Win32.Zafi.B Help Please

I keep receiving a "windows firewall has blocked some features of this program" alert telling me "Windows Firewall has detected unauthorized activity, but unfortunately it cannot help you to remove viruses, keyloggers and other spyware threats that seal your personal information from your computer. "Click here to pick recommended software" Name:Win32.Zafi.B; Risk Level: High; Description: This Trojan has a keyboard logging function, which is intended tpo steal information from users of a range of online payment systems."
My choices are to "click here" or chose a button titled "Protect" that looks officially from Windows. I have not chosen anything except to "x" out of the alert. Interesting enough, I have disabled my windows firewall and now run McAfee Security provided by Comcast Cablevision, my IP. Once the McAfee was installed thru Comcast, I keep receiving upon startup a notice from McAfee telling me that the Win32.Zafi.B has been identified and taken care of. Unfortunately, I do not know how to make sure the worm is completely removed from my system, I keep receiving these alerts. Please help. Thanks.

Please read this topic:

http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/read-this-before-posting-t3821.htm

And post a HijackThis log.

I keep getting a pop-up that says My Windows Firewall has blocked some features of this program. It is a Windows Security Alert. It says Windows Firewall has detected unauthorized actifity, but unfortunately it can no0t help you to remove viruses, keyloggers and other spyware threats that steal your perosnal information from your computer. Click here to pick recommended software. Name @in32.Zafi.B Risk Level High, Description: this trojan has a keyboard logging function, which is intended to steal information from users of a range of online payment systems.

It then has two buttons, one greyed out that is Keep blocking and one that I can choose (which I have not) that says Protect and shows tghe windows shield.

My windows firewall is disabled and I am running McAfee. My McAfee informed me it previously cleaned a trojan, but also can not remove a trojan on the same scan.

Please help me remove this annoying popup. We have not clicked on either available link or button. We continually hit the X button on the top right of the pop-up box. It will go away for about 5 minutes and come back. Thank you!!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:21 PM, on 1/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Users\bestbuy\AppData\Roaming\Google\winck.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bestbuy\Downloads\hijackgpthis.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 2501 bytes

DDS (Ver_09-01-19.01) - NTFSx86
Run by bestbuy at 19:14:11.83 on Sat 01/31/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.894.325 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Users\bestbuy\AppData\Roaming\Google\winck.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Users\bestbuy\Downloads\hijackgpthis.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\bestbuy\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3626
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3626
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3626
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Download Manager Browser Helper Object: {19c8e43b-07b3-49cb-bffc-6777b593e6f8} - c:\progra~1\common~1\fluxdvd\downlo~1\XEBDLH~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [winclock] "c:\users\bestbuy\appdata\roaming\google\winck.exe" 2
uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [BigFix] "c:\program files\bigfix\bigfix.exe" /atstartup
mRun: [HPAIO_PrintFolderMgr] c:\windows\system32\spool\drivers\w32x86\hpoopm07.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Skytel] "c:\windows\Skytel.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CinemaNowMediaManagerApp]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\bestbuy\appdata\roaming\micros~1\windows\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\users\bestbuy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\bestbuy\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: DfLogon - LogonDll.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bestbuy\appdata\roaming\mozilla\firefox\profiles\of5ofddf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Comcast Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://errorpage.comcast.net/?cat=Web&con=dc&safe=on&q=
FF - plugin: c:\program files\common files\fluxdvd\apix\NPAPIX.dll
FF - plugin: c:\program files\common files\fluxdvd\browserintegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npCinemaNowPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMPDRM.dll

============= SERVICES / DRIVERS ===============

S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-01-31 13:39 97,800 a------- c:\windows\system32\infocardapi.dll
2009-01-31 13:39 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-01-31 13:39 622,080 a------- c:\windows\system32\icardagt.exe
2009-01-31 13:39 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-01-31 13:39 11,264 a------- c:\windows\system32\icardres.dll
2009-01-31 13:39 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-01-31 13:39 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-01-31 13:39 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-01-31 13:25 96,760 a------- c:\windows\system32\dfshim.dll
2009-01-31 13:25 282,112 a------- c:\windows\system32\mscoree.dll
2009-01-31 13:25 41,984 a------- c:\windows\system32\netfxperf.dll
2009-01-31 13:24 158,720 a------- c:\windows\system32\mscorier.dll
2009-01-31 13:24 83,968 a------- c:\windows\system32\mscories.dll
2009-01-31 13:04 --d----- c:\users\bestbuy\.SunDownloadManager
2009-01-31 09:14 --d----- c:\windows\system32\Adobe
2009-01-24 10:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-24 09:37 --d----- c:\program files\eFax
2009-01-24 09:29 --d----- c:\users\bestbuy\appdata\roaming\McAfee
2009-01-13 18:15 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-11 11:54 --d----- c:\program files\common files\Wise Installation Wizard
2009-01-11 11:49 --d----- c:\users\bestbuy\appdata\roaming\Sammsoft
2009-01-11 11:49 --d----- c:\program files\Advanced Registry Optimizer
2009-01-10 11:06 13,249 a------- c:\windows\system32\Config.MPF
2009-01-10 11:05 143,360 a------- c:\windows\system32\dunzip32.dll
2009-01-10 11:02 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-01-10 11:02 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-01-10 11:02 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-01-10 11:02 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-01-10 11:02 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-01-10 11:02 125,728 a------- c:\windows\system32\drivers\Mpfp.sys
2009-01-10 11:02 --d----- c:\program files\McAfee.com
2009-01-10 11:02 --d----- c:\program files\common files\McAfee
2009-01-10 11:01 --d----- c:\program files\McAfee
2009-01-09 08:01 --d----- c:\users\bestbuy\appdata\roaming\Southwest Airlines

==================== Find3M ====================

2009-01-11 19:45 31 a------- c:\users\bestbuy\jagex_runescape_preferences.dat
2009-01-09 08:02 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-09 08:02 86,016 a------- c:\windows\inf\infstor.dat
2009-01-09 08:02 51,200 a------- c:\windows\inf\infpub.dat
2008-12-30 22:24 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-08-01 04:29 60,744 a------- c:\users\bestbuy\g2mdlhlpx.exe
2008-06-24 12:39 174 a--sh--- c:\program files\desktop.ini
2008-06-24 12:16 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-04 12:42 144 a------- c:\users\bestbuy\appdata\roaming\wklnhst.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:14:58.54 ===============

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\users\bestbuy\appdata\roaming\google\*.*
  
  :reg
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "winclock"=-
  
  :commands
  [purity]
  [emptytemp]
  [reboot]
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
c:\users\bestbuy\appdata\roaming\google\winck.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winclock deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\bestbuy\AppData\Local\Temp\IDC2.tmp\installer.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\bestbuy\AppData\Local\Temp\etilqs_WgH7QZlkG617Y3oCU2mV scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\bestbuy\AppData\Local\Mozilla\Firefox\Profiles\of5ofddf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\bestbuy\AppData\Local\Mozilla\Firefox\Profiles\of5ofddf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\bestbuy\AppData\Local\Mozilla\Firefox\Profiles\of5ofddf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\bestbuy\AppData\Local\Mozilla\Firefox\Profiles\of5ofddf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\bestbuy\AppData\Local\Mozilla\Firefox\Profiles\of5ofddf.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\bestbuy\AppData\Local\Mozilla\Firefox\Profiles\of5ofddf.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02012009_113319

Hello.
How is the machine now?

The first few minutes are good; I will contact you soon with further update. Thank you.

I see you have Adobe Reader version 8 installed on this machine, this is old and has holes malware can use to abuse to re-infect you, so we need to close these holes.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• Adobe Reader 8
  

Then download and install version 9 from here:
http://get.adobe.com/uk/reader/

Thank you - my problem is solved!!
Also, thank you for noticing that the upgrade I attempted per your previous instructions did not work. I have successfully upgraded to version 9.
You guys are the BEST!!!!!

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.