This is a summary of events to assist those looking for help with similar problems.
1. On Sat Jan 19/13 I got a ransom ware infection which blanketed my screen with a message from the "police" and demanding a $100 CA fine to release my computer. After briefly reading and determining as ransom ware infection I immediately shutdown my computer and disconnected it from the internet.
2. As my PC is dual boot, I rebooted in the alternate OS to look around. IF you don't have this ability, rebooting in SAFE MODE with Command Line is just as good, and better in some ways.
3. I checked my C:\user\username\ and found a numbered exe file of 62 KB with the 6:47am time mark of the infection. I also found in \appdata\local\temp\ and index.html file and a bunch of PNG icon files which were strange but recognized from the ransom page, like Ukash. I checked the html file in Notepad and it was the "police" ransom file that had popped up, and also had the 6:47am time stamp.
4. I removed these files but subsequent reboots still displayed a blank white image over my desktop. Subsequently found a numbered JPG file in My Pictures and removed it but on boot a white image still blanked the desktop.
5. Found new illegal files in C:\users\username\appdata\temp\ as index.html and SHsetup.exe of 0 bytes.
6. Installed Spyhunter but it only found 2 problems.
7. Created KAspersky REscue USB and booted with it and ran standard scan. Found and deleted 2 exe files, userinit and skydrive.
8. Ran a deep scan with Kaspersky overnight and found root Trojan buried in C:\system volume informaion\_restore[ "long series of numbers" ]/RP1215/A0301421.EXE. Kaspersky labelled this "Trojan.Win32.Yakes.bryt", and appears to be a backdoor rootkit with ability to compromise security software and turn off services.
9. Rebooted in Safe Mode with networking, and ran Spyhunter. It now found 688 malware items on my computer. I deleted all items to be safe after quickly scanning them to see what the issues were. Mostly minor tracking cookies and infected toolbars.
10. Reran Spyhunter and found one more item, "win32cert.dll" and disabled it.
11. Rebooted in KAspersky USB and rescanned. No issues found.
12. Ran RogueKiller in Safe Mode and found 4 issues.
13. Ran ADWCleaner and found a long list of problems, and after review deleted all.
14. Reboot in normal Windows 7 and ran Spyhunter. No issues.
15. Rebooted in Safe Mode and reran RogueKiller and ADWcleaner. No issues.
16. Normal reboot but programs locking and erratic and PC would not shut down, needed forced shutdown.
17. Now Thur. 24th and ran normally and on Fri 26th and Today Sat. Jan 27/13.
18. Downloaded F-Secure Easy Clean and ran for check. No issues found. Ran AVG Rootkit scan. No issues.
19. Rescanned registry and cleaned.
20. DECLARE PC VIRUS AND TROJAN FREE.
In doing further research on the F-Secure website it recommended that this could have been removed by deleting "ctfmon.lnk" in Safe Mode CmdLine in C:\users\name\appdata\roaming\ms\win\startmenu\programs\startup\, rebooting in normal mode and running an F-Secure scan to clean up. Not really sure at this point if this would have worked, but is interesting.