Sicilian

Results from SecurityCheck: - Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 35 Java 7 Update 9 Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (18.0) Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.52 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 10% ````````````````````End of Log``````````````````````

Btw, not able to download SecurityCheck anywhere, both links appear down.

Report from AdwCleaner below. Out of interest is there an Anti-virus program you would reommend? # AdwCleaner v2.105 - Logfile created 01/12/2013 at 14:29:31 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Stefano - DESKTOP-PC # Boot Mode : Normal # Running from : C:\Users\Stefano\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\adawaretb Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9kfandni.default\adawaretb Folder Deleted : C:\Users\Stefano\AppData\LocalLow\adawaretb Folder Deleted : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\lgezo4y0.default\adawaretb ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\lgezo4y0.default\prefs.js [OK] File is clean. File : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\q04911ig.default-1344796287983\prefs.js [OK] File is clean. File : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9kfandni.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.52 File : C:\Users\Stefano\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2471 octets] - [12/01/2013 13:45:11] AdwCleaner[s1].txt - [2432 octets] - [12/01/2013 14:29:31] ########## EOF - C:\AdwCleaner[s1].txt - [2492 octets] ##########

Amazing help here guys, thank you Log attached as requested. AdwCleanerR1.txt

Just run combofix, log attacheded. Thank you for your help. combo-fix-log.txt

That sorted it, thank you MrCharlie. Logs attached. Just rescanned after reboot nothing found with with either Anti-Rootkit or standard Malwarebytes. Thank you for the help. mbar-log-2013-01-11 (05-06-19).txt system-log.txt

Forgot to say, Malwarebytes fails to remove them, even in safemode.

Frist of all I'd like to say what a great forum you guys have, lots of great info. Picked up a virus today. Malwarebytes recognises them as Trojan.Ransom and PUM.UserWLoad Found this thread http://forums.malwarebytes.org/index.php?showtopic=118394&st=0 I've run RogueKiller.exe. Log attached, really not sure what to do next. Thank you in advnance for any help given RKreport1_S_01102013_02d2006.txt