jcarr

how to get rid of this malware permanetly? this computer is ungodly slow! Attach.txt DDS.txt

think there is still a problem but with iexplore... ie8 locks up alot lately and i have 2 iexplore running

nope think im good now thx alot

ok so there no dangerous items left? ill just have it ignore it then

when i started mbam it said dda error mbam_log_2010_07_06__00_55_49_.txt

mbam found it again

ok now today the fix worked i did it now im going to restart my cpu and see if mbam find it again

still not gettin it this is the text i have in Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.scr] @="scrfile" [HKEY_CLASSES_ROOT\.scr\OpenWithList] [HKEY_CLASSES_ROOT\.scr\OpenWithList\devenv.exe] @="" [HKEY_CLASSES_ROOT\scrfile] @="Screen Saver" [HKEY_CLASSES_ROOT\scrfile\shell] [HKEY_CLASSES_ROOT\scrfile\shell\config] @="C&onfigure" [HKEY_CLASSES_ROOT\scrfile\shell\config\command] @="\"%1\"" [HKEY_CLASSES_ROOT\scrfile\shell\install] @="&Install" [HKEY_CLASSES_ROOT\scrfile\shell\install\command] @="rundll32.exe desk.cpl,InstallScreenSaver %l" [HKEY_CLASSES_ROOT\scrfile\shell\open] @="T&est" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" /S" [HKEY_CLASSES_ROOT\scrfile\shellex] [HKEY_CLASSES_ROOT\scrfile\shellex\DropHandler] @="{86C86720-42A0-1069-A2E8-08002B30309D}" [HKEY_CLASSES_ROOT\.txt] @="txtfile" "PerceivedType"="text" "Content Type"="text/plain" [HKEY_CLASSES_ROOT\.txt\PersistentHandler] @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_CLASSES_ROOT\.txt\ShellNew] "NullFile"="" [HKEY_CLASSES_ROOT\txtfile] @="Text Document" "FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\ 00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,\ 32,00,5c,00,6e,00,6f,00,74,00,65,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,\ 00,2c,00,2d,00,34,00,36,00,39,00,00,00 "EditFlags"=dword:00010000 "BrowserFlags"=dword:00000008 [HKEY_CLASSES_ROOT\txtfile\DefaultIcon] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\ 65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,35,\ 00,32,00,00,00 [HKEY_CLASSES_ROOT\txtfile\shell] @="open" [HKEY_CLASSES_ROOT\txtfile\shell\open] [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\ 54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\ 00 [HKEY_CLASSES_ROOT\txtfile\shell\print] [HKEY_CLASSES_ROOT\txtfile\shell\print\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\ 54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\ 00,25,00,31,00,00,00 [HKEY_CLASSES_ROOT\txtfile\shell\printto] [HKEY_CLASSES_ROOT\txtfile\shell\printto\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,6f,00,\ 74,00,65,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,00,20,00,2f,00,70,00,74,\ 00,20,00,22,00,25,00,31,00,22,00,20,00,22,00,25,00,32,00,22,00,20,00,22,00,\ 25,00,33,00,22,00,20,00,22,00,25,00,34,00,22,00,00,00 where does REDEDIT4 come in?

k i backed it up and copied the quote into the notepad but when i open it, it dosent give me a prompt

i havent messed with that

i do notice quite of few lag spikes and ie8 dosent respond alot

i dont think theres a real noticable difference?? when i first got it it ate up my cpu then i got rid of the big problem but it still says that there a registry error. system mechanic says there are 2 dll errors but it never repairs it? i dont think im in any danger but it would be nice to get rid of the remnants of the virus

just did mbam found the 2 registry errors again mbam_log_2010_06_26__16_31_40_.txt

k i restarted and it booted up alot faster than before and i updated java and firefox

Scanning Report Saturday, June 26, 2010 23:47:12 - 01:08:37 Computer name: OWNER-3920829 Scanning type: Scan system for malware, spyware and rootkits Target: C:\ -------------------------------------------------------------------------------- No malware found -------------------------------------------------------------------------------- Statistics Scanned: Files: 53089 System: 3367 Not scanned: 11 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\2676 C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\2932 C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\CHECKPOINT\ZONEALARM FORCEFIELD\SITES -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics -------------------------------------------------------------------------------- Copyright