JeanInMontana

Ummm there is nothing to show your machine is clean. You have not followed instructions, and there is a real good chance you still have malware.

I would love a purple combo RRP-MBAM....that is a cool way to get them both into a signature.

Since this topic has been resolved it will now be closed. Many thanks Tigger your assistance is greatly appreciated. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

It is a powerful diagnostic tool and sUBs is the author. Do you still have the SDfix on your system? If so delete it and all files on C:/ and try to run CF again.

Well I had somehow put the wrong date in my profile at COU, so Tim is not to blame. He posted what is says over there. Or did say.

Wow thanks everyone. B-day is the 6th.

Cool thanks a bunch.

Looking good Paul. One request some purple? Please. My site is purple...I'm into the powah color.

Strep is not a virus. I do know that.

Your welcome. We have decided to use this tool next to go after the two hidden files. 1. Download this file : http://download.bleepingcomputer.com/sUBs/combofix.exe Or from here: http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Normally I wouldn't enter into a log thread. But as this appears not to be malware related I will offer this: Click on the sign up now link on the page you posted a link for.

Many thanks for your help with this screen317. Since this topic has been resolved it will now be closed.. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

5 Days no response, I will close this topic to prevent others from posting into it.

Good answer ... I was thinking infection still present, and it could be.

Wow Paul, hope your on antibiotics. Buttons & bars would be awesome for RRPro too. (hint...hint)

Hi Hastur, we have uncovered more malware. I'm getting advice from a MSMVP as to best next step. I will post soon with action plan.

Looks really good. Clean, simple and covers it all. It should stop all the questions I get about where *stuff* is. I agree with Tarun, and njustice (in other thread) match up the whole shabang.

You still have the key gen in sent folders Personal Folders\Sent Items\Re: yo\embrace.rar[keygen.exe] delete it please, and any other instances of it. Also uninstall the program it generates a key for. This is illegal and probably where you got infected. Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow"> SDFix.exe * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum. Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

Hi Aceman02 and welcome to Malwarebytes. We can't do much for you unless you are able to follow the directions here http://www.malwarebytes.org/forums/index.php?showforum=7 for prepost of HJT logs, and then follow up with all advice and instructions on the machine or have the owner do this. We would be happy to give our best help with the information requested.

There is no way of knowing with what your posting if the system is actually clean. Yes that dll was part of the infection. You need to follow instructions. The Smitfraud log is essential. Another Panda log would be good also. O2 - BHO: (no name) - {F7973DF6-1D2D-4FB4-A3F2-D9326DD66947} - C:\WINDOWS\system32\asycfilta.dll (file missing) <====== remove that line with HJT.

Hi emarquar and welcome to Malwarebytes. Please follow all the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 .

You need to post the log from SmitFraud fix also. If your still getting the alert your still infected. Run HJT again and put a check next to these items below: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {F7973DF6-1D2D-4FB4-A3F2-D9326DD66947} - C:\WINDOWS\system32\asycfilta.dll O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background Press fix and exit HJT. Please post the SmitFraud log and a new HJT after reboot. Also please run another Panda scan and post that log.

Safe to bet it will be over 3X 500 by the anniversary of the 500 mark.

Due to no reply I will close this topic to prevent others from posting into it.

This is the second time I have had to close a topic with this machine because the fixes were not followed in a timely manner. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.