Malware - "Antivirus Soft"

Hello - similar to other posters, my computer has also been infected with a malware/virus of some kind that is causing millions of Security Warnings to pop up with the message "Security Warning  -  Application cannot be executed. The file .....exe is infected. Do you want to activate your antivirus software now?"   When "Yes" is clicked, it directs to window that wants you to download Anitvirus Soft... I realize that this is not a legit program.

Some information to start:

I have an active version of AVG Free 8.5 installed.

I have tried to go through the steps in the main post titled "Read this before requesting malware removal help" however, I am unable to complete any of the steps, because every time I try to open a program, uninstall a program, or run an application, the virus blocks it and the Security Warning pops up.  In example:

Step 1:  Uninstall programs - I tried to uninstall a few suspicious programs but it was unsuccessful... a message popped up that said "you do not have sufficient access to remove *** from the Programs and Features list.  Please contact your systems administrator."  However this is a personal computer used at home with only User set-up (thus the administrator control should be on this User account).  Here are some programs that might be iffy (?):
Hotbar
Seekdns 1.0 build 133
ShopperReports
Viewpoint Media Player

Step 2:  I tried to run CCleaner, but it wouldn't run, and yes, tried to rename it to CCleaner2 but that didn't work either.

Step 3:  I downloaded SUPERantispyware and tried to run the application, but it wouldn't run.  Also tried renaming it, which didn't work.

I gave up on the Steps after that. 

Your support and advice as to what steps to take from here would be greatly appreciated!   
(These constant pop-up security warnings are driving me batty!!   

[Malware Removal Specialist]

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Hi Jay... thanks for your reply; however, I have two problems with using ComboFix:

A) it suggests disabling my antivirus before starting (I have AVG 8.5), however I can't do this because when I try to open the AVG User Interface, the virus seems to "block" it from opening and shuts it down immediately, and another one of those blasted Security Warnings comes up.

B) I can't open anything!  Which includes things that I download... which means I was able to download ComboFix and save it to the desktop, but when I double click on the icon, nothing happens, OR it flashes up, but then immediately is "shut down" by the virus.

Any further suggestions?   Or am I too far gone?  I think my computer is still under warranty at Future Shop... should I take it there?

Thanks in advance!

[Malware Removal Specialist]

Don't worry about disabling the AV if it will not..

Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to blackpudding.bat


Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /stepdel

See if ComboFix will run now.

Hi again... I was finally able to run ComboFix in Safe Mode and using the instructions you suggested.
I'm now back in normal mode and the pop up Security Warnings have gone away. 

Below is the log from this Fix... please let me know if there's anything else I still need to do.  Thanks so much for your help!



ComboFix 10-02-03.04 - Jeremy 03/02/2010  17:21:33.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.2.1033.18.3061.2631 [GMT -5:00]
Running from: C:\Users\Jeremy\Desktop\blackpudding.bat.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-3463882276-1615482989-678483651-500
C:\$RECYCLE.BIN\S-1-5-21-867918287-2053444252-730651380-500
C:\Program Files\Seekdns
C:\Program Files\Seekdns\seekdns.exe
C:\Program Files\Seekdns\uninstall.exe
C:\ProgramData\Seekdns
C:\ProgramData\Seekdns\seekdns133.exe
C:\Users\Jeremy\AppData\Local\uuwebe
C:\Users\Jeremy\AppData\Local\uuwebe\iyqgsftav.exe
C:\Windows\system32\KBL.LOG

[Malware Removal Specialist]

Go ahead and run it again, please.

As requested:

ComboFix 10-02-03.04 - Jeremy 03/02/2010  23:58:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.2.1033.18.3061.1056 [GMT -5:00]
Running from: c:\users\Jeremy\Desktop\blackpudding.bat.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-3463882276-1615482989-678483651-500
c:\$recycle.bin\S-1-5-21-867918287-2053444252-730651380-500
c:\program files\Seekdns
c:\program files\Seekdns\seekdns.exe
c:\program files\Seekdns\uninstall.exe
c:\programdata\Seekdns
c:\programdata\Seekdns\seekdns133.exe
c:\users\Jeremy\AppData\Local\uuwebe
c:\users\Jeremy\AppData\Local\uuwebe\iyqgsftav.exe
c:\windows\system32\KBL.LOG

.
(((((((((((((((((((((((((   Files Created from 2010-01-04 to 2010-02-04  )))))))))))))))))))))))))))))))
.

2010-02-04 05:07 . 2010-02-04 05:07   --------   d-----w-   c:\users\Jeremy\AppData\Local\temp
2010-02-04 05:07 . 2010-02-04 05:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-02-03 22:12 . 2010-02-03 22:27   --------   d-----w-   C:\blackpudding.bat
2010-02-03 20:04 . 2010-02-03 20:04   680   ----a-w-   c:\users\Jeremy\AppData\Local\d3d9caps.dat
2010-02-03 18:58 . 2010-02-03 18:58   2127   ----a-w-   c:\users\Jeremy\AppData\Local\syssvc.exe
2010-02-03 04:32 . 2010-02-03 04:32   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-03 03:34 . 2010-02-03 03:34   --------   d-----w-   c:\users\Jeremy\AppData\Roaming\AVG8
2010-01-27 15:48 . 2010-01-27 15:49   --------   d-----w-   c:\users\Jeremy\AppData\Roaming\PrimoPDF
2010-01-27 15:47 . 2010-01-27 15:47   --------   d-----w-   c:\program files\Nitro PDF
2010-01-27 15:47 . 2009-07-31 01:44   176235   ----a-w-   c:\windows\system32\Primomonnt.dll
2010-01-16 03:46 . 2009-10-19 14:27   156672   ----a-w-   c:\windows\system32\t2embed.dll
2010-01-16 03:46 . 2009-10-19 14:24   72704   ----a-w-   c:\windows\system32\fontsub.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 22:38 . 2008-02-22 10:32   672380   ----a-w-   c:\windows\system32\perfh00C.dat
2010-02-03 22:38 . 2008-02-22 10:32   127578   ----a-w-   c:\windows\system32\perfc00C.dat
2010-02-03 20:04 . 2008-09-07 02:39   77400   ----a-w-   c:\users\Jeremy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-03 04:08 . 2008-09-07 00:22   --------   d-----w-   c:\program files\CCleaner
2010-02-01 03:22 . 2008-09-07 00:10   --------   d-----w-   c:\program files\Winamp Remote
2010-01-20 18:33 . 2008-09-06 23:45   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-16 08:02 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-01-14 16:12 . 2009-10-05 02:00   181120   ------w-   c:\windows\system32\MpSigStub.exe
2009-12-18 13:05 . 2010-01-22 16:18   833024   ----a-w-   c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-22 16:18   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-22 16:18   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-12-11 17:20 . 2008-09-07 02:33   --------   d-----w-   c:\programdata\Microsoft Help
2009-11-19 16:48 . 2009-12-02 03:42   872960   ----a-w-   c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\ck86elyo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 16:48 . 2009-12-02 03:42   43008   ----a-w-   c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\ck86elyo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 16:48 . 2009-12-02 03:42   340480   ----a-w-   c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\ck86elyo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 16:48 . 2009-12-02 03:42   346624   ----a-w-   c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\ck86elyo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-09 13:22 . 2009-12-11 17:21   24064   ----a-w-   c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-11 17:21   31232   ----a-w-   c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-11 17:21   411136   ----a-w-   c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01   1230080   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-21 1233920]
"L08AXLRD_802794904"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-21 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [30/11/2008 8:29 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [28/01/2009 8:07 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/09/2009 5:55 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/09/2009 5:55 PM 297752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\User_Feed_Synchronization-{5AB2C966-5803-4839-852A-D9326EAA8366}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\ck86elyo.default\
FF - component: c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\ck86elyo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fupakoic - c:\users\Jeremy\AppData\Local\uuwebe\iyqgsftav.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 00:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-04  00:10:59
ComboFix-quarantined-files.txt  2010-02-04 05:10

Pre-Run: 166,182,215,680 bytes free
Post-Run: 166,126,645,248 bytes free

- - End Of File - - 46E05BA2E19B7B38FAB3CDB59379C1B5

[Malware Removal Specialist]

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



  IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

http://www.getsysteminfo.com/read.php?file=4b5b76e107273d4deb4dfdf832b78a23

Please note:  I wasn't able to click on Settings and follow the instructions therein (uncheck "Scan Ports" etc)... when i tried to click on Settings it said I didn't have administrator status (which is strange because there is only one user on this computer so it is, by default, the administrator).  I went ahead and ran the program anyway... hope that it still works okay.

Thanks again!

[Malware Removal Specialist]

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 Results of screen317's Security Check version 0.99.1    
 Windows Vista Service Pack 1 (UAC is enabled)
 Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 AVG Free 8.5   
 Antivirus up to date! 
``````````````````````````````
Anti-malware/Other Utilities Check:
 CCleaner     
 Java(TM) 6 Update 2 
 Out of date Java installed!
 Adobe Flash Player 10 
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
``````````````````````````````
Process Check: 
objlist.exe by Laurent
 Windows Defender MSASCui.exe 
``````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[Malware Removal Specialist]

Please consider updating to Windows Vista Service Pack 2 (SP2).
Windows Vista Service Pack 2 (SP2) contains all the updates released since SP1 plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update or as a standalone installation here.

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.