IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ha, p, re, gy, 32, ss
Possible filenames are:
hare32.dll, haress.dll, hagy32.dll, hagyss.dll, pre32.dll, press.dll, pgy32.dll, pgyss.dll
It displays alert messages with popups that download Total Secure 2009:
At this time, there is no more extra dropper (users64.dat) in this version. But things could change quickly.
Use SmitfraudFix to remove the infection.