I'm having a problem with Win32.Zafi.B. My computer restarted by itself, I got that warning so I ran a couple anti virus programs, then I came here. I downloaded mbam twice, first time didn't work, but second time it installed but would not run. I uninstalled it, which required me to restart the computer, but when I came back here and tried to download it again to start over, I keep getting a page error. This is the first time I have ever posted anywhere, so if I screw up, please be patient.
Here is the log from Hijakthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:53 PM, on 11/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\system32\cisvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
E:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
E:\Program Files\Microsoft IntelliType Pro\itype.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Users\Administrator\Desktop\hijackgpthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "E:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = E:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: VZAccess Manager.lnk = E:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Startup: ZET 8 Lite
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{215A6436-2777-42D0-A173-FF83B1407207}: NameServer = 66.174.92.14 69.78.96.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{215A6436-2777-42D0-A173-FF83B1407207}: NameServer = 66.174.92.14 69.78.96.14
O20 - AppInit_DLLs: prio.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - E:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - E:\WINDOWS\System32\TuneUpDefragService.exe
Bless You!
Billie
Here is the log from Hijakthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:53 PM, on 11/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\system32\cisvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
E:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
E:\Program Files\Microsoft IntelliType Pro\itype.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Users\Administrator\Desktop\hijackgpthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "E:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = E:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: VZAccess Manager.lnk = E:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Startup: ZET 8 Lite
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{215A6436-2777-42D0-A173-FF83B1407207}: NameServer = 66.174.92.14 69.78.96.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{215A6436-2777-42D0-A173-FF83B1407207}: NameServer = 66.174.92.14 69.78.96.14
O20 - AppInit_DLLs: prio.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - E:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - E:\WINDOWS\System32\TuneUpDefragService.exe
Bless You!
Billie