Glad it's going well. I saw the file in your last combofix log. I'd meant to add it to the comboscript that you last ran. That's why I asked you manually delete it. It was a 0 byte file, perhaps cleanup removed it.
Just check for the presence of the file.
One thing you could also do, is from safe mode, safe a copy of the ndis.sys file to a disk, just in case. this ever happens again. The file you have is the correct file for your windows. If the problem reoccured, you could remove the infected one and replace it with clean. Now you know how.
When you are not using the computer, boot into safe mode and run SAS. Computer off time is a good time to do any of your scans anyway.
I followed all the directions except for I am not sure what I am doing when it comes to firewalls, how they work, which one to use etc. I read through the post you told me about and it confused me even more. I have two other computers in our home that are networked to this computer for the internet and one software program for our vacation rental company, they also share a printer so would installing one of these firewall programs interfer with them being able to access the internet?
It will take some setting up, you would have to find a firewall that you liked and check out their forum for setup info. I would suggest checking out the firewall forums and see what you can learn before deciding. Properly configured, printer, file sharing, internet access should be no problem.
Winpfind3 should have went when you ran the OTMOVEIT clean up. It may just be a shortcut. Anyways just delete it.