Critical System Errors Icon and IE Homepage Hijack

[f3rrollez]

Hi,

I recently went into an adults website when all of a sudden a security alert icon just pops up on the "start" taskbar (next to the time icon). At the same time, my IE was hijacked by some sort of advertisement saying my system has a spyware problem and that I should be buying all their advertised anti-spyware programs, which of course I ignored.

So I ran my TrendMicro program just to scan and possibly get rid of any viruses and spywares. It turned out there were quite a few infected items which I cleared. But the "Critical System Errors" icon (from now on, I'm gonna call it CSE icon) still keeps popping up. So I thought since I haven't updated my TrendMicro for about a month now, it might not have traced those new spywares. Then, I decided to look for a reliable anti-spyware program and therefore bought SpyDoctor.

SpyDoctor identified several spywares and got rid of them. I reboot my machine but the CSE icon still pops up and my IE homepage keeps on being hijacked by the same "www.alliesecurity.com" website. I then downloaded HijackThis and I don't know which of these items are supposed to be removed. Appreciate if someone could help me get rid of this problem. Thank you very much

Fadul

The following is the HijackThis Logfile:

=======================================================
Logfile of HijackThis v1.99.1
Scan saved at 10:14:28 AM, on 12/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sony\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A4E25FB-2833-4024-BFF1-4B2B126EAC52}: NameServer = 202.160.8.2 202.160.8.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D621951-BFB1-4F98-A9F9-C58E01906307}: NameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4EB6222-209F-4D4D-B7DF-F74CAB568AA0}: NameServer = 172.22.254.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A4E25FB-2833-4024-BFF1-4B2B126EAC52}: NameServer = 202.160.8.2 202.160.8.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: benumbment - {af4fd984-a939-4c32-82b2-8bae7abe9aec} - C:\WINDOWS\System32\dbqlrij.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

=======================================================

[f3rrollez]

Hi again,

Sorry its not SpyDoctor... i think u guys all know that its Spyware Doctor.

[Deckard]

Hello f3rrollez, welcome to TSF and thanks for your patience. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Unhide Files
Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK.


Download CleanUp!
Download and install CleanUp! but do not run it yet.

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.


Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.

1. Load AVG Anti-Spyware and then click the Shield tab at the top
   • Click on the word active to change it to inactive.
2. Click the Update tab at the top:
   • Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
   • Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
3. Click the Scanner tab at the top and then the Settings sub-tab:
   • Under How to act?, click Recommended actions and select Quarantine.
   • Under Reports, select Automatically generate report after every scan
4. Close AVG Anti-Spyware. Do not run a scan with it yet.

Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):

O21 - SSODL: benumbment - {af4fd984-a939-4c32-82b2-8bae7abe9aec} - C:\WINDOWS\System32\dbqlrij.dll

Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\System32\dbqlrij.dll

Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:

• Click "Options..."
• Move the arrow down to "Custom CleanUp!"
• Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
  Click OK.
• Press the CleanUp! button to start the program.

Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.


Run AVG Anti-Spyware

• Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
• AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.
  
  
• If Set all elements to is not set to Quarantine (1), please click Recommended Action and choose Quarantine from the popup menu (2).
• At the bottom of the window, click on the Apply all actions button (3).
• When it has finished, click the Save Scan Report button (4), then click Save Report As and save the report it to your desktop.
• Close AVG Anti-Spyware.

Reboot
Reboot your system to Normal Mode.


Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files.
• Once the files have been downloaded, click on NEXT.
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database: extended
  • Scan Options: Scan Archives and Scan Mail Bases
• Click OK
• Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
• Now under select a target to scan, select My Computer
• The program will start and scan your system.
• The scan will take a while so be patient and let it run all the way.
• Once the scan is complete it will display if your system has been infected.
• Click on the Save as Text button and save the file to your desktop.
• Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.


Download Autoruns

• Please download Autoruns and AutoCmd.
• Extract the contents of Autoruns into a new folder.
• Now extract the contents of AutoCmd into the same folder as Autoruns. This is important!
• Double-click on AutoCmd.cmd & select option '1'
• It will produce a log called autoruns_X_Y.txt (where X and Y are the date and time respectively). Please attach the log in your next reply.

Generate An Uninstall List

• Open HijackThis.
• Click on the "Configure" button on the bottom right.
• Click on the tab "Misc Tools".
• Click on the Box that says "Open Uninstall Manager".
• Click on the button "Save list"

Please save a copy and paste the contents with your next reply.


With Your Next Post...
Please paste the following with your next reply (in this order please):

1. AVG Anti-Spyware scan report,
2. Kaspersky scan report,
3. your Autoruns log,
4. your uninstall list, and
5. a new HiJackThis log taken after Kaspersky finishes.

Unpatched OS
IMPORTANT! Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system except Service Pack 2 (SP2). SP2 should only be installed on a fully disinfected system. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

[f3rrollez]

Hi Deckard,

Thankl you very much for your reply. I'm sorry but I managed to remove the problem already so apologies for my impatience there. I thought that I had not had replies coz the problem might have already been discussed by previous members so people would not really be bothered by my problem. (which of course I'm wrong).

I searched for the same problem in the forum and followed the suggestion - I downloaded smitfraud and ran the program in safe mode. It managed to get rid of the problem although I still wasn't sure what to delete from HijackThis. So your reply should help me with that.

Again, I'm very very sorry but do you still want me to do all the things you asked me to?

[Deckard]

No, we're just busy around here and nobody had gotten to your log. I can look over your log again if you want; just post a new HJT log. Otherwise, we'll just call it good and I can give you some links on how you can better protect yourself from here.

Just let me know what you want to do.

[f3rrollez]

I guess I'm fine for now... So again, thank you very much man. Appreciate the help. Anymore problems, will definitely post here...

[Deckard]

Here are some steps you can take to help prevent future infections.

Microsoft Updates
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection.

Please ensure that you have already patched your system against these recent critical exploits:

• WMF exploit: KB912919
• VML exploit: KB925486

Enable Windows Auto Update:

• Go to Start>Run, type WUAUCPL.CPL and press Enter.
• Make sure "Keep my computer up to date" is checked.
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Update Java
You need to update your Java as it is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

1. Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10.
2. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download Windows Offline Installation with or without multi-language and save to your desktop.
7. Close any programs you may have running -- especially your web browser(s).
8. Go to Start→Control Panel double-click on Add/Remove Programs.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Remove or Change/Remove button.
11. Repeat as many times as necessary to remove each version of Java.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version.
14. After the reboot, go back into the Control Panel and double-click the Java icon.
15. Under Temporary Internet Files, click the Delete Files button.
16. There are three options in the window to clear the cache - Leave ALL three checked:
    • Downloaded Applets
    • Downloaded Applications
    • Other Files
17. Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the cache.
18. Click OK to leave the Java Control Panel.

Malware Prevention
This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them.

Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer".

The following is a list of free software we recommend:

Antivirus
AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one.

• AOL Active Virus Shield (powered by Kaspersky Antivirus)
• BitDefender
• Avira PersonalEdition Classic
• Avast!
• AVG

Firewalls
A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use:

• Sygate Personal Firewall
• ZoneAlarm
• Tiny Personal Firewall
• Sunbelt Kerio Personal Firewall
• Outpost Firewall PRO

Realtime Malware Prevention Tools
These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time.

• Spyware Guard
• Spybot Search & Destroy
• AdAware
• WinPatrol - with tutorial

Passive Malware Prevention Tools
These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

• SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
• IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
• MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
• McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.

Alternative Web Browsers
Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

• Firefox
• Opera

Alternative Miscellaneous
Here are some alternatives that are worth looking into if you use their features:

• Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.)
• Miranda-IM - another Instant Messenger client with multiple IM capabilities.
• Desktop Weather - A taskbar weather program that is free and resource light.