Hello, I am running XP Pro on a Pentium IV 2.8 GHZ with 1 Gig of RAM. The other day 
when I got home, my son had been surfing and he clicked on a pop up and yep, you 
got it, instant infection. Sooo, while battling with an array of fake warnings and 
pop ups about wanting me to install this program I did a search using Foxfire and 
found advice to use Malwarebytes' Anti-Malware which I did. Installed it and after 
having to stop the process which caused the "program can't be started" routine did 
the scan and had it fix what it found.

Got a message that it couldn't fix several files until a reboot, so I agreed to that. 
Came back up STILL getting the pop ups and fake warnings. Wash, rinse, repeat. My 
feeling is that despite the update, my version of Antivirus Pro Fake hasn't caught 
up with a new file naming criteria to eliminate everything. So far, so not so good.

Installed HiJackThis and ran it. It found the iehelper.dll entry and the ssxrsysguard.exe 
entry, but by this point I am loath to try any sort of manual removal without instructions. 
I'll show the entries from HJT which are relevant below.

O1 - Hosts: ::1 localhost
O1 - Hosts: 193.169.12.50 winguard2009.microsoft.com
O1 - Hosts: 193.169.12.50 winguard-2009.com
O1 - Hosts: 193.169.12.50 www.winguard-2009.com

O2 - BHO: BHO - {B6D223F6-C185-49a2-BA7E-A03E84744702} - C:\WINDOWS\system32\iehelper.dll

O4 - HKCU\..\Run: [qcpukuir] C:\Documents and Settings\Julia Boyles\Local Settings\Application 
Data\pokfju\ssxrsysguard.exe

O4 - HKCU\..\Run: [qcpukuir] C:\Documents and Settings\Julia Boyles\Local Settings\Application 
Data\pokfju\ssxrsysguard.exe

I had just erased the entries from the HOSTS file manually when I thought that it 
may be wasted effort if I haven't gotten the other parts of the infection cleaned 
up and decided to come here after all.

[Reply or follow-up to this message]