win32/nuqel.e and Bankerfox.a

My comp (im using a different one, the other one is off the internet) seems to be infected. I talked with a friend and he told me to download the trend micro hackthis off of cnet. Once I try to run it, a window pops up and tells me its infected and doesnt let me run it. What do i do?
I have AVG free 9.0, AVIRA, and Ad-aware(i dont use adaware, it just stays there). AVG can't scan at all(on safe mode I scanned it and nothing showed up), but AVIRA can scan when I do it for specific folders. I went through the C drive, but AVIRA found nothing.
I get random pop-ups and a continuous alert that programs are not being used since they are infected. If you guys know of anything that can help me, please. I don't know much, nothing really, about what to do.
Going through some of the earlier posts, it seems very similar to win32/nuqel.e and bankerfox.a (this shows up in "Antivirus Softwar Alert" on my comp, I ignored since there was a pop up asking me if I wanted to buy antivirus).
Please help, and thanks.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I couldn't disable avg free 9.0 since i need to get onto the user interface and i cant open that.
I also couldn't get commy to work. I tried it with a flash drive too. when i tried, it wouldn't run.

I restarted the comp and opened task manager. For whatever reason, the comp didn't have warnings and popups so i got commy to work. Here is the log report:

ComboFix 09-12-29.03 - The Shah Family 12/29/2009 15:23:07.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1380 [GMT -6:00]
Running from: c:\documents and settings\The Shah Family\desktop\commy.exe
Command switches used :: /stepdel
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\IDropPTB.dll
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-29 04:24 . 2009-12-29 04:24 -------- d-----w- c:\program files\Security Task Manager
2009-12-29 03:47 . 2009-12-29 03:47 -------- d-----w- c:\program files\Trend Micro
2009-12-29 00:28 . 2009-12-29 00:28 -------- d-----w- C:\744154dad3dd7817814eaba199
2009-12-29 00:28 . 2009-12-29 00:28 -------- d-----w- C:\a247f2a5370e487cf08f8e
2009-12-28 08:03 . 2009-12-29 21:10 -------- d-----w- c:\documents and settings\The Shah Family\Local Settings\Application Data\cbeclt
2009-12-15 23:32 . 2009-12-28 06:49 -------- d-----w- c:\program files\DWG TrueView 2010
2009-12-15 23:32 . 2009-12-24 04:02 -------- d-----w- c:\documents and settings\The Shah Family\Local Settings\Application Data\Autodesk
2009-12-15 23:32 . 2008-03-05 21:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-12-15 23:32 . 2008-02-06 05:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-12-15 23:32 . 2008-03-05 21:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-12-15 23:29 . 2009-12-28 07:30 -------- d-----w- c:\program files\Autodesk
2009-12-15 23:29 . 2009-12-28 06:49 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-12-15 21:38 . 2009-12-29 21:09 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-13 04:32 . 2009-12-04 03:18 1082648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2009-12-13 04:32 . 2009-12-04 03:18 1074456 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcmgr.exe
2009-12-13 04:32 . 2009-12-04 03:18 1494088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2009-12-13 04:32 . 2009-12-04 03:18 1336600 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2009-12-13 04:32 . 2009-12-13 04:32 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-13 04:32 . 2009-12-04 03:18 1946392 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgapix.dll
2009-12-13 04:32 . 2009-12-04 03:18 744728 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgscanx.exe
2009-12-13 04:32 . 2009-12-04 03:18 562456 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2009-12-04 22:29 . 2009-12-04 03:18 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-12-04 22:26 . 2009-12-04 22:26 844056 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-04 22:26 . 2009-12-04 22:26 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-04 04:18 . 2009-12-10 02:28 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 04:18 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-04 04:18 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-04 04:18 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-04 04:18 . 2009-12-04 04:18 -------- d-----w- c:\program files\Avira
2009-12-04 04:18 . 2009-12-04 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-04 03:31 . 2009-11-19 17:48 43008 ----a-w- c:\documents and settings\The Shah Family\Application Data\Mozilla\Firefox\Profiles\zcp7ias8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-04 03:31 . 2009-11-19 17:48 340480 ----a-w- c:\documents and settings\The Shah Family\Application Data\Mozilla\Firefox\Profiles\zcp7ias8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-04 03:31 . 2009-11-19 17:48 346624 ----a-w- c:\documents and settings\The Shah Family\Application Data\Mozilla\Firefox\Profiles\zcp7ias8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-04 03:31 . 2009-11-19 17:48 872960 ----a-w- c:\documents and settings\The Shah Family\Application Data\Mozilla\Firefox\Profiles\zcp7ias8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-04 03:18 . 2009-12-04 03:22 -------- d-----w- C:\$AVG
2009-12-04 03:17 . 2009-12-04 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-04 03:16 . 2009-12-04 03:22 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-02 21:37 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-02 21:37 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 21:11 . 2008-05-19 07:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-29 18:05 . 2009-09-28 17:05 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-29 17:46 . 2009-06-10 02:08 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-12-29 17:32 . 2009-12-07 02:59 0 ----a-w- c:\documents and settings\The Shah Family\Local Settings\Application Data\prvlcl.dat
2009-12-28 08:02 . 2009-12-28 08:02 -------- d-----w- c:\program files\MSXML 4.0
2009-12-28 08:02 . 2009-12-15 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-12-28 06:39 . 2009-12-24 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-28 06:39 . 2009-12-15 23:35 -------- d-----w- c:\documents and settings\The Shah Family\Application Data\Autodesk
2009-12-24 20:35 . 2009-12-24 20:35 231792 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-24 04:06 . 2008-05-23 22:08 136472 ----a-w- c:\documents and settings\The Shah Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 15:24 . 2009-12-18 15:24 294656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll
2009-12-15 23:55 . 2009-12-15 23:55 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-15 23:35 . 2009-12-15 23:35 10134 ----a-r- c:\documents and settings\The Shah Family\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-12-15 23:35 . 2009-12-15 23:35 -------- d-----w- c:\program files\Microsoft WSE
2009-12-04 03:18 . 2008-05-23 23:14 -------- d-----w- c:\program files\AVG
2009-12-04 00:57 . 2008-05-19 07:06 -------- d-----w- c:\program files\Microsoft Works
2009-11-30 03:52 . 2008-12-10 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-13 02:50 . 2008-05-23 22:26 16890 ----a-w- c:\documents and settings\The Shah Family\Application Data\wklnhst.dat
2009-10-29 05:38 . 2004-08-10 17:51 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 17:06 . 2009-06-23 17:05 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-21 05:38 . 2004-08-10 17:51 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 17:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-10 17:51 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-10 17:51 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-10 17:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-12-01 04:08 . 2009-12-01 04:08 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-03 00:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"cdloader"="c:\documents and settings\The Shah Family\Application Data\mjusbsp\cdloader2.exe" [2008-08-22 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-30 8491008]
"nwiz"="nwiz.exe" [2008-03-30 1626112]
"NVHotkey"="nvHotkey.dll" [2008-03-30 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-30 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-05 185896]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-28 520024]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-01 30192]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-13 2033432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\The Shah Family\Start Menu\Programs\Startup\
Picaboo.lnk - c:\program files\Picaboo\Picaboo\PicabooMain.exe [2008-2-28 577536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-5-19 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-19 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-04 03:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\The Shah Family\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ActiveState Komodo Edit 5\\lib\\mozilla\\komodo.exe"=
"c:\\Python30\\pythonw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/24/2009 11:05 AM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 5:14 PM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 5:14 PM 360584]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 11:51 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 10:18 PM 108289]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/3/2009 9:18 PM 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 1:06 PM 1028432]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/10/2008 7:53 PM 24652]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/19/2008 1:01 AM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-12-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 17:05]

2009-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-12-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-04-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\The Shah Family\Application Data\Mozilla\Firefox\Profiles\zcp7ias8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\The Shah Family\Application Data\Mozilla\Firefox\Profiles\zcp7ias8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox 3.5 Beta 4\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\The Shah Family\Desktop\DO NOT DELETE\Real Player\Netscape6\nppl3260.dll
FF - plugin: c:\documents and settings\The Shah Family\Desktop\DO NOT DELETE\Real Player\Netscape6\nprjplug.dll
FF - plugin: c:\documents and settings\The Shah Family\Desktop\DO NOT DELETE\Real Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Aim6 - (no file)
HKCU-Run-wiujrqwb - c:\documents and settings\The Shah Family\Local Settings\Application Data\cbeclt\rytksysguard.exe
HKLM-Run-wiujrqwb - c:\documents and settings\The Shah Family\Local Settings\Application Data\cbeclt\rytksysguard.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 15:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-12-29 15:30:09
ComboFix-quarantined-files.txt 2009-12-29 21:29

Pre-Run: 58,856,235,008 bytes free
Post-Run: 59,710,201,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 733176488D7C5FA07C24B43830957198

Download SuperAntiSpyware

• Load SuperAntiSpyware and click the Check for updates button.
  
• Once the update is finished click the Scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.
  

It found 14 adware items.

The log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/29/2009 at 07:17 PM

Application Version : 4.32.1000

Core Rules Database Version : 4422
Trace Rules Database Version: 2248

Scan type : Complete Scan
Total Scan Time : 01:04:46

Memory items scanned : 622
Memory threats detected : 0
Registry items scanned : 7156
Registry threats detected : 0
File items scanned : 33523
File threats detected : 14

Adware.Tracking Cookie
C:\Documents and Settings\The Shah Family\Cookies\the shah family@clicksor[2].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@ad2.doublepimp[2].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@myroitracking[1].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@tacoda[1].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@insightexpressai[2].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@cdn.at.atwola[1].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@at.atwola[2].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@chitika[1].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@rts.pgmediaserve[1].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@atwola[1].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@html[1].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@ero-advertising[1].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@ads.adgoto[2].txt
C:\Documents and Settings\The Shah Family\Cookies\the shah family@xxxbunker[2].txt

Please download Malwarebytes Anti-Malware from here.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Here it is:

Malwarebytes' Anti-Malware 1.42
Database version: 3453
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/29/2009 10:41:34 PM
mbam-log-2009-12-29 (22-41-34).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 239264
Time elapsed: 1 hour(s), 11 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please perform a scan with Kaspersky Online Virus Scanner.
alternate link for scan

• Before starting your scan, disable antivirus or antispyware software.
  
• Read the "Advantages - Requirements and Limitations" then press the ACCEPT... button.
  
• You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  
• When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the SETTINGS... button.
  
• Make sure these boxes are checked. By default, they should be. If not, please check them and click on the SAVE... button afterwards:
  
  
  
  • Detect malicious programs of the following categories:
    Viruses, Worms, Trojan Horses, Rootkits
    Spyware, Adware, Dialers and other potentially dangerous programs
    
  • Scan compound files (doesn't apply to the File scan area):
    Archives
    Mail databases:
    
  
  
• Click on My Computer under the Scan section. OK any warnings from your protection programs.
  
• The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  
• Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  
• Click on Save Report As... and change the Files of type to Text file (.txt)
  
• Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  
• Copy and paste the contents of that file in your next reply.
  

*Note: This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools. Some online scanners will detect existing anti-virus software and they may interfere or stop the scan. If that occurs, disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 30, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 30, 2009 17:07:12
Records in database: 3416944
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 105247
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:52:22

No threats found. Scanned area is clean.

Selected area has been scanned.

I restarted my comp and no virus showed up. is it possible one of the programs removed it?

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.43
Database version: 3460
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/30/2009 11:31:09 PM
mbam-log-2009-12-30 (23-31-09).txt

Scan type: Quick Scan
Objects scanned: 126667
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware Free Edition
Adobe Flash Player 10
Adobe Reader 8.1.6
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?