OK, Thanks again for all your help. I just uninstalled MS security Essentials temporarily, because I couldn't find how to stop it from running. I ran ComboFix. The Log is posted below:
ComboFix 11-05-17.03 - student 05/18/2011 20:58:58.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1132 [GMT -4:00]
Running from: c:\users\student\Desktop\zzz.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\student\AppData\Roaming\Adobe\plugs
c:\users\student\AppData\Roaming\Adobe\plugs\mmc18594289.txt
c:\users\student\AppData\Roaming\Adobe\shed
c:\users\student\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\student\AppData\Roaming\Desktopicon
c:\users\student\AppData\Roaming\Desktopicon\config.ini
c:\windows\4c37c6c9-799f-450e-861c-bd98e86455f4.ocx
c:\windows\system32\6ae89554-7039-4bf7-901e-6221195a9a0d.dll
c:\windows\system32\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 01:07 . 2011-05-19 01:07 -------- d-----w- c:\users\student\AppData\Local\temp
2011-05-19 01:07 . 2011-05-19 01:07 -------- d-----w- c:\users\Edgar\AppData\Local\temp
2011-05-19 01:07 . 2011-05-19 01:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-14 16:29 . 2011-05-14 16:29 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-14 16:22 . 2011-05-14 16:22 -------- d-----w- C:\log
2011-05-14 16:21 . 2011-05-14 12:35 2486352 ----a-w- C:\RootkitBuster.exe
2011-05-14 12:42 . 2011-05-14 12:42 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-05-14 12:34 . 2011-05-14 12:34 -------- d-----w- c:\users\Edgar\AppData\Local\WinZip
2011-05-14 12:16 . 2011-05-14 12:16 -------- d--h--w- c:\programdata\Common Files
2011-05-14 04:26 . 2011-05-14 04:26 -------- d-----w- c:\program files\millie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 22:32 . 2011-04-09 22:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-10 17:03 . 2011-04-14 12:45 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 12:45 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 12:45 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:25 . 2011-04-14 12:45 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 12:45 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 13:24 . 2011-04-14 12:45 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24 . 2011-04-14 12:45 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23 . 2011-04-14 12:45 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23 . 2011-04-14 12:45 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-22 06:21 . 2011-04-14 12:45 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17 . 2011-04-14 12:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16 . 2011-04-14 12:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16 . 2011-04-14 12:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16 . 2011-04-14 12:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20 . 2011-04-14 12:45 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43 . 2011-04-14 12:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42 . 2011-04-14 12:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 14:03 . 2011-04-14 12:45 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-18 14:03 . 2011-04-14 12:45 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-18 14:03 . 2011-04-14 12:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 15:30 . 2011-03-24 03:43 142296 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\millie\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 01:54 178712 ---ha-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-25 23:06 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 23:06 145944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRO Landscape Dashboard]
2006-12-13 13:38 3596288 ---ha-w- c:\program files\Drafix\PRO Landscape\PRO Landscape Dashboard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2010-04-10 03:35 79872 ---ha-w- c:\users\student\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-06-02 21:26 505720 ---ha-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 02:12 1029416 ---ha-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9ecac58f9bc77;Servicio de actualización de Google (gupdate1c9ecac58f9bc77);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 133104]
R3 4D27206C;4D27206C;c:\windows\system32\4D27206C.exe [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 133104]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S1 MpKsld1bbcd70;MpKsld1bbcd70;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCD984BB-FDAF-4329-BB9E-86B232ADB1E8}\MpKsld1bbcd70.sys [x]
S1 MpKsldec56f62;MpKsldec56f62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCD984BB-FDAF-4329-BB9E-86B232ADB1E8}\MpKsldec56f62.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2011-05-12 31232]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MpNWMon
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 04:55]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\student\AppData\Roaming\Mozilla\Firefox\Profiles\szdxtx2e.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-vKLuVrOIsaEYCN - c:\programdata\vKLuVrOIsaEYCN.exe
MSConfigStartUp-yonXQoADpl - c:\programdata\yonXQoADpl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-05-18 21:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\student\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-18 21:11:58
ComboFix-quarantined-files.txt 2011-05-19 01:11
.
Pre-Run: 176,553,328,640 bytes free
Post-Run: 175,929,393,152 bytes free
.
- - End Of File - - B2A653E07E6BA965A10EAB13C170FDB6