Thanks Kevin, here are the 3 logs:
ComboFix 12-12-10.01 - Happy Happy Joy Joy 12/10/2012 17:46:50.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2511 [GMT -7:00]
Running from: c:\documents and settings\Barber Family\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Barber Family\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\hppaetup.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))))
.
.
2012-12-11 00:47 . 2012-12-11 00:47 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21DE1369-5091-4CFB-A34F-12395AFC4BC3}\offreg.dll
2012-12-11 00:46 . 2012-12-11 00:46 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21DE1369-5091-4CFB-A34F-12395AFC4BC3}\MpKsla0989891.sys
2012-12-10 14:47 . 2012-11-08 17:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21DE1369-5091-4CFB-A34F-12395AFC4BC3}\mpengine.dll
2012-12-08 16:36 . 2012-11-08 17:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-07 16:14 . 2012-12-07 16:14 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-06 16:46 . 2012-12-06 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\B871983F6C1955700000B870DFD75E42
2012-11-26 22:28 . 2012-11-26 22:28 -------- d-----w- c:\documents and settings\Barber Family\Local Settings\Application Data\ATI
2012-11-26 22:28 . 2012-11-26 22:28 -------- d-----w- c:\documents and settings\Barber Family\Application Data\ATI
2012-11-26 22:28 . 2012-11-26 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2012-11-26 22:25 . 2012-11-26 22:25 -------- d-----w- c:\program files\My Company Name
2012-11-26 22:25 . 2012-11-26 22:25 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-26 22:23 . 2012-11-26 22:23 -------- d-----w- c:\program files\ATI
2012-11-26 22:23 . 2012-11-26 22:25 -------- d-----w- c:\program files\ATI Technologies
2012-11-14 17:03 . 2012-11-14 17:03 -------- d-----w- c:\documents and settings\Barber Family\Local Settings\Application Data\FileMaker
2012-11-14 17:03 . 2012-11-14 17:03 -------- d-----w- c:\documents and settings\Barber Family\Local Settings\Application Data\CNS
2012-11-14 17:00 . 2009-06-12 22:39 385024 ------w- c:\windows\system32\fppmon3.dll
2012-11-14 17:00 . 2009-06-12 22:39 282624 ------w- c:\windows\system32\fppr332.dll
2012-11-14 15:27 . 2012-11-14 15:27 -------- d-----w- C:\Inspector FX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 15:09 . 2012-03-30 00:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 15:09 . 2011-07-08 02:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 23:29 . 2012-11-07 23:29 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-10-22 08:37 . 2004-08-10 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 03:09 . 2012-08-15 03:09 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-02 18:04 . 2004-08-10 11:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-05 09:55 . 2012-12-05 09:53 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Barber Family\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Barber Family\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Barber Family\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Barber Family\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-26 15:42 1065776 ----a-w- c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-26 15:42 1065776 ----a-w- c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Starfield Updater"="c:\program files\Workspace\WorkspaceUpdate.exe" [2011-09-01 34496]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Akamai NetSession Interface"="c:\documents and settings\Barber Family\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-07 19968]
"CTHelper"="CTHELPER.EXE" [2005-09-19 16384]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"pdfFactory Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-06-12 606208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-24 10872]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Barber Family\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 MpKsla0989891;MpKsla0989891;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21DE1369-5091-4CFB-A34F-12395AFC4BC3}\MpKsla0989891.sys [12/10/2012 5:46 PM 29904]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/30/2012 1:26 AM 272216]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/7/2012 4:29 PM 71480]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 4:00 AM 14336]
R2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [7/16/2010 1:47 PM 1174824]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/7/2012 4:29 PM 976728]
R2 Salsvc;Salsvc;c:\program files\SoftActivity\SKL\alsvc.exe [7/21/2009 5:55 AM 38768]
R2 WeOnlyDo wodAppUpdate Service;WeOnlyDo wodAppUpdate Service;c:\windows\system32\wodUpdSv.exe [6/22/2009 6:20 PM 28144]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [11/26/2012 3:24 PM 101392]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [7/14/2011 4:27 PM 344448]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/30/2012 12:01 AM 21520]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [1/27/2005 7:06 PM 508304]
S2 gupdate1c9867bb6b5ffd0;Google Update Service (gupdate1c9867bb6b5ffd0);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 8:50 PM 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:14 PM 160944]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [7/24/2006 9:54 PM 16194]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 5:01 PM 42512]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/7/2012 4:29 PM 65848]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/7/2012 4:29 PM 166840]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [5/12/2012 12:05 PM 59464]
S3 SAgentDriver;SAgent Driver;c:\program files\SoftActivity\SKL\sagendrv.sys [7/21/2009 5:55 AM 31088]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/2/2012 12:13 PM 3064000]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLA0989891
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:09]
.
2012-12-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-BARBER-Happy Happy Joy Joy.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-10-29 22:43]
.
2012-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2012-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 03:50]
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 03:50]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: skytonight.com\skychart
FF - ProfilePath - c:\documents and settings\Barber Family\Application Data\Mozilla\Firefox\Profiles\lauacvsq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-07 07:26; {37d64652-bd94-4997-aec2-76727a7ac63c}; c:\documents and settings\Barber Family\Application Data\Mozilla\Firefox\Profiles\lauacvsq.default\extensions\{37d64652-bd94-4997-aec2-76727a7ac63c}.xpi
FF - ExtSQL: !HIDDEN! 2009-09-30 12:02; zoomext@starfield; c:\program files\Mozilla Firefox\extensions\zoomext@starfield
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-12-10 18:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-12-10 18:05:22
ComboFix-quarantined-files.txt 2012-12-11 01:05
ComboFix2.txt 2012-12-07 15:32
.
Pre-Run: 14,302,498,816 bytes free
Post-Run: 14,310,428,672 bytes free
.
- - End Of File - - 42839447D49EBFE3077477685C04955B
C:\Program Files\SoftActivity\SKL\sagendrv.sys Win32/Spy.ActivityMonitor.D application
C:\Qoobox\Quarantine\C\Documents and Settings\Barber Family\Application Data\isjasc.dll.vir a variant of Win32/Medfos.GL trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Barber Family\Application Data\sbcof.dll.vir a variant of Win32/Medfos.GM trojan
C:\System Volume Information\_restore{10E88403-46D8-4963-B338-95ECF663527B}\RP1\A0000026.dll a variant of Win32/Medfos.GL trojan
C:\System Volume Information\_restore{10E88403-46D8-4963-B338-95ECF663527B}\RP1\A0000027.dll a variant of Win32/Medfos.GM trojan
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 6
Out of date! ``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
WinPatrol
Java(TM) 7 Update 1
Java version out of Date! Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4
Adobe Reader out of Date! Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
BillP Studios WinPatrol winpatrol.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````[/u]
