Solved Help with malware infecting browsers and Steam

[Broni]

I think this is your issue:
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
I can see you being located in Brazil and the above server seems to be located in Netherlands (possibly fake).

Follow this guide (http://windows.microsoft.com/en-us/windows/change-tcp-ip-settings#1TC=windows-7) and make sure your settings looks like this:

 

[Syllad]

I checked, but my settings already looked like that, both for IPv4 and IPv6.

 

[Broni]

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log

Click Go and post the result.

 

[Syllad]

MiniToolBox by Farbar Version: 11-05-2015 01
Ran by Alexandre (administrator) on 08-06-2015 at 23:09:38
Running from "C:\Users\Alexandre\Desktop"
Microsoft Windows 8.1 Pro (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)
Realtek PCI GBE Family Controller = Ethernet 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Conex�o Local* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : SenhorBazoo
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCI GBE Family Controller
Physical Address. . . . . . . . . : 90-E6-BA-16-C3-B8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 90-E6-BA-16-C5-56
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::893b:5e23:5146:686b%3(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, June 8, 2015 10:08:42 PM
Lease Expires . . . . . . . . . . : Tuesday, June 9, 2015 12:08:42 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 59827898
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-4B-8C-4F-90-E6-BA-16-C5-56
DNS Servers . . . . . . . . . . . : 89.248.166.149
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{AB1A52F5-2EEC-4A11-B249-525094A78B86}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Adaptador do Microsoft ISATAP
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:8f2:3396:3f57:fff5(Preferred)
Link-local IPv6 Address . . . . . : fe80::8f2:3396:3f57:fff5%6(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 201326592
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-4B-8C-4F-90-E6-BA-16-C5-56
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 89.248.166.149


Pinging google.com [173.194.42.167] with 32 bytes of data:
Reply from 173.194.42.167: bytes=32 time=199ms TTL=46
Reply from 173.194.42.167: bytes=32 time=236ms TTL=46

Ping statistics for 173.194.42.167:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 199ms, Maximum = 236ms, Average = 217ms
Server: UnKnown
Address: 89.248.166.149


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=283ms TTL=49
Reply from 98.138.253.109: bytes=32 time=249ms TTL=49

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 249ms, Maximum = 283ms, Average = 266ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
4...90 e6 ba 16 c3 b8 ......Realtek PCI GBE Family Controller
3...90 e6 ba 16 c5 56 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
5...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP
6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.10 266
192.168.0.10 255.255.255.255 On-link 192.168.0.10 266
192.168.0.255 255.255.255.255 On-link 192.168.0.10 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.10 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.10 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
6 306 ::/0 On-link
1 306 ::1/128 On-link
6 306 2001::/32 On-link
6 306 2001:0:5ef5:79fb:8f2:3396:3f57:fff5/128
On-link
3 266 fe80::/64 On-link
6 306 fe80::/64 On-link
6 306 fe80::8f2:3396:3f57:fff5/128
On-link
3 266 fe80::893b:5e23:5146:686b/128
On-link
1 306 ff00::/8 On-link
3 266 ff00::/8 On-link
6 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/08/2015 09:26:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/07/2015 00:54:09 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.

System Error:
Acesso negado.
.

Error: (06/07/2015 11:07:50 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/07/2015 11:03:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/07/2015 09:53:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 2.81.34.6, time stamp: 0x55708c89
Faulting module name: libcef.dll, version: 3.2272.30.0, time stamp: 0x55507fe0
Exception code: 0x80000003
Fault offset: 0x00080f69
Faulting process id: 0x138c
Faulting application start time: 0xsteamwebhelper.exe0
Faulting application path: steamwebhelper.exe1
Faulting module path: steamwebhelper.exe2
Report Id: steamwebhelper.exe3
Faulting package full name: steamwebhelper.exe4
Faulting package-relative application ID: steamwebhelper.exe5

Error: (06/06/2015 11:12:32 AM) (Source: Steam Client Service) (User: )
Description: Failed to poke open firewall

Error: (06/06/2015 03:35:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/06/2015 03:34:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/05/2015 04:27:46 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.

System Error:
Acesso negado.
.

Error: (06/05/2015 03:20:13 PM) (Source: Microsoft-Windows-LocationProvider) (User: AUTORIDADE NT)
Description: There was an error with the Windows Location Provider database


System errors:
=============
Error: (06/08/2015 05:48:53 PM) (Source: Schannel) (User: AUTORIDADE NT)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (06/08/2015 04:25:32 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/08/2015 04:18:48 PM) (Source: Service Control Manager) (User: )
Description: The SpyHunter 4 Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/08/2015 03:55:10 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 13:37:15 on ‎08/‎06/‎2015 was unexpected.

Error: (06/08/2015 03:53:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NvNetworkService service.

Error: (06/08/2015 03:53:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gzserv service.

Error: (06/08/2015 03:53:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapportMgmtService service.

Error: (06/08/2015 03:53:46 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (06/08/2015 03:52:46 PM) (Source: DCOM) (User: SENHORBAZOO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/08/2015 03:52:46 PM) (Source: DCOM) (User: SENHORBAZOO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================

**** End of log ****

 

[Broni]

I see you're using router.
Did you set these DNS values on your router?
89.248.166.149
8.8.8.8

 

[Syllad]

No, I did not.

 

[Broni]

You have to access your router setup page and check "DNS settings".
This is a screenshot from my router page so it should look similar:

 

[Syllad]

It took me a while because the setup page of my router is quite different from yours.
I couldn't exactly find a tab specifically for the configuration of DNS, but I found this:

... and I unchecked "Enable DNS Override", which resulted in the IPs above.
This seems to have somewhat mitigated the problem, but I'm still getting the annoying banners.

Any clues where to go from here?

 

[Syllad]

Also, any idea how that DNS configuration got that way? Can adware/malware do that?

 

[Syllad]

Interestingly, I've just run SpyHunter 4 and it detected Conduit Search.
I had SpyHunter remove it, ran TFC and rebooted the PC.
The problem seems to have disappeared now, but I don't want to be too optimistic.

 

[Broni]

any idea how that DNS configuration got that way? Can adware/malware do that?

Definitely.

Actually SpyHunter is not recommended and I suggest you uninstall it.
Info: https://www.mywot.com/en/scorecard/enigmasoftware.com?utm_source=addon&utm_content=popup-donuts

I suspect that somewhere in between us fixing your DNS issue you got reinfected a bit.
It looks like SpyHunter removed the culprit but I'd uninstall it anyway.

I suggest you re-run AdwCleaner and JRT.
Post logs if something found and update me on computer behavior.

BTW, now your DNS looks fine.
189.7.80.15 is located in Brazil.

 

[Syllad]

Ok, I took your advice and uninstalled SpyHunter.
Incidentally, you were right, it seems AdwCleaner picked up some vestiges of Conduit:

AdwCleaner[S2].txt

# AdwCleaner v4.206 - Logfile created 09/06/2015 at 21:17:30
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Alexandre - SENHORBAZOO
# Running from : C:\Users\Alexandre\Desktop\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Conduit

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v43.0.2357.124

[C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [15208 bytes] - [26/04/2015 09:57:53]
AdwCleaner[R1].txt - [1310 bytes] - [06/06/2015 14:17:28]
AdwCleaner[R2].txt - [1469 bytes] - [09/06/2015 21:14:55]
AdwCleaner[S0].txt - [1882 bytes] - [26/04/2015 10:00:27]
AdwCleaner[S1].txt - [1341 bytes] - [06/06/2015 14:22:06]
AdwCleaner[S2].txt - [1361 bytes] - [09/06/2015 21:17:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1420 bytes] ##########

 

[Syllad]

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 8.1 Pro x64
Ran by Alexandre on Tue 06/09/2015 at 21:21:40.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\Alexandre\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Alexandre\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Alexandre\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Alexandre\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gkojfkhlekighikafcpjkiklfbnlmeio
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/09/2015 at 21:28:48.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Syllad]

With regard to computer behavior, everything seems to have returned to normal. No more pesky banners! \o/

If there's nothing left to do, I'd like to say I used to be skeptical of resorting to forums in order to tackle this sort of thing, but you've been tremendously helpful and I really appreciate that you've taken the time to help me solve my problem for the last few days. Cheers, mate! Thanks a lot.

 

[Broni]

You're very welcome

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642