Police Pro and AntiVirus Pro

Hello. Here's the log:

ComboFix 09-09-28.01 - Jessica 09/29/2009 19:20.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.110 [GMT -4:00]
Running from: c:\documents and settings\Jessica\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jessica\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active


FILE ::
"C:\mlhlsvq.exe"
"c:\program files\Common Files\ekogep._sy"
"c:\windows\system32\calc.dll"
"c:\windows\system32\drivers\a0367ed0.sys"
"c:\windows\system32\gazizisa.dll"
"c:\windows\system32\nqpibfqp.dat"
"c:\windows\system32\vgcdtasa.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\11818124
c:\documents and settings\All Users\Application Data\11818284
C:\mlhlsvq.exe
c:\program files\Common Files\ekogep._sy
c:\windows\system32\drivers\a0367ed0.sys
c:\windows\system32\gazizisa.dll
c:\windows\system32\nqpibfqp.dat

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_antippolice_
-------\Service_a0367ed0
-------\Service_antippolice_


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-29 15:30 . 2009-09-29 15:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-29 15:22 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-29 15:22 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\McAfee.com
2009-09-29 15:17 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-28 22:36 . 2009-09-28 22:36 -------- d-----w- c:\documents and settings\Jessica\Application Data\McAfee
2009-09-28 18:36 . 2009-09-28 18:36 -------- d-----w- c:\program files\ERUNT
2009-09-28 00:27 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 00:27 . 2009-09-28 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 00:27 . 2009-09-28 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 00:27 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 00:03 . 2009-09-28 00:03 -------- d-----w- c:\program files\Trend Micro
2009-09-17 19:18 . 2009-09-17 19:18 -------- d-----w- C:\Webroot
2009-09-13 03:21 . 2005-07-06 20:16 428032 ----a-w- c:\windows\WRServices.dll
2009-09-04 07:10 . 2009-09-04 07:12 -------- d-----w- C:\18bed3b494b7996a92
2009-09-04 07:09 . 2009-09-04 07:43 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-01 07:04 . 2009-09-01 07:04 -------- d-----w- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 22:41 . 2007-08-08 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-29 18:23 . 2007-08-08 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 17:37 . 2007-08-08 21:20 -------- d-----w- c:\program files\McAfee
2009-09-29 15:13 . 2007-08-08 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-16 20:03 . 2008-08-06 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-13 03:26 . 2007-08-08 21:43 -------- d-----w- c:\program files\IrfanView
2009-09-12 02:57 . 2007-10-19 02:18 -------- d-----w- c:\documents and settings\Jessica\Application Data\Move Networks
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-29_01.37.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-09-29 01:29 71462 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-09-29 23:13 71462 c:\windows\system32\perfc009.dat
+ 2007-08-07 01:11 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-07 01:11 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-29 20:04 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-29 14:58 . 2009-09-29 14:58 53248 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000002\UsrClass.dat
- 2004-08-04 12:00 . 2009-09-29 01:29 441692 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-09-29 23:13 441692 c:\windows\system32\perfh009.dat
+ 2009-09-29 14:58 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2009\ERDNT.EXE
+ 2009-09-29 14:58 . 2009-09-29 14:58 3624960 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

c:\documents and settings\Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jessica^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Jessica\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2009 11:26 AM 203280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/20/2009 7:38 AM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/6/2007 9:18 PM 231424]
.
Contents of the 'Scheduled Tasks' folder

2009-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-08 00:39]

2009-09-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]

2009-09-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2&hl=en
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 19:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-29 19:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 23:39
ComboFix2.txt 2009-09-29 01:42

Pre-Run: 46,489,882,624 bytes free
Post-Run: 46,496,727,040 bytes free

221 --- E O F --- 2009-09-09 07:02

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
proquota.exe

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Hello. Here's the log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:00 on 30/09/2009 by Jessica (Administrator - Elevation successful)

========== filefind ==========

Searching for "proquota.exe"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe --a--- 50176 bytes [20:34 30/08/2008] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8

-=End Of File=-

Hello.
Thanks for that, nearly done now. Next, an uninstall log.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Hello again. Here's the results:

Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
AIM 6
AIM Toolbar 5.0
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom 802.11 reƖ LAN Adapter
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
Data Fax SoftModem with SmartCP
ERUNT 1.1j
Garmin Trip and Waypoint Manager v4
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
GRE POWERPREP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Help and Support
HP Software Update
HP User Guides 0001
HP reƖ Assistant 1.01 A2
ImageJ 1.41o
InterActual Player
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 2
LimeWire 4.14.10
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech Camera Driver
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 4.0 - SE
MVision
Quick Launch Buttons 5.10 B2
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
RollerCoaster Tycoon 2 Triple Thrill Pack
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Webshots Desktop
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Zone Deluxe Games

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 2
LimeWire 4.14.10
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Next,

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   FCopy::
   C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe | c:\windows\system32\proquota.exe
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

Hello. I removed the above programs and ran combofix. Here's the log:

ComboFix 09-09-28.01 - Jessica 10/01/2009 18:32.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.154 [GMT -4:00]
Running from: c:\documents and settings\Jessica\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jessica\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 )))))))))))))))))))))))))))))))
.

2009-10-01 22:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-01 21:43 . 2009-10-01 21:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-29 15:30 . 2009-09-29 15:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-29 15:22 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-29 15:22 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\McAfee.com
2009-09-29 15:17 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-28 22:36 . 2009-09-28 22:36 -------- d-----w- c:\documents and settings\Jessica\Application Data\McAfee
2009-09-28 18:36 . 2009-09-28 18:36 -------- d-----w- c:\program files\ERUNT
2009-09-28 00:27 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 00:27 . 2009-09-28 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 00:27 . 2009-09-28 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 00:27 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 00:03 . 2009-09-28 00:03 -------- d-----w- c:\program files\Trend Micro
2009-09-17 19:18 . 2009-09-17 19:18 -------- d-----w- C:\Webroot
2009-09-13 03:21 . 2005-07-06 20:16 428032 ----a-w- c:\windows\WRServices.dll
2009-09-04 07:10 . 2009-09-04 07:12 -------- d-----w- C:\18bed3b494b7996a92
2009-09-04 07:09 . 2009-09-04 07:43 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 21:59 . 2007-08-09 00:54 -------- d-----w- c:\program files\Webshots
2009-10-01 21:41 . 2007-08-08 21:20 -------- d-----w- c:\program files\McAfee
2009-09-30 23:42 . 2007-08-08 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-29 18:23 . 2007-08-08 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 15:13 . 2007-08-08 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-16 20:03 . 2008-08-06 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-13 03:26 . 2007-08-08 21:43 -------- d-----w- c:\program files\IrfanView
2009-09-12 02:57 . 2007-10-19 02:18 -------- d-----w- c:\documents and settings\Jessica\Application Data\Move Networks
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-29_01.37.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-09-29 01:29 71462 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-10-01 22:06 71462 c:\windows\system32\perfc009.dat
+ 2007-08-07 01:11 . 2009-10-01 21:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-07 01:11 . 2009-10-01 21:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-30 00:54 . 2009-10-01 21:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-29 14:58 . 2009-09-29 14:58 53248 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000002\UsrClass.dat
+ 2009-10-01 21:43 . 2009-10-01 21:43 53248 c:\windows\ERDNT\AutoBackup\10-1-2009\Users\00000002\UsrClass.dat
- 2004-08-04 12:00 . 2009-09-29 01:29 441692 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-10-01 22:06 441692 c:\windows\system32\perfh009.dat
+ 2009-09-29 14:58 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2009\ERDNT.EXE
+ 2009-10-01 21:43 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\10-1-2009\ERDNT.EXE
+ 2009-09-29 14:58 . 2009-09-29 14:58 3624960 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000001\NTUSER.DAT
+ 2009-10-01 21:43 . 2009-10-01 21:43 3624960 c:\windows\ERDNT\AutoBackup\10-1-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

c:\documents and settings\Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jessica^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Jessica\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2009 11:26 AM 210216]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/6/2007 9:18 PM 231424]
.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-10-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-08 00:39]

2009-09-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2&hl=en
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-01 18:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll

- - - - - - - > 'explorer.exe'(1960)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-01 18:41
ComboFix-quarantined-files.txt 2009-10-01 22:41
ComboFix2.txt 2009-09-29 23:39
ComboFix3.txt 2009-09-29 01:42

Pre-Run: 46,365,315,072 bytes free
Post-Run: 46,337,490,944 bytes free

193 --- E O F --- 2009-09-09 07:02

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ask Toolbar

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Everything appears to be running normally again. I really appreciate your help.