Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

I look forward to your reply so we can begin cleaning.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

Thank you for responding to my issue - it's greatly appreciated and have noticed your name on several issues where you've helped other users. I must admit that I'm a novice so may need a little more help and direction than others but will do the best I can to make this simple.

I haven't posted this issue on any other forums; have not disable System Restore (as frankly I'm not sure how to do so); am not using any cracked software or P2P programs; I'm the main user of this PC as this is a home, family PC.

Thanks again for your time and attention to this matter!

Thank you for replying. I'll try to make my instructions as simple as possible. If there is anything that you do not understand just ask.

Please download to your desktop Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked,
  Click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Notes)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report into your next reply. Also include a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process; if asked to restart the computer, please do so immediately.

If you encounter this message:
"c:\program files\malwarebytes' Anti-Malware\mbamext.dll
Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5"
Click on ignore mbamext.dll

* If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use the update link mentioned above to manually update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "kschudy.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the files to the infected computer. Install the "kschudy.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.

**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE

Followed your instructions and didn't encounter any issues in downloading MBAM, but still receiving the messages. 12 objects were quarantined. Here's the MBAM log (w/the HijackThis log below):

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/8/2009 2:17:45 PM
mbam-log-2009-11-08 (14-17-45).txt

Scan type: Quick Scan
Objects scanned: 122826
Time elapsed: 16 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\winmm64.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ead8f454-ec03-4b47-a5b7-6534da513fa5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wincheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dvohovitogolop (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\winmm64.dll (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-737424625-1417951341-3704324221-1007\Dc1.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-737424625-1417951341-3704324221-1007\Dc2.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3MF1m5Yv.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\akinuzehob.dll (Trojan.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:29 PM, on 11/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=Iw7dPBHKDBuTirvfscIT4wfhQ9U
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} (CDFusionActiveXCtl Object) - http://www.weareautobots.com/ww/plugin/DFusionWeb.Installer.exe
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O20 - Winlogon Notify: Winlogon - winmm64.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Extention Manager - Unknown owner - C:\WINDOWS\system32\mdmcls32.exe

--
End of file - 10505 bytes

Your MBAM database is outdated. It should be at least 3130. Please update and run MBAM again. Don't forget to reboot after the scan to complete MBAM's cleanup.

Following that, please run an online virus scan by Kaspersky from HERE.

1. At the main page. Press on "Accept". After reading the contents.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.

Copy and post the results of the latest MBAM scan and the Kaspersky Online scan. If no threats were found then report that as well.

I attempted to update and run MBAM again, using the other link you provided, but recv'd the same results:

Malwarebytes' Anti-Malware 1.41
Database version: 3130
Windows 5.1.2600 Service Pack 3

11/8/2009 3:47:08 PM
mbam-log-2009-11-08 (15-47-08).txt

Scan type: Quick Scan
Objects scanned: 131883
Time elapsed: 15 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I then attempted to run the Kaspersky scan, but was unsuccessful on three attempts. I uploaded what I though was the current/necessary version of Java, but cont'd to get this message:

Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later.

I rebooted and tried it again, but then recv'd a message that I have the current version of Java.

Tried again and after ~ 30 minutes of checking, recv'd the same message.

I apologize as I don't seem to be making any headway and continue to get the same error messages.

You're doing fine. These things take time and are rarely a one-shot fix. Kaspersky was checking to see if you have the correct version of Java to run the scan. Did you follow the next prompts and proceed with the scan after that?

It wouldn't allow me to scan with the version of Java I have (although Java tells me I'm updated w/the latest version). Will try again and report back.

Here's what I recv'd after attempting to update Java. Unfortuately Kapersky still won't allow me to run the scan.

Verifying Java Version

Congratulations!

You have the recommended Java installed (Version 6 Update 17).

Once it checks your Java, it should allow you to proceed to the page that runs the scan. Perhaps your anit-virus is interfering. Try disabling that before you have KAV check your Java.

To disable CA Anti-virus:

1 Right click on CA Antivirus icon near the clock (a shield).
2. Click on CA Anti-Virus > Snooze Anti-Virus Protection.
3. When prompted, enter the longest time avalable (if Indefinitely is there use that) and click on Snooze.

If that does not work,keep CA AV disabled and please perform an online scan here:
http://www.eset.eu/online-scanner
This scan works best with IE. Alternate browsers require downloading and installing the ESET Smart Installer.
* Accept the Terms of Use:
* Approve the install of the required ActiveX Control, then follow on-screen instructions.
* Disable the protection of your resident anti-virus program after installing the
active X control that Eset has installed and again when you actually start scanning.
* Make sure enable (check) the Remove found threats option is checked, and run the scan.
* After the scan completes, the Details tab in the Results window will display what was found and removed.

A record of these results will be found here: C:\program files\esetonlinescanner\log.txt. Please include a copy of that log in your next reply along with a fresh HijackThis log.
This online scan may take quite a bit of time to complete so please be patient. If necessary, allow the scan to run overnight. Please do not use the machine to do anything else (e.g. browse; check email; chat) until the scan completes. Don't forget to enable your CA Anti-Virus when the scan is finished.

Was still unable to run the KAV scan even after disabling my CA protection so ran the ESET scan w/the following results:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=48b9dc08c7e37d4297aef842aec0a45d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-09 10:53:43
# local_time=2009-11-09 04:53:43 (-0600, Central Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4865 16777173 100 100 0 69247595 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=124141
# found=4
# cleaned=4
# scan_time=3585
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP775\A0077559.dll Win32/Kheagol.Patch.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP780\A0077643.dll Win32/Kheagol.Patch.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP796\A0078389.dll Win32/Kheagol.Patch.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\msuwglu.dll a variant of Win32/Agent.PFF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:15 PM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=Iw7dPBHKDBuTirvfscIT4wfhQ9U
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} (CDFusionActiveXCtl Object) - http://www.weareautobots.com/ww/plugin/DFusionWeb.Installer.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O20 - Winlogon Notify: Winlogon - winmm64.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Extention Manager - Unknown owner - C:\WINDOWS\system32\mdmcls32.exe

--
End of file - 10708 bytes

Still receiving the error messages. Still greatly appreciate all your help!

I'm going to suggest that you run a powerful tool. You will need to follow the instructions carefully. You will need to disable your anti-virus again before running this tool.

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Double click on ComboFix.exe & follow the prompts.

• As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.



• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log for further review.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

* Additional information on A/V control HERE. * ComboFix is not intended for use with servers.

Followed your directions and ran CF. No longer receiving error messages and below is the CF log; hopefully this fixed the problem on the first run. It gave me a warning that my CA anti-virus was still enabled, but took all the necessary steps to disable. The only program that may have been running was CA's PureSight, of which the icon no longer shows in the tab. Nonetheless, looking forward to your feedback...

ComboFix 09-11-08.03 - Kyle 11/09/2009 21:16.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.420 [GMT -6:00]
Running from: c:\documents and settings\Kyle\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\usowuwul.dll

Infected copy of c:\windows\system32\imm32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\imm32.dll

.
(((((((((((((((((((((((((   Files Created from 2009-10-10 to 2009-11-10  )))))))))))))))))))))))))))))))
.

2009-11-09 21:51 . 2009-11-09 21:51 -------- dc----w- c:\program files\ESET
2009-11-08 22:59 . 2009-11-09 02:57 152576 -c--a-w- c:\documents and settings\Kyle\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-08 19:47 . 2009-11-08 19:47 -------- dc----w- c:\documents and settings\Kyle\Application Data\Malwarebytes
2009-11-08 19:46 . 2009-09-10 20:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 19:46 . 2009-11-08 19:46 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-08 19:46 . 2009-11-08 21:31 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 19:46 . 2009-09-10 20:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 01:39 . 2009-11-08 01:39 -------- dc----w- c:\program files\Trend Micro
2009-11-08 01:38 . 2009-11-08 01:38 396288 -c--a-w- C:\HijackThis.exe
2009-11-07 23:18 . 2009-11-07 23:18 -------- dc----w- c:\windows\system32\XPSViewer
2009-11-07 23:18 . 2009-11-07 23:18 -------- dc----w- c:\program files\MSBuild
2009-11-07 23:18 . 2009-11-07 23:18 -------- dc----w- c:\program files\Reference Assemblies
2009-11-07 23:16 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-07 23:16 . 2008-07-06 12:06 117760 -c----w- c:\windows\system32\prntvpt.dll
2009-11-07 23:16 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\xpsshhdr.dll
2009-11-07 23:16 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-07 23:16 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-07 23:16 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\xpssvcs.dll
2009-11-07 23:16 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-06 13:51 . 2009-09-01 03:04 52224 -c--a-w- c:\documents and settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zzn8hrzf.default\extensions\{e4878b45-e2c0-4307-b6e8-734922f92f5b}\components\FFExternalAlert.dll
2009-11-06 13:51 . 2009-09-01 03:04 114688 -c--a-w- c:\documents and settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zzn8hrzf.default\extensions\{e4878b45-e2c0-4307-b6e8-734922f92f5b}\components\npmozax.dll
2009-11-05 22:15 . 2009-11-05 22:15 -------- dc----w- c:\documents and settings\Kyle\Application Data\pdf995
2009-10-13 13:32 . 2009-10-13 13:32 739752 -c--a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-13 13:32 . 2009-10-13 13:32 133576 -c--a-w- c:\windows\system32\drivers\veteboot.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 03:26 . 2007-10-31 03:15 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-11-10 03:26 . 2007-10-31 03:15 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-11-10 03:26 . 2007-10-31 03:15 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-11-10 03:26 . 2007-10-31 03:15 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-11-10 03:26 . 2007-10-31 03:15 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-11-10 03:26 . 2007-10-31 03:15 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-11-10 03:26 . 2007-10-31 03:15 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-11-10 03:26 . 2007-10-31 03:15 315608 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-11-08 23:04 . 2006-08-17 06:44 -------- dc----w- c:\program files\Java
2009-11-08 19:44 . 2009-04-08 12:32 0 -c--a-w- c:\windows\Iseginaqafotoc.bin
2009-11-05 22:17 . 2007-02-10 22:07 -------- dc----w- c:\documents and settings\All Users\Application Data\pdf995
2009-11-05 22:15 . 2008-02-12 03:04 -------- dc----w- c:\documents and settings\Kyle\Application Data\TaxCut
2009-10-13 13:32 . 2008-04-13 07:04 1541416 -c--a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2009-10-11 10:17 . 2008-12-09 01:30 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-10-06 23:14 . 2006-08-26 19:38 -------- dc----w- c:\documents and settings\Kyle\Application Data\Apple Computer
2009-10-06 00:35 . 2009-10-06 00:33 -------- dc----w- c:\program files\iTunes
2009-10-06 00:35 . 2009-10-06 00:33 -------- dc----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-06 00:34 . 2006-08-26 19:36 -------- dc----w- c:\program files\iPod
2009-10-06 00:34 . 2007-07-08 17:48 -------- dc----w- c:\program files\Common Files\Apple
2009-10-06 00:21 . 2009-10-06 00:21 -------- dc----w- c:\program files\Bonjour
2009-10-06 00:20 . 2009-10-06 00:19 -------- dc----w- c:\program files\QuickTime
2009-10-06 00:05 . 2009-10-06 00:05 79144 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-04 16:28 . 2009-10-04 16:28 -------- dc----w- c:\documents and settings\Lynn\Application Data\pdf995
2009-09-29 22:09 . 2008-08-24 18:57 -------- dc----w- c:\program files\Microsoft Silverlight
2009-09-11 14:18 . 2004-08-10 17:51 136192 -c--a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 17:51 58880 -c--a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 17:51 916480 -c--a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 17:51 247326 -c--a-w- c:\windows\system32\strmdll.dll
2006-10-06 02:00 . 2006-10-06 02:00 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-06-08 23:09 . 2007-06-08 23:09 10240 -csha-w- c:\windows\rnapxs\rnapxs.dat
2008-05-29 22:23 . 2006-08-27 19:25 88 -csh--r- c:\windows\system32\3879F53CEC.sys
2008-05-29 22:23 . 2006-08-27 19:25 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-31 177392]
"dvHighMem"="c:\windows\cfgmng32.exe" [2006-10-15 10870784]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-10-15 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-17 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 6:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 6:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 6:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 6:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 6:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 6:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 8:23 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 8:39 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 6:10 PM 281104]
R2 WinSock Extention Manager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [6/8/2007 5:09 PM 1032192]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 6:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 8:10 PM 189704]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [7/18/2006 1:40 PM 99840]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-09-19 c:\windows\Tasks\CAAntiSpywareScan_Daily as Kyle at 10 05 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2009-09-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Kyle at 9 32 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=Iw7dPBHKDBuTirvfscIT4wfhQ9U
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/ww/plugin/DFusionWeb.Installer.exe
FF - ProfilePath - c:\documents and settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zzn8hrzf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2187784&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2187784&SearchSource=2&q=
FF - component: c:\documents and settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zzn8hrzf.default\extensions\{e4878b45-e2c0-4307-b6e8-734922f92f5b}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptidfusionplugin.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Total Immersion\DFusionWeb\nptidfusionplugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {7151DB41-B5C9-4EE6-A037-942DFB9B31CA} - c:\documents and settings\Kyle\Local Settings\Application Data\{7151DB41-B5C9-4EE6-A037-942DFB9B31CA}\
FF - HiddenExtension: XUL Cache: {E7C7135D-55B2-4269-8D6E-354AF5495283} - c:\documents and settings\Lynn\Local Settings\Application Data\{E7C7135D-55B2-4269-8D6E-354AF5495283}
FF - HiddenExtension: XUL Cache: {1AB2A261-0336-490B-8698-F88FA82D50A4} - c:\documents and settings\Kyle\Local Settings\Application Data\{1AB2A261-0336-490B-8698-F88FA82D50A4}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 21:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(260)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\winsflt.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2576)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\Microsoft Office\Office\1033\msoffice.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-10 21:43 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-10 03:42

Pre-Run: 13,527,699,456 bytes free
Post-Run: 14,572,449,792 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=AlwaysOff

- - End Of File - - E0F7B6B62043F6C67E4FF3B74E0FEC48

It appears that there was some component of CA Anti-Virus still running.  Fortunately, it did not interfere.

I want to make sure everything is in order before we remove ComboFix.

1. DDS.txt
2. Attach.txt

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.