Microsoft® Windows® Malicious Software Removal Tool removed:
TrojanDownloader:Win32/cutwail.AQ
Virus:Win32/cutwail.G
(I could only run this program in safe mode)

Restart

Ran ATF-Cleaner (Could only run in safe mode)
*Received error"Application cannot be executed. The file ATF-Cleaner.exe is infected. Do you want to activate your anti virus software now?"*

Restart

Ran MBAM.EXE. (Could only run in safe mode)
*Received error"Application cannot be executed. The file MBAM.EXE is infected. Do you want to activate your anti virus software now?"*

This is the log I did shortly after computer was infected.

Malwarebytes' Anti-Malware 1.37
Database version: 2261
Windows 5.1.2600 Service Pack 3

12/11/2009 10:31:40 AM
mbam-log-2009-12-11 (10-31-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 394178
Time elapsed: 1 hour(s), 8 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: izeap6.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\izeap6.dll (Trojan.Vundo.H) -> Delete on reboot.

I cannot run ESET because I cannot get on the internet with the computer.

DDS log:

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by MikeKafka at 9:04:04.09 on Tue 12/15/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2570 [GMT -6:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ttool] c:\windows\srsdllpro.exe
uRun: [av_md] c:\documents and settings\mikekafka\av_md.exe
uRun: [peqqlgij] c:\windows\system32\config\systemprofile\local settings\application data\dirfut\kqnfsysguard.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [SolidWorks_CheckForUpdates] "c:\program files\common files\solidworks installation manager\scheduler\sldIMScheduler.exe" /scheduler
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Network Registry Agent] c:\windows\system32\hpnra.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [sysgif32] c:\windows\temp\~TM5F.tmp
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [peqqlgij] c:\windows\system32\config\systemprofile\local settings\application data\dirfut\kqnfsysguard.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [<NO NAME>] c:\documents and settings\networkservice\.exe /i
StartupFolder: c:\docume~1\mikeka~1\startm~1\programs\startup\solidw~1.lnk - c:\program files\solidworks2007\swscheduler\swBOEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{3e5562ed-69ab-4cec-91e2-64e18ec5acc6}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123169160567
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147888441115
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 192.168.5.10 kmcfs1.com

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-10-28 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-10-28 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2009-10-28 2477304]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 MSSQL$SIGMANEST;SQL Server (SIGMANEST);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
S2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\solidworks2007\cosmosfloworks\floworks\bincfw\StandAloneSlv.exe [2008-1-23 245760]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-21 24652]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-28 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-3 102448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-11 40160]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091124.050\NAVENG.SYS [2009-11-25 84912]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091124.050\NAVEX15.SYS [2009-11-25 1323568]

=============== Created Last 30 ================

2009-12-15 13:43:24 0 ----a-w- c:\documents and settings\mikekafka\mikekafka.exe
2009-12-14 13:53:06 0 d-----w- C:\69b7e6b16957ee122e89
2009-12-14 13:53:04 0 d-----w- C:\92546d5f3d170e73ec0bf0
2009-12-14 13:52:57 0 d-----w- C:\91cdd5b4f92a414575b8
2009-12-14 13:52:54 0 d-----w- C:\24c80100adea7db056daa981c8
2009-12-11 00:12:48 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-11 00:11:59 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-11 00:11:56 66048 ----a-w- c:\windows\srsdllpro.exe
2009-12-11 00:11:48 4 ----a-w- c:\docume~1\mikeka~1\applic~1\avdrn.dat
2009-11-18 02:10:58 0 d-----w- c:\docume~1\mikeka~1\applic~1\DassaultSystemes

==================== Find3M ====================

2009-12-11 00:12:48 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 19:08:22 3070976 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-29 05:38:23 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 05:38:23 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 05:38:22 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-10-29 05:38:22 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-10-28 17:54:39 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-28 17:54:39 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-28 17:54:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-28 17:54:39 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-28 17:44:52 9892 ----a-w- c:\windows\system32\drivers\SymRedir.cat
2009-10-28 17:44:52 39856 ----a-w- c:\windows\system32\drivers\symids.sys
2009-10-28 17:44:52 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys
2009-10-28 17:44:52 35120 ----a-w- c:\windows\system32\drivers\symndis.sys
2009-10-28 17:44:52 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys
2009-10-28 17:44:52 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys
2009-10-28 17:44:52 145968 ----a-w- c:\windows\system32\drivers\symfw.sys
2009-10-28 17:44:52 1356 ----a-w- c:\windows\system32\drivers\SymRedir.inf
2009-10-28 17:44:52 12720 ----a-w- c:\windows\system32\drivers\symdns.sys
2009-10-28 17:44:50 706 ----a-w- c:\windows\system32\drivers\COH_Mon.inf
2009-10-28 17:44:50 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2009-10-28 17:44:50 10537 ----a-w- c:\windows\system32\drivers\coh_mon.cat
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-16 00:07:20 262144 ----a-w- C:\ntuser.dat
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\dllcache\ieencode.dll

============= FINISH: 9:04:17.82 ===============


Attach.txt is attached.

Please help!