Since I still have a student email account I was thinking about getting windows 7 for $25. Don't know if that would help with all the registry things you were talking about earlier. No problems with the instructions (once I finally printed them out). Computer is acting about the same.
ComboFix 09-12-05.01 - SiN_Fury 12/05/2009 14:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.233 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ATI Technologies\ATI.ACE\atIAcmxx.dll
c:\windows\system32\3572050806.dat
c:\windows\system32\skinboxer43.dll
c:\windows\system32\tb.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-18 01:14 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 01:13 . 2009-12-18 01:13 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 19:28 . 2009-12-05 20:21 -------- d-----w- c:\documents and settings\Guest\Application Data\HPAppData
2009-12-05 08:22 . 2009-12-05 08:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2009-12-04 22:18 . 2009-12-04 22:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\HP
2009-12-04 22:18 . 2009-12-04 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-12-04 22:16 . 2008-10-28 10:31 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-12-04 22:16 . 2008-10-28 10:31 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-12-04 22:16 . 2008-10-06 21:37 315392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp083.dll
2009-12-04 22:16 . 2008-10-29 18:35 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-12-04 22:16 . 2008-10-06 21:38 121344 ----a-w- c:\windows\system32\hpf3l083.dll
2009-12-04 22:16 . 2008-10-28 10:31 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-12-04 22:16 . 2008-10-29 18:37 737280 ----a-r- c:\windows\system32\hposwia_d02a.dll
2009-12-04 22:16 . 2008-10-29 18:37 598016 ----a-r- c:\windows\system32\hpost_d02a.dll
2009-12-04 22:16 . 2008-10-29 18:37 307200 ----a-r- c:\windows\system32\hposc_d02a.dll
2009-12-04 22:16 . 2008-10-28 10:31 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-12-04 22:16 . 2008-10-28 10:31 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-12-04 22:12 . 2009-12-04 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-04 22:10 . 2009-12-04 22:10 -------- d-----w- c:\program files\Common Files\HP
2009-12-04 22:10 . 2009-12-04 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-04 22:09 . 2009-12-04 22:09 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-12-04 22:08 . 2004-08-04 04:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-04 22:08 . 2004-08-04 04:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-04 22:06 . 2009-12-04 22:14 -------- d-----w- c:\program files\HP
2009-12-04 22:05 . 2009-12-04 22:17 164909 ----a-w- c:\windows\hpoins37.dat
2009-12-04 22:05 . 2009-07-08 14:40 632 ------w- c:\windows\hpomdl37.dat
2009-11-21 22:41 . 2009-11-21 22:41 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2009-11-17 00:25 . 2009-11-17 00:26 -------- d-----w- C:\rsit
2009-11-16 21:03 . 2009-11-16 21:03 -------- d-----w- c:\program files\ESET
2009-11-15 00:33 . 2009-11-15 00:33 -------- d-----w- c:\program files\Java
2009-11-13 21:51 . 2009-11-13 21:51 -------- d-----w- C:\_OTM
2009-11-13 21:43 . 2009-11-13 21:43 -------- d-----w- c:\program files\ERUNT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 01:17 . 2008-06-16 06:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 01:06 . 2006-01-17 23:02 -------- d-----w- c:\program files\PConPoint
2009-12-05 07:16 . 2008-08-08 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-04 22:20 . 2005-09-14 03:54 39976 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 07:31 . 2009-05-14 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-12-01 07:30 . 2009-05-14 19:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-11-15 00:34 . 2009-06-12 23:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-15 00:02 . 2005-10-18 04:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-14 08:26 . 2009-10-30 03:00 -------- d-----w- c:\program files\Celtx
2009-11-13 21:48 . 2006-11-01 06:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-13 07:56 . 2009-08-19 07:38 -------- d-----w- c:\program files\Conduit
2009-11-12 22:04 . 2009-05-14 19:33 -------- d-----w- c:\program files\Logitech
2009-11-05 20:53 . 2006-01-09 08:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-10-30 03:00 . 2009-10-30 03:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Greyfirst
2009-10-29 02:27 . 2009-10-29 02:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Turbine
2009-10-29 02:09 . 2009-10-29 02:09 -------- d-----w- c:\program files\Turbine
2009-10-28 19:48 . 2009-10-28 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-10-28 19:45 . 2009-10-28 19:45 -------- d-----w- c:\program files\Pando Networks
2009-09-25 05:56 . 2004-08-10 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:33 . 2004-08-10 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:53 . 2008-06-16 06:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-09-06 09:11 . 2006-09-05 09:21 42903040 -c--a-w- c:\program files\Sibelius 2 Full (1).exe
2006-07-14 16:31 . 2006-10-03 08:51 2262475 -c--a-w- c:\program files\KaraokeGuide401.pdf
2006-07-08 23:48 . 2006-10-03 08:51 4949 -c--a-w- c:\program files\Read_Me_First!.htm
2006-03-11 09:56 . 2007-06-24 07:11 438272 -c--a-w- c:\program files\Mpeg2DecFilter.ax
2005-09-15 21:33 . 2005-09-15 21:33 1868 -c--a-w- c:\program files\Microsoft Mouse.lnk
2005-09-15 21:33 . 2005-09-15 21:33 1899 -c--a-w- c:\program files\Microsoft Keyboard.lnk
2005-06-18 22:31 . 2006-10-03 08:51 136 -c--a-w- c:\program files\KaraokeInfo Support Site.url
2003-11-12 03:53 . 2003-11-12 03:53 507 -c--a-w- c:\program files\ActivationFile.htm
2007-08-15 03:26 . 2007-02-18 10:10 12884 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-28 2923192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 333120]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\SlurpySoft\\Wulfram\\wulfram2.exe"=
"c:\\Program Files\\ABIT\\ABIT uGuru\\FlashMenu.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Black Isle\\BGII - SoA\\BGMain.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\mirc-mod4\\mirc.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\mIRC-TCKG5\\mirc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56966:TCP"= 56966:TCP:Pando Media Booster
"56966:UDP"= 56966:UDP:Pando Media Booster
R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [9/15/2005 3:14 PM 10752]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [9/7/2005 4:28 PM 4224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: idolonfox.com\www
Trusted Zone: mlb.com\www
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8zq2x5i8.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - prefs.js: keyword.URL -
hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8zq2x5i8.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Scr Online The - c:\docume~1\ADMINI~1\APPLIC~1\FILMHO~1\TRAY CAKE.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-05 14:55
ComboFix-quarantined-files.txt 2009-12-05 20:54
ComboFix2.txt 2008-06-16 05:50
ComboFix3.txt 2008-06-16 03:28
Pre-Run: 50,275,459,072 bytes free
Post-Run: 50,267,152,384 bytes free
- - End Of File - - 4D040822CE7DAF0C00DBBB71C61AB2B0