Application Error:

**Mashetty** · 26-12-2007

ComboFix 07-12-21.4 - Satish 2007-12-26 8:25:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.132 [GMT 5.5:30]
Running from: C:\Documents and Settings\Satish\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Satish\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-23 11:11 . 2007-12-23 11:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2007-12-21 18:40 . 2007-12-25 23:21 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\StumbleUpon
2007-12-16 21:33 . 2007-12-23 17:01 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-16 13:53 . 2007-12-23 22:09 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2007-12-16 10:06 . 2007-12-16 10:06 <DIR> d-------- C:\Program Files\WordWeb
2007-12-16 10:06 . 2007-12-01 18:01 1,049,720 --a------ C:\WINDOWS\wweb32.dll
2007-12-13 21:55 . 2007-12-13 21:55 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\MSNInstaller
2007-12-13 08:56 . 2007-12-23 12:01 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Ahead
2007-12-13 08:56 . 2007-12-13 08:56 0 --a------ C:\WINDOWS\Irremote.ini
2007-12-13 08:41 . 2007-12-13 23:24 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\dvdcss
2007-12-13 08:30 . 2007-12-20 22:25 <DIR> d-------- C:\Program Files\Oront Burning Kit 2
2007-12-13 08:30 . 2007-12-13 08:30 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Obsidium
2007-12-11 23:15 . 2007-12-11 23:15 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-12-11 22:18 . 2007-12-11 22:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-09 16:14 . 2007-12-09 16:14 <DIR> d-------- C:\Documents and Settings\Satish\Phone Browser
2007-12-09 16:14 . 2007-12-09 16:14 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Nokia
2007-12-09 16:14 . 2007-12-09 16:14 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Datalayer
2007-12-09 16:11 . 2007-12-09 16:11 <DIR> d-------- C:\Program Files\DIFX
2007-12-09 16:10 . 2007-12-09 16:10 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\PC Suite
2007-12-09 16:10 . 2007-12-09 16:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2007-12-09 16:09 . 2007-12-13 21:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-09 16:08 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-09 16:04 . 2007-12-09 16:04 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-08 09:17 . 2007-12-13 22:58 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\vlc
2007-12-08 09:02 . 2007-12-08 09:02 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Inbit
2007-12-08 09:01 . 2007-12-23 11:23 <DIR> d-------- C:\Program Files\Inbit
2007-12-08 09:01 . 2007-12-08 09:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Inbit
2007-12-07 23:12 . 2007-12-16 10:04 178 --a------ C:\WINDOWS\POD.INI
2007-12-07 22:30 . 1996-11-05 16:19 247,648 --a------ C:\WINDOWS\UNINST16.EXE
2007-12-07 22:30 . 1995-07-13 18:43 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-12-07 22:30 . 2007-12-07 22:30 8 --a------ C:\WINDOWS\Q.TRD
2007-12-07 22:30 . 2007-12-07 22:30 0 --a------ C:\WINDOWS\PROTOCOL.INI
2007-12-07 22:29 . 2007-12-07 22:29 <DIR> d-------- C:\Documents and Settings\Satish\WINDOWS
2007-12-03 20:20 . 2004-08-04 14:26 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-03 20:20 . 2004-08-04 12:28 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-03 20:20 . 2004-08-04 12:28 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-03 20:20 . 2001-08-18 12:06 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-03 16:06 . 2007-12-03 20:52 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Yahoo!
2007-12-03 16:06 . 2007-12-03 16:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-12-03 14:51 . 2007-12-03 14:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-12-03 12:22 . 2007-12-23 14:25 1,277 --a------ C:\WINDOWS\mozver.dat
2007-12-02 22:28 . 2007-12-02 22:28 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-02 00:32 . 2007-12-02 00:32 <DIR> d---s---- C:\Documents and Settings\Satish\UserData
2007-12-01 23:47 . 2007-12-25 22:52 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\TypingMaster7
2007-12-01 23:20 . 2007-12-01 23:20 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Comodo
2007-12-01 23:20 . 2007-12-01 23:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2007-12-01 11:56 . 2004-08-04 12:38 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-30 11:49 . 2007-11-30 11:49 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-11-30 11:49 . 2007-11-30 11:49 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-11-30 11:45 . 2004-08-04 14:26 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2007-11-30 11:45 . 2004-08-04 14:26 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2007-11-30 11:45 . 2004-08-04 12:38 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-11-30 11:45 . 2004-08-04 12:38 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-11-30 11:45 . 2004-11-19 00:12 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-30 11:45 . 2004-08-04 12:28 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-11-30 11:45 . 2004-08-04 12:28 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2007-11-30 11:45 . 2004-08-04 14:26 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-11-30 11:45 . 2004-08-04 14:26 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2007-11-30 11:44 . 2007-11-30 11:44 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\ATI
2007-11-30 11:44 . 2005-04-17 03:50 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-11-30 11:38 . 2005-10-14 15:40 1,114,674 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2007-11-30 11:38 . 2006-01-26 22:27 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-11-30 11:38 . 2006-01-16 03:34 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-11-30 11:38 . 2005-12-08 22:31 112,421 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-11-30 11:38 . 2005-10-14 15:40 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
2007-11-30 11:38 . 2006-01-16 04:00 26,912 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-11-30 11:38 . 2005-12-02 18:50 6,005 -ra------ C:\WINDOWS\system32\atifglpf.xml
2007-11-30 11:38 . 2005-10-14 15:40 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2007-11-30 11:27 . 2007-11-30 11:27 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2007-11-30 11:24 . 2001-08-23 05:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2007-11-30 11:23 . 2001-08-23 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-11-30 11:22 . 2004-08-04 00:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2007-11-30 11:20 . 2007-11-30 11:22 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-11-30 11:20 . 2001-08-23 05:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2007-11-30 11:20 . 2007-11-30 11:20 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2007-11-30 11:20 . 2007-11-30 11:20 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-11-30 11:18 . 2007-11-30 11:18 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-30 11:18 . 2007-11-30 11:18 37 --a------ C:\WINDOWS\vbaddin.ini
2007-11-30 11:18 . 2007-11-30 11:18 36 --a------ C:\WINDOWS\vb.ini
2007-11-30 09:45 . 2007-12-16 21:04 <DIR> d-------- C:\Program Files\QuickTime
2007-11-30 03:09 . 2001-08-17 19:29 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-11-30 03:08 . 2004-08-04 04:29 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-11-30 03:08 . 2004-08-04 04:01 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-11-30 03:07 . 2004-08-04 06:26 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-11-30 03:05 . 2007-11-30 11:18 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2007-11-30 03:02 . 2007-11-30 11:26 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2007-11-29 23:43 . 2007-11-29 23:43 335 --a------ C:\WINDOWS\mozregistry.dat
2007-11-29 23:28 . 2007-11-29 23:28 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-21 13:10 --------- d-----w C:\Program Files\StumbleUpon
2007-12-16 15:35 --------- d-----w C:\Program Files\Macromedia
2007-12-13 17:25 --------- d-----w C:\Program Files\VideoLAN
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-01 18:17 --------- d-----r C:\Program Files\TypingMaster
2007-11-30 04:15 --------- d-----w C:\Program Files\Xilisoft
2007-11-29 15:38 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\StumbleUpon
2007-11-23 16:47 --------- d-----w C:\Program Files\Comodo
2007-11-20 15:25 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Talkback
2007-11-19 02:57 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Grisoft
2007-11-19 01:59 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Yahoo!
2007-11-15 17:53 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Comodo
2007-11-15 17:01 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\ATI
2007-11-15 14:44 --------- d-----w C:\Documents and Settings\test\Application Data\Yahoo!
2007-11-15 14:41 --------- d-----w C:\Documents and Settings\test\Application Data\Grisoft
2007-11-15 14:41 --------- d-----w C:\Documents and Settings\test\Application Data\Comodo
2007-11-15 14:40 --------- d-----w C:\Documents and Settings\test\Application Data\ATI
2007-11-04 07:53 --------- d-----w C:\Program Files\a-squared Free
2007-11-03 02:34 --------- d-----w C:\Documents and Settings\SATISH KUMAR\Application Data\Uniblue
2007-11-02 17:13 --------- d-----w C:\Program Files\Lavasoft(2)
2007-11-02 17:13 --------- d-----w C:\Program Files\Lavasoft
2007-11-02 17:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 17:12 --------- d-----w C:\Documents and Settings\SATISH KUMAR\Application Data\TypingMaster7
2007-10-28 11:46 --------- d-----w C:\Documents and Settings\SATISH KUMAR\Application Data\MailWasherPro
2007-06-13 03:13 7,246,848 -c--a-w C:\Program Files\HTML Guardian 7.msi
.

((((((((((((((((((((((((((((( snapshot@2007-12-24_ 7.01.17.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-26 02:33:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"QuickPhrase"="C:\Program Files\TypingMaster\quickphrase\quickphrase.exe" [2007-06-19 23:59]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 07:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 22:53 C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 18:30]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-12-01 23:18]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50]

C:\Documents and Settings\Satish\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-12-16 10:06:21]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8664717e-af0d-11dc-8402-001676c0f6a3}]
\Shell\AutoRun\command - K:\uxdeiect.com
\Shell\explore\Command - K:\uxdeiect.com
\Shell\open\Command - K:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d62f-9efa-11dc-83b9-001676c0f6a3}]
\Shell\AutoRun\command - I:\uxdeiect.com
\Shell\explore\Command - I:\uxdeiect.com
\Shell\open\Command - I:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d630-9efa-11dc-83b9-001676c0f6a3}]
\Shell\AutoRun\command - I:\uxdeiect.com
\Shell\explore\Command - I:\uxdeiect.com
\Shell\open\Command - I:\uxdeiect.com

.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 08:27:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-26 8:27:43
C:\ComboFix2.txt ... 2007-12-25 22:10
C:\ComboFix3.txt ... 2007-12-24 07:02

Thank you!

**Mashetty** · 28-12-2007

*bump*

**VopThis** · 29-12-2007

We have twice tried to remove the entries below. Since they are orphan entries and your PC appears to working fine, they should present no further problem other than being registry clutter:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8664717e-af0d-11dc-8402-001676c0f6a3}]
\Shell\AutoRun\command - K:\uxdeiect.com
\Shell\explore\Command - K:\uxdeiect.com
\Shell\open\Command - K:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d62f-9efa-11dc-83b9-001676c0f6a3}]
\Shell\AutoRun\command - I:\uxdeiect.com
\Shell\explore\Command - I:\uxdeiect.com
\Shell\open\Command - I:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d630-9efa-11dc-83b9-001676c0f6a3}]
\Shell\AutoRun\command - I:\uxdeiect.com
\Shell\explore\Command - I:\uxdeiect.com
\Shell\open\Command - I:\uxdeiect.com

**Mashetty** · 29-12-2007

Hi, Good day!

You have been very helpful throughout. Thanks a lot to all of you. I am using avast 4.7 professional. Should I use any other software or anti-malware to stop such probs . Please reply me.

Thank you!

**VopThis** · 30-12-2007

The basic features of anti-virus and firewall tools provide ‘active protection’ components. However, without such (always on) active protection against malware, most PCs can and will eventually run into serious problems. Then, it is often considerably more difficult to fix problems after the fact than to deny the infection as soon as it first attempts to load and run.

Some real-time (paid) tools may be advisable when and if you continue to get infected. In my case I run SpySweeper (paid) – not advisable to run more than one such tool at the same time. I also run on-demand after the fact scans for additional detection capabilities and just to keep informed of how such tools behave. Since I rarely see a malware infection, I really don’t have a need for extensive real-time (paid) protection.

Some of the following anti-malware tools (mentioned below) can attempt to fix problems found after the fact. Different tools may find more obscure infections due to various capability and update timing issues:
AVG Anti-Spware
SuperAntispyware
Spyware Doctor (scan only)
SpySweeper (limited trial – scan only)

To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.

ONLY ONCE you are as clean as possible from any needed cleanup steps - As a final cleanup step (after serious infection), it may be advisable to Reset and Re-enable your System Restore to remove any bad files that MAY have been backed up by Windows . This may be advisable since any subsequent need to use your most recent restore points could, indeed, make matters worse. The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. Accordingly and of further note; it can be very unsafe to run with admin rights on any PC that you browse the Internet with.

(Windows XP)

FOLDER LOCATION: c:\System Volume Information\_restore….

To Turn OFF System Restore.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
Click Apply.

REBOOT.

To Turn ON System Restore.

Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
Create new System Restore points.

(Windows ME)

FOLDER LOCATION: c:\_RESTORE\TEMP\….

See the following link for instructions:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:

Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
- http://www.securityfocus.com/news/11273
  If you surf to questionable (blockable) parts of the Web, you could encounter sites that compromise your PC without any user interaction. In experiments [reported Aug 2005], Microsoft identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system. Also, be aware that the WinXP Service Pack 2 was an update that focused almost exclusively on security. Also reported was that a fully patched Windows XP SP2 system cannot be compromised by any such discovered rogue Web sites.
Run your antivirus software regularly, and keep its definitions up-to-date. If you are thinking about switching (using a real-time/always on AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
In addition to using Ad-aware, consider using another free malware scanning/removal program :
Ad-Aware 2007: http://www.download.com/Ad-Aware-200...l?tag=pdp_prod
Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1

AVG Anti-Spyware : http://free.grisoft.com/doc/20/lng/us/tpl/v5

Microsoft Windows Defender beta 2 : http://www.download.com/Microsoft-Wi...ml?tag=lst-0-1
Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
Comodo: http://www.personalfirewall.comodo.com/
Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
*** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
Zone Alarm: - no longer presently recommending this one (new ownership and business practices have created issues currently under review.)
http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.
Consider using an alternate free browser for general web surfing but you must use IE for windows updates. The use of Firefox (or similar alternate) mitigates the many types of malware that are now possible when using IE ActiveX based components. Should problems ever arise in utilizing ‘Internet Explorer’, this provides you with access to a completely different browser that may often work in such times of difficulty.
Mozilla Firefox: http://www.mozilla.org/products/firefox/
Consider increasing your browser security by using these programs:
SpywareGuard will help protect your homepage from being hijacked:
http://www.javacoolsoftware.com/spywareguard.html

SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
- If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
- IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
  http://www.spywarewarrior.com/uiuc/resource.htm
A HOSTS file can block Internet access to thousands of undesirable or known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
- Run the HiJackThis tool and select ‘Open the Misc Tools section’.
- Next select ‘Open host file manager’ button.
- Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
- Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.
  
  EXCERPT:
  
  #start of lines added by WinHelp2002
  # [Misc A - Z]
  127.0.0.1 phpadsnew.abac.com
  127.0.0.1 a.abnad.net
  127.0.0.1 e.abnad.net
  127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
  .
  .
  .
  #end of lines added by WinHelp2002

*Remember just like your primary anti-virus software, it is important to:
Keep all of these programs up-to-date (using auto-updates where possible), and

Use them on a regular (minimum weekly) basis.

REALITY CHECK:

Who else uses your PC? What are the potential risks created by multiple (potentially loose cannon) users and why?
What about bad luck, simple mistakes, and bad browsing choices (SEE: www.siteadvisor.com and their BLOG)?
SEE: The Dangers of Popularity (for Popular SEARCH TERMS):
http://blog.siteadvisor.com/2006/08/...pularity.shtml

The correlation of search term popularity and search term riskiness illustrates how malicious activity tends to follow and exploit consumer behavior. Users demand "free," and bad actors flock to fill corresponding search results with their deceptive offerings. All too often, users don't realize the detrimental consequences of these sites until their systems crash from spyware or their inboxes become choked with spam.

ABOVE ALL, it is most imperative that users exercise "safe surfing" habits such as banning or at least verifying email attachments (with scanning tools) before opening, and by not executing programs unless obtained from a trusted (or researched) source, etc.

In general, always research any unfamiliar links or products that you might want to access or download. In particular, the SiteAdvisor site and other REPUTABLE research-based link sources have continued to make a significant difference to my clients’ PC health due to better-informed browsing habits and choices. Peer-to-Peer and FREE download sites add a level of risk that many should seriously take into account and adjust their behavior accordingly (significant sources of drive-by-downloads, script based infections, and annoying POPUPs).

Additionally, TEMPORARY files are both a significant source of clutter and potential hiding places for MALWARE content. Clean out those areas periodically - at least weekly. You can use a tool like CCleaner (or ATF Cleaner):

To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner http://www.ccleaner.com/downloadbuilds.asp

Install Options:

Don't install any Toolbars, or other programs, should it ask you!
Just uncheck the option of installing the Yahoo toolbar.

It will put a shortcut on your Desktop.
Do not run CCleaner until requested later.

Run CCleaner in SAFE MODE (reboot tapping the F8 key after the beep).

Select the ‘Options’ BUTTON option (top LEFT), ‘Advanced’ BUTTON, and then UNCHECK the ‘Only delete files in Windows Temp Folders older than 48 hours’ (because the latest download traffic could easily be the bearer of some bad content).

Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.

Uncheck ‘Cookies’ option (advisable)
Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
Click the ‘Analyse’ button.
Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.

Those that continue to want to use ‘Limewire’, 'BitTorrent', 'Bearshare', ‘Morpheus’ or other P2P applications, can expect to see the possibility for more serious malware issues (such as bad executables):
http://www.siteadvisor.com/sites/bearshare.com

You would be well-advised to at least consider strengthening your real-time prevention tools and use either Spy Sweeper or Spyware Doctor, and possibly also run AVG Anti-Spyware (mainly for anti-trojan defensive purposes) in real-time, as well (paid version=realtime). No combination of tools, however, can ever be completely fail-safe for all possible issues.

Application Error:

Re: Application Error:

Similar Threads

application error

userinit.exe - Application error

Help! Application Error

Application Error

IE7 Beta Error Message: SysFader: iexplore.exe - Application error