  1. Malwarebytes' Anti-Malware 1.10 Database version: 594 Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 141451 Time elapsed: 53 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 7 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: E:\WINDOWS\kiasys.dll (Trojan.FakeAlert) -> Unloaded module successfully. Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{547f4e57-9025-403b-b619-073854a60da1} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{547f4e57-9025-403b-b619-073854a60da1} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547f4e57-9025-403b-b619-073854a60da1} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\kiasys.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: E:\WINDOWS\kiasys.dll (Trojan.FakeAlert) -> Delete on reboot. OTScanIt.Txt
  2. Hey thanks for all you help...the problem is gone. Did you need me to still post those logs. They dont seem to want to post right
  3. Hey!!! My name is Felicia. I have been trying to remove this Zlob thingy off my computer for almost two days now!!! I would tell you all the things I have tried to do to remove this **CRAP** from my computer but I wont waste my time. Any help whatsoever is very much appreciated!!! Exact error message [i have been lucky enough to not get any of the balloons and junk im am reading about in other forums]: Anywho I went to the live chat thing and had the pleasure of speaking to Jeff!!! He directed me to run the Highjackthis and post it thingy and **here i be**!!! This is the log file!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:32:09 PM, on 4/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe E:\WINDOWS\system32\bgsvcgen.exe E:\WINDOWS\eHome\ehRecvr.exe E:\WINDOWS\eHome\ehSched.exe E:\Program Files\Common Files\Motive\McciCMService.exe E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe e:\program files\common files\mcafee\mna\mcnasvc.exe e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe E:\Program Files\McAfee\MPF\MPFSrv.exe E:\Program Files\McAfee\MSK\MskSrver.exe E:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe E:\Program Files\SiteAdvisor\6253\SAService.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Viewpoint\Common\ViewpointService.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\dllhost.exe E:\WINDOWS\Explorer.EXE e:\PROGRA~1\\agent\mcagent.exe E:\Program Files\AIM\AIM Pro\aimpro.exe E:\Program Files\SiteAdvisor\6253\SiteAdv.exe E:\PROGRA~1\Grisoft\AVG7\avgcc.exe E:\Program Files\uTorrent\uTorrent.exe E:\Program Files\AIM6\aim6.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Microsoft ActiveSync\wcescomm.exe E:\Program Files\Common Files\AOL\Loader\aolload.exe E:\PROGRA~1\MI3AA1~1\rapimgr.exe E:\PROGRA~1\Grisoft\AVG7\avgwb.dat E:\Program Files\AIM6\aolsoftware.exe E:\WINDOWS\system32\wuauclt.exe E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe E:\PROGRA~1\Mozilla Firefox\firefox.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = F2 - REG:system.ini: Shell= O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - E:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - E:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - e:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Media Codec - {547F4E57-9025-403B-B619-073854A60DA1} - E:\WINDOWS\kiasys.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan\scriptsn.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - E:\Program Files\SiteAdvisor\6253\SiteAdv.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - E:\Program Files\StumbleUpon\StumbleUponIEBar.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [AIMPro] "E:\Program Files\AIM\AIM Pro\aimpro.exe" O4 - HKLM\..\Run: [siteAdvisor] E:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [mcagent_exe] E:\Program Files\\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [uTorrent] "E:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: IMVU.lnk = E:\Program Files\IMVU\IMVUClient.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - E:\Documents and Settings\Travis Hawkins\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - O17 - HKLM\System\CCS\Services\Tcpip\..\{CB35F58F-5FF3-4BD1-9B80-1C320903E012}: NameServer = O17 - HKLM\System\CCS\Services\Tcpip\..\{D9E8DF6F-4F31-4049-8AD0-002637E382CD}: NameServer = O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: McAfee Application Installer Cleanup (0224891207431470) (0224891207431470mcinstcleanup) - McAfee, Inc. - E:\WINDOWS\TEMP22489~1.EXE O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - E:\WINDOWS\system32\bgsvcgen.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: McciCMService - Motive Communications, Inc. - E:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SiteAdvisor Service - Unknown owner - E:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8273 bytes Thanks again for all your help **Muah** Felicia *Prettiful2u*