[Help please removing Trojan.Ransom and PUM.UserWLoad]

Results from SecurityCheck: -

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Ad-Aware

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 35

Java 7 Update 9

Adobe Flash Player 11.5.502.146

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox (18.0)

Google Chrome 23.0.1271.97

Google Chrome 24.0.1312.52

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 10%

````````````````````End of Log``````````````````````

[Help please removing Trojan.Ransom and PUM.UserWLoad]

Btw, not able to download SecurityCheck anywhere, both links appear down.

[Help please removing Trojan.Ransom and PUM.UserWLoad]

Report from AdwCleaner below.

Out of interest is there an Anti-virus program you would reommend?

# AdwCleaner v2.105 - Logfile created 01/12/2013 at 14:29:31

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Stefano - DESKTOP-PC

# Boot Mode : Normal

# Running from : C:\Users\Stefano\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\adawaretb

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9kfandni.default\adawaretb

Folder Deleted : C:\Users\Stefano\AppData\LocalLow\adawaretb

Folder Deleted : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\lgezo4y0.default\adawaretb

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\lgezo4y0.default\prefs.js

[OK] File is clean.

File : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\q04911ig.default-1344796287983\prefs.js

[OK] File is clean.

File : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9kfandni.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Stefano\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2471 octets] - [12/01/2013 13:45:11]

AdwCleaner[s1].txt - [2432 octets] - [12/01/2013 14:29:31]

########## EOF - C:\AdwCleaner[s1].txt - [2492 octets] ##########

[Help please removing Trojan.Ransom and PUM.UserWLoad]

Amazing help here guys, thank you

Log attached as requested.

AdwCleanerR1.txt

[Help please removing Trojan.Ransom and PUM.UserWLoad]

Just run combofix, log attacheded. Thank you for your help.

combo-fix-log.txt

[Help please removing Trojan.Ransom and PUM.UserWLoad]

That sorted it, thank you MrCharlie.

Logs attached.

Just rescanned after reboot nothing found with with either Anti-Rootkit or standard Malwarebytes.

Thank you for the help.

mbar-log-2013-01-11 (05-06-19).txt

system-log.txt

[Help please removing Trojan.Ransom and PUM.UserWLoad]

Forgot to say, Malwarebytes fails to remove them, even in safemode.

[Help please removing Trojan.Ransom and PUM.UserWLoad]

Frist of all I'd like to say what a great forum you guys have, lots of great info.

Picked up a virus today.

Malwarebytes recognises them as Trojan.Ransom and PUM.UserWLoad

Found this thread http://forums.malwarebytes.org/index.php?showtopic=118394&st=0

I've run RogueKiller.exe.

Log attached, really not sure what to do next.

Thank you in advnance for any help given

RKreport1_S_01102013_02d2006.txt