar\Uninstall.bat
c:\program files\VnrPack
c:\program files\VnrPack\dicts.gz
c:\program files\VnrPack\trgts.gz
c:\program files\VnrPack\VnrPack22.exe
c:\windows\cdmxtras
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\IE4 Error Log.txt
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys
c:\windows\system32\asbmebqc.dll
c:\windows\system32\bszip.dll
c:\windows\system32\byXQKeEW.dll
c:\windows\system32\cfwjnova.dll
c:\windows\system32\cqbembsa.ini
c:\windows\system32\czrqvi.dll
c:\windows\system32\dfrgsrv.exe
c:\windows\system32\digeste.dll
c:\windows\system32\dkcshrku.dll
c:\windows\system32\iifeeEvw.dll
c:\windows\system32\khfDTlKC.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nscrydiq.dll
c:\windows\system32\psjfolpw.ini
c:\windows\system32\ukrhsckd.ini
c:\windows\system32\uvgdiawl.dll
c:\windows\system32\vbsys2.dll
c:\windows\system32\wpv181232845748.cpx
c:\windows\system32\wpv631232809217.cpx
c:\windows\system32\wpv911232809217.cpx
c:\windows\system32\xxyxWOFu.dll
c:\windows\system32\YbHNoUvw.ini
c:\windows\system32\YbHNoUvw.ini2
c:\windows\Tasks\yyzfrioj.job
c:\windows\Temp\tmp3.tmp
c:\windows\wiaserviv.log
----- BITS: Possible infected sites -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_network_monitor
-------\Service_network monitor
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.
2009-01-28 14:18 . 2009-01-28 14:18 <DIR> d-------- c:\program files\Trend Micro
2009-01-28 14:17 . 2009-01-28 14:17 812,344 --a------ c:\program files\HJTInstall.exe
2009-01-27 12:34 . 2009-01-27 21:02 <DIR> d--hs---- c:\windows\WFBfdXNlcg
2009-01-26 07:49 . 2009-01-26 07:49 50,688 --a------ c:\program files\ATF-Cleaner.exe
2009-01-26 07:02 . 2009-01-29 10:40 <DIR> d-------- c:\documents and settings\Mike\Application Data\Twain
2009-01-26 06:58 . 2009-01-26 06:58 <DIR> d-------- c:\program files\WebShow
2009-01-25 17:17 . 2009-01-29 10:59 93,420 --a------ c:\windows\system32\drivers\454b11d.sys
2009-01-25 16:23 . 2009-01-25 14:28 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-25 15:39 . 2009-01-29 10:59 93,420 --a------ c:\windows\system32\drivers\94b22313.sys
2009-01-25 14:29 . 2009-01-25 14:27 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-25 14:18 . 2009-01-25 14:19 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-25 14:17 . 2009-01-25 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-25 13:37 . 2009-01-25 13:37 34,543,112 --a------ c:\program files\Ad-AwareAE.exe
2009-01-24 21:12 . 2009-01-25 17:15 <DIR> d-------- c:\documents and settings\Mike\Application Data\cogad
2009-01-07 14:01 . 2009-01-07 14:34 <DIR> d-------- c:\documents and settings\Mike\Application Data\gtk-2.0
2009-01-07 13:19 . 2009-01-07 13:19 <DIR> d-------- c:\documents and settings\Mike\Application Data\Inkscape
2009-01-07 13:06 . 2009-01-07 13:14 <DIR> d-------- c:\program files\Inkscape
2009-01-07 11:28 . 2009-01-07 11:28 35,074,836 --a------ c:\program files\Inkscape-0.46.win32.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 19:21 --------- d-----w c:\program files\Common Files\Poker Now
2009-01-25 20:17 --------- d-----w c:\program files\Lavasoft
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"cogad"="c:\documents and settings\Mike\Application Data\cogad\cogad.exe" [2009-01-25 56832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 143360]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 196608]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-25 507224]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-10-26 811008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 11:28 684032 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-01-13 11:53 114688 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-01-13 12:07 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlexiBASIC 6.6\\Program\\App.exe"=
"c:\\Program Files\\FlexiBASIC 6.6\\Program\\App2.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-01-25 64160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-25 942416]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\DRIVERS\NaiFiltr.sys [2002-09-20 23888]
--- Other Services/Drivers In Memory ---
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - cdudf_xp
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - dvd_2K
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - Hardlock
*Deregistered* - Haspnt
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - iPod Service
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - Lavasoft Ad-Aware Service
*Deregistered* - Lbd
*Deregistered* - LmHosts
*Deregistered* - McDetect.exe
*Deregistered* - McShield
*Deregistered* - McTskshd.exe
*Deregistered* - MCVSRte
*Deregistered* - MDM
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NaiFiltr
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - OMCI
*Deregistered* - Par1284
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - Sentinel
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UdfReadr_xp
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder
2009-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-25 14:27]
.
- - - - ORPHANS REMOVED - - - -
BHO-{991c032e-60ef-42ca-b8e0-7e11646be16a} - c:\windows\system32\wvUoNHbY.dll
HKCU-Run-GetModule35 - c:\program files\GetModule\GetModule35.exe
HKCU-Run-GetPack28 - c:\program files\GetPack\GetPack28.exe
Notify-qomdcuvt - qoMdCuvt.dll
MSConfigStartUp-Bart Station - c:\program files\PeoplePC\ISP6230\BIN\PPCOLink.exe
MSConfigStartUp-Propel Accelerator - c:\progra~1\PEOPLE~1\PropelAC.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Microsoft Internet Explorer provided by CenturyTel
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Download all with Free Download Manager - file://c:\program files\dvd\DVD Shrink\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\dvd\DVD Shrink\Free Download Manager\dlselected.htm
IE: Download web site with Free Download Manager - file://c:\program files\dvd\DVD Shrink\Free Download Manager\dlpage.htm
IE: Download with Free Download Manager - file://c:\program files\dvd\DVD Shrink\Free Download Manager\dllink.htm
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: {{81A821B9-34D0-41E7-AE23-84256B96C427} -
http://www.oddsmaker.comDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {33331111-1111-1111-1111-615111193427}
DPF: {33331111-1131-1111-1111-611111193428}
DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-29 10:54:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\454b11d]
"ImagePath"="\SystemRoot\System32\drivers\454b11d.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\94b22313]
"ImagePath"="\SystemRoot\System32\drivers\94b22313.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee.com\VSO\mcvsrte.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-29 11:11:42 - machine was rebooted [Mike]
ComboFix-quarantined-files.txt 2009-01-29 17:11:31
Pre-Run: 28,344,655,872 bytes free
Post-Run: 28,478,787,584 bytes free
346 --- E O F --- 2009-01-14 18:37:42