PCEU Police Central e- Crime Unit

Hi, I found this on my laptop last night which cause the laptop to lock on its scam page ie pay £100 to unlock. I did not pay anything. I spent 6hrs last night and most of the day trying to download various programs and get rid of this virus or trojan. I did inform the Police and they said they are very aware this is happening , but didn't offer any advice. Please hel[code]

Please download Malwarebytes Anti-Malware from http://www.malwarebytes.org/mbam-download-exe.php
Alternate link: http://www.helpmyos.com/h15-mbam-get-encrpyted

(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.
If Malwarebytes fails to download please use the following link:

http://malwarebytes.org/mbam-download-exe-random.php



=============================================


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click PCHelpForum.exe to run it.
  
  You will see the following image:
  
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:





As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.





Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Thank you so much. You fixed it. xxxxxxxxxxxxxx

I will need to see the logs as other malware may still be present.

which logs do you need to see? PChelper log. Let me know what to send

This one ?

mboFix 12-04-14.02 - comet 14/04/2012 16:29:47.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1014.642 [GMT 1:00]
Running from: c:\users\comet\Downloads\PCHelpforum.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Uninstall
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\users\comet\AppData\Roaming\hj8ol0.exe
c:\users\comet\Documents\~WRL0403.tmp
c:\users\comet\Documents\~WRL3923.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\CddbCdda.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 15:46 . 2012-04-14 15:46 -------- d-----w- c:\users\Tim Klesel\AppData\Local\temp
2012-04-14 15:46 . 2012-04-14 15:46 -------- d-----w- c:\users\comet\AppData\Local\temp
2012-04-14 15:46 . 2012-04-14 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 11:24 . 2012-01-19 09:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-12 11:24 . 2012-01-12 08:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-12 11:23 . 2012-04-12 11:23 -------- d-----w- c:\program files\STOPzilla!
2012-04-11 22:46 . 2012-04-12 11:26 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-04-11 19:33 . 2012-04-11 19:33 110080 ----a-r- c:\users\comet\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-04-11 19:33 . 2012-04-11 19:33 110080 ----a-r- c:\users\comet\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-04-11 19:33 . 2012-04-11 19:33 110080 ----a-r- c:\users\comet\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-04-11 19:33 . 2012-04-11 19:33 -------- d-----w- C:\sh4ldr
2012-04-11 19:33 . 2012-04-11 19:33 -------- d-----w- c:\program files\Enigma Software Group
2012-04-11 19:33 . 2012-04-11 19:33 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-11 19:32 . 2012-04-11 19:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-11 02:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8136DF26-7E58-490A-A749-21832C386C3F}\mpengine.dll
2012-04-04 12:13 . 2012-04-04 12:13 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-04 12:13 . 2012-04-04 12:13 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-04 12:13 . 2012-04-04 12:13 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-29 15:36 . 2012-03-29 15:36 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 14:56 . 2010-03-04 23:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 14:28 . 2012-02-24 14:28 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 14:28 . 2012-02-24 14:28 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 13:09 . 2012-02-23 13:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 13:09 . 2012-02-23 13:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 13:09 . 2012-02-23 13:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 13:09 . 2012-02-23 13:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 13:09 . 2012-02-23 13:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 13:09 . 2012-02-23 13:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 13:09 . 2012-02-23 13:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 13:09 . 2012-02-23 13:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 13:09 . 2012-02-23 13:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-23 09:18 . 2009-10-03 01:01 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-09 68856]
"Facebook Update"="c:\users\comet\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-03 137536]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"F-Secure TNB"="c:\program files\TalkTalk\Security\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"F-Secure Manager"="c:\program files\TalkTalk\Security\Common\FSM32.EXE" [2009-08-05 199264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Data Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Data Sync.lnk
backup=c:\windows\pss\Data Sync.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Online plug-in.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
backup=c:\windows\pss\Online plug-in.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 12:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 17:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-03-10 23:21 300400 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberDefender Early Detection Center]
2009-08-24 21:28 542024 ----a-w- c:\users\comet\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdas7d99.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 13:09 136176 ----atw- c:\users\comet\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 19:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-09-19 17:30 66816 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 19:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2007-04-23 10:23 1032640 ----a-w- c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-03-04 15:10 2192672 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 19:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-03-06 18:28 180224 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2008-07-03 09:37 812952 ----a-w- c:\program files\Registry Mechanic\RMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-12 20:03 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 11:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-09 09:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-09-15 02:50 1021224 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 02:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-12 20:16 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1410481895-2479496038-1445679736-1000Core.job
- c:\users\comet\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-03 13:16]
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1410481895-2479496038-1445679736-1000UA.job
- c:\users\comet\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-03 13:16]
.
2012-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-13 08:14]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 22:28]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 22:28]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410481895-2479496038-1445679736-1000Core.job
- c:\users\comet\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-10 13:09]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410481895-2479496038-1445679736-1000UA.job
- c:\users\comet\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-10 13:09]
.
2012-04-14 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\TalkTalk\Security\ANTI-V~1\fsav.exe [2011-06-02 15:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.talktalk.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files\TalkTalk\Security\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{58A42861-3819-4CA9-B4FB-FEAD1ED0382B}: NameServer = 212.74.112.66,212.74.112.67
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-hpqSRMon - (no file)
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-lphc744j0ea28 - c:\windows\system32\lphc744j0ea28.exe
MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-14 16:46
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-14 16:53:27
ComboFix-quarantined-files.txt 2012-04-14 15:53
.
Pre-Run: 1,401,180,160 bytes free
Post-Run: 12,946,407,424 bytes free
.
- - End Of File - - 4B2AEA3F13BB95B24D20E94CD6E0455E

And the Malwarebytes log please.

This was the most recent Log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.04

Windows Vista x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.6000.17037
comet :: SUEKLESEL [administrator]

14/04/2012 14:04:25
mbam-log-2012-04-14 (14-04-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 451563
Time elapsed: 2 hour(s), 14 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Ok.All done.I see no more malware.Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


You can now uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================

Completed . Thank you

Ok.Your good to go....