new win32 take 2

[Bouton_dOr]

Okay so long story short I have the new win32 virus. I am runing in safe mode because I get the infamous blue screen when I try to run normally.

I ran DDS and will post the log, hwever when I tried to add the attachment my web browser started opening and endless amount of new tabs.

Here is the DDS log:


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Ka to tha Lin at 10:42:41.68 on Mon 04/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.165 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\dfttacc.exe
C:\WINDOWS\TEMP\dfttacc.exe
C:\WINDOWS\TEMP\1682616782.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\VRTC.tmp
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\KATOTH~1\LOCALS~1\Temp\2851210532.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\KATOTH~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\YQ0UVJOX\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.toshiba.com/search
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,c:\windows\system32\ntos.exe,
BHO: {1d3ff7bc-47f1-4d3a-94ac-ae4acd50a70e} - c:\windows\system32\pabinula.dll
BHO: c:\windows\system32\kjsdiowq8oikf.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\kjsdiowq8oikf.dll
BHO: : {eb040b8f-4a05-494d-8f43-e6b62c0c81b4} - c:\windows\system32\qzsvlxa.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Aim6]
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>] c:\docume~1\katoth~1\locals~1\temp\q2lvmulk.exe
uRun: [Windows Resurections] c:\docume~1\katoth~1\locals~1\temp\q2lvmulk.exe
uRun: [Diagnostic Manager] c:\docume~1\katoth~1\locals~1\temp\2851210532.exe
uRun: [reader_s] c:\documents and settings\ka to tha lin\reader_s.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [tuposoture] Rundll32.exe "c:\windows\system32\sotofoza.dll",s
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [Radio-TV adverts] c:\windows\temp\rtv_winupd.exe
mRun: [CPM6fcaa5ca] Rundll32.exe "c:\windows\system32\nufeduta.dll",a
dRun: [svc] c:\program files\thunmail\testabd.exe
dRun: [<NO NAME>] c:\windows\temp\dfttacc.exe
dRun: [Windows Resurections] c:\windows\temp\dfttacc.exe
dRun: [Diagnostic Manager] c:\windows\temp\1682616782.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - hxxp://m1.cdn.****online.com/plugins/IDMFlash.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226386517718
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226386503968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: zebybmww - qzsvlxa.dll
AppInit_DLLs: c:\windows\system32\jubetufa.dll c:\windows\system32\rihosife.dll c:\progra~1\thunmail\testabd.dll c:\windows\system32\nufeduta.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nufeduta.dll
STS: c:\windows\system32\kjsdiowq8oikf.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\kjsdiowq8oikf.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\nufeduta.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll
LSA: Notification Packages = scecli c:\windows\system32\jubetufa.dll reWMan.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\katoth~1\applic~1\mozilla\firefox\profiles\mazy8y9i.default\
FF - plugin: c:\documents and settings\ka to tha lin\application data\mozilla\firefox\profiles\mazy8y9i.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\ka to tha lin\application data\mozilla\firefox\profiles\mazy8y9i.default\extensions\seetooaddon@seetoo.com\plugins\npSeeTooAddon.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-4-23 18944]
S1 ethhokpy;ethhokpy;c:\windows\system32\drivers\ethhokpy.sys [2009-4-23 136192]
S1 f058915e;f058915e;c:\windows\system32\drivers\f058915e.sys [2009-4-23 112508]
S2 bbowrmje;1394 Net Support;c:\windows\system32\svchost.exe -k netsvcs [2005-12-28 14336]
S2 dhcpsrv;Dhcp server;c:\windows\dhcp\svchost.exe [2009-4-23 256512]
S2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-12-29 147456]
S2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-12-29 142848]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-24 45132]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-12-29 266240]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2005-12-29 114464]
S3 win32x;win32x;c:\windows\system32\drivers\win32x.sys [2009-4-23 12544]

=============== Created Last 30 ================

2009-04-27 10:02 <DIR> --d----- c:\program files\Trend Micro
2009-04-27 09:44 38 a------- C:\11.tmp
2009-04-27 09:44 0 a------- C:\F.tmp
2009-04-27 09:44 0 a------- C:\E.tmp
2009-04-27 09:44 0 a------- C:\B.tmp
2009-04-27 09:44 0 a------- C:\A.tmp
2009-04-27 09:44 0 a------- C:\8.tmp
2009-04-27 09:44 0 a------- C:\7.tmp
2009-04-27 09:44 0 a------- C:\6.tmp
2009-04-27 09:44 0 a------- C:\5.tmp
2009-04-27 09:44 15,000 a------- c:\windows\system32\kjsdiowq8oikf.dll
2009-04-27 09:44 35,289 a------- C:\4.tmp
2009-04-27 09:44 54,784 a------- C:\3.tmp
2009-04-24 22:08 121 ---sh--- c:\windows\system32\eboropug.ini
2009-04-24 22:08 132,608 -------- c:\windows\system32\VT100.EXE
2009-04-23 13:13 136,192 a------- c:\windows\system32\drivers\ethhokpy.sys
2009-04-23 13:12 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-04-23 13:12 0 a------- c:\windows\system32\21.tmp
2009-04-23 13:12 61,440 a------- c:\windows\system32\20.tmp
2009-04-23 13:12 152,064 a------- c:\windows\system32\1E.tmp
2009-04-23 13:12 124 a------- c:\windows\system32\1D.tmp
2009-04-23 13:11 0 a------- C:\1B.tmp
2009-04-23 13:11 0 a------- C:\1A.tmp
2009-04-23 13:11 0 a------- C:\19.tmp
2009-04-23 13:11 0 a------- C:\18.tmp
2009-04-23 13:11 0 a------- C:\17.tmp
2009-04-23 13:11 0 a------- C:\16.tmp
2009-04-23 13:11 38 a------- C:\15.tmp
2009-04-23 13:11 0 a------- C:\14.tmp
2009-04-23 13:11 0 a------- C:\12.tmp
2009-04-23 13:11 38 a------- C:\10.tmp
2009-04-23 13:11 54,784 a------- C:\D.tmp
2009-04-23 13:11 21,504 a------- C:\9.tmp
2009-04-23 13:08 211,456 a------- c:\windows\system32\w.exe
2009-04-23 13:08 174,592 a------- c:\windows\system32\sopidkc.exe
2009-04-23 13:08 211,456 a------- c:\windows\system32\tpszxyd.sys
2009-04-23 13:08 36,864 a------- c:\windows\system32\dpcxool64.sys
2009-04-23 13:08 8 a------- c:\windows\system32\comsa32.sys
2009-04-23 13:08 182,912 ac------ c:\windows\system32\dllcache\ndis.sys
2009-04-23 13:08 <DIR> --d----- c:\windows\system32\3361
2009-04-23 13:08 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-23 13:08 <DIR> --d----- c:\windows\dhcp
2009-04-23 13:07 44 a------- c:\windows\system32\p2hhr.bat
2009-04-23 13:07 0 a------- c:\windows\mqcd.dbt
2009-04-23 13:07 <DIR> --dshr-- c:\program files\ThunMail
2009-04-23 13:06 55,296 a------- c:\documents and settings\ka to tha lin\reader_s.exe
2009-04-23 13:05 15,000 a------- c:\windows\system32\hf873uwndf.dll
2009-04-23 13:05 69,632 a------- C:\eftkguwn.exe
2009-04-23 13:05 88,576 a--sh--- c:\windows\system32\tebapade.dll
2009-04-23 13:05 80,896 a--sh--- c:\windows\system32\tevalili.dll
2009-04-23 13:05 51,200 a--sh--- c:\windows\system32\telorewe.exe
2009-04-22 12:38 9,216 a------- c:\windows\instsp2.exe
2009-04-22 12:38 79,360 a--sh--- c:\windows\system32\petolahu.dll
2009-04-22 12:38 88,064 a--sh--- c:\windows\system32\rihosife.dll.vir
2009-04-22 12:38 51,200 a--sh--- c:\windows\system32\judinoyo.exe
2009-04-21 23:35 1,409,509 ---sh--- c:\windows\system32\enimativ.ini
2009-04-19 19:01 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-04-17 19:35 <DIR> --d----- c:\documents and settings\ka to tha lin\Tracing
2009-04-17 19:33 <DIR> --d----- c:\program files\Microsoft
2009-04-17 19:33 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-17 19:28 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-04-27 09:44 87,040 a--sh--- c:\windows\system32\nufeduta.dll
2009-04-27 09:44 80,384 a--sh--- c:\windows\system32\nitekufi.dll
2009-04-27 09:44 75,776 a--sh--- c:\windows\system32\vohelipe.exe
2009-04-24 22:25 112,508 a------- c:\windows\system32\drivers\f058915e.sys
2009-04-24 22:08 79,360 a--sh--- c:\windows\system32\guporobe.dll
2009-04-24 22:08 87,040 a--sh--- c:\windows\system32\zufajudi.dll
2009-04-24 22:08 75,776 a--sh--- c:\windows\system32\liseruka.exe
2009-04-23 13:08 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-04-23 13:06 15,000 a------- c:\windows\system32\hf73wunfiu3.dll
2009-04-23 13:06 12,544 a------- c:\windows\system32\drivers\win32x.sys
2009-04-23 13:06 175,104 a------- C:\xptfh.exe
2009-04-23 13:06 55,296 a------- c:\windows\system32\reader_s.exe
2009-04-23 13:06 77,312 a------- c:\windows\system32\userinit.exe
2009-04-23 13:06 43,520 a------- C:\pdtivk.exe
2009-04-23 13:06 577,024 a------- c:\windows\system32\user32.DLL
2009-04-23 13:06 262,144 a------- c:\windows\system32\nvrsk.dll
2009-04-23 13:06 45,568 a------- c:\windows\reWMan.dll
2009-04-23 13:06 31,232 a------- C:\celkadaa.exe
2009-04-23 13:06 290,304 a------- C:\kggi.exe
2009-04-22 11:36 49,152 a--sh--- c:\windows\system32\rakowiti.dll
2009-04-21 23:35 50,688 a--sh--- c:\windows\system32\foyuroke.exe
2009-04-21 23:35 87,552 a--sh--- c:\windows\system32\dazetaha.dll
2009-04-21 23:35 79,872 -------- c:\windows\system32\vitamine.dll
2009-02-25 10:14 55,297 a------- c:\windows\system32\mcenspc.dll
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-22 11:35 5,120 a--sh--- c:\windows\system32\guganolu.dll
2009-01-22 11:36 49,152 a--sh--- c:\windows\system32\jubetufa.dll
2009-01-22 11:36 49,152 a--sh--- c:\windows\system32\pabinula.dll
2009-01-22 11:35 6,144 a--sh--- c:\windows\system32\pozimadu.dll
2009-01-22 11:36 49,152 a--sh--- c:\windows\system32\sotofoza.dll

============= FINISH: 10:42:59.45 ===============

I have to leave for work now, but I will check back here as soon as I get home. I ama moderator on another forum site, and having my computer almost out of commission like this is a big pain for my responsibilities. So any help is very much greatly appreciated!

[Bouton_dOr]

BUMP please

-edit-

Sorry for bumping too soon I just realized that I was supposed to wait 72 hours. x_x

ALSO from browsing other threads here it seems the next step is going to be to download combofix, so I went ahead and attempted to download it to be ready(not run it!) and when I downloaded it I got an error that quickly dissappears(one of those send error report messages) followed by this:

[tetonbob]

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

See miekiemoes' blog for similar comments here:

http://miekiemoes.blogspot.com/2009/...-throwing.html

[Bouton_dOr]

I was afraid reformatting was my only option. ._.

Thank you so much for your help! The only things I have that I want to keep are some pictures and movies, both of which should be okay correct?

[tetonbob]

Yes, those should be ok to keep. Scan them before reintroducing them to the system after new install.

To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  
• McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.
  
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
  
  
• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• How did I get infected in the first place?
• PC Safety and Security--What Do I Need?

Surf Safely, and Think Prevention!