27 replies to this topic

[Sachin Naik]

I cannot update my MBAM 1.37, when I click on update, my MBAM of course connects to malwarebytes.org and starts updating but when the update goes upto 36kb it gets interrupted, i get an error message like this “update failed make sure that u are connected to the internet and check firewall... error code 732 (0)”
the next strange thing is that I cant even download the new released MABAM 1.38 from the site, the downloading begins and it pauses to 1% and remains like that only.

I have checked my IE, its set to online, I even switched to firefox again the same problem, I CAN update my AVG 8.5 free, threatfire, spybot-sd without any problems, I ran a full scan using them they don't detect any threats, I also ran a scan using avg anti rootkit free tool it detects only those folders and files which I have password protected myself and nothing else
I don't have any other problems
You can check my firewall settings, plz refer this picture


I use broadband connection 256kbps
1 week has passed I cant update MBAM
I have NOT downloaded any illegal software except some freeware games till now


Malwarebytes' Anti-Malware 1.37
Database version: 2274
Windows 5.1.2600 Service Pack 2

26-Jun-09 02:51:15 PM
mbam-log-2009-06-26 (14-51-15).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 124743
Time elapsed: 42 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:11:30 PM, on 26-Jun-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Billeo\billeo.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Billeo - {465E08E7-F005-4389-980F-1D8764B3486C} - C:\Program Files\Billeo\billeo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - F:\Download\STARDO~1\SDIEInt.dll
O3 - Toolbar: Billeo - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - C:\Program Files\Billeo\billeo.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Billeo.lnk = C:\Program Files\Billeo\billeo.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download with Star Downloader - F:\Download\Star Downloader\sdie.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\Program Files\Billeo\billeo.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242710893437
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 7076 bytes


ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/06/26 18:02
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log
Status: Size mismatch (API: 188834, Raw: 183010)


Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\PictureTasks\OLS\Locale\ENU\description.xml:encryptable
Status: Invisible to the Windows API!

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/06/26 18:05
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF54C2000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A98000 Size: 8192 File Visible: No
Status: -


Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7C74000 Size: 2560 File Visible: No
Status: -


Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEFDF3000 Size: 45056 File Visible: No
Status: -

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/06/26 18:10
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

SSDT
-------------------

#: 041 Function Name: NtCreateKey
Status: Hooked by "TfSysMon.sys" at address 0xf75a0e00

#: 063 Function Name: NtDeleteKey
Status: Hooked by "TfSysMon.sys" at address 0xf75a0ff0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf75a1092


#: 119 Function Name: NtOpenKey
Status: Hooked by "TfSysMon.sys" at address 0xf75a0cf4


#: 247 Function Name: NtSetValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf75a122a


#: 257 Function Name: NtTerminateProcess
Status: Hooked by "TfSysMon.sys" at address 0xf75a279e



Please Note: I have a rootrepeal tool, so the above are the objects which have been detected by my rootrepeal as Hidden/Locked Files/Drivers/SSDT as there is no guarntee on such tools I have not taken any action on the above objects as they could be safe

but also note: I have also run my rootrepeal to scan for hidden processes, stealth objects and hidden services and it has NOT detected anything for the same

[AdvancedSetup]

Please check your Private Messages.

[Sachin Naik]

ok for 1 week I was trying to update my MBAM but it used to fail, finally yesterday night I just updated it and thank god it got updated to the latest version 1.38 (I did not use that link which u gave as i could update it, thank you), presently I am running a scan using it, lets see if it finds anything

The next problem is that whenever I start my MBAM along with windows by ticking the option "start with windows" I allways have start up problems, the entire screen gets stuck up in such a way that I have to force to shut down my PC and the only option left to overcome this problem is untick the option "start with windows" then I dont have a single problem with start up, but plz note that this used to happen everytime from when I purchased the key, as i could control that option "start with windows"

The other software i use is threatfire and avg free

Now overall what I would like to ask you is that, is MBAM having any special functionality by which it can scan for threats on start up, such that its compulsory to start MABAM protection along with windows

[AdvancedSetup]

Please post the MBAM Quick Scan log and then run the following scanner and we'll see what we can find.


[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Yes to allow ComboFix to continue scanning for malware.
  
• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

[/indent]

[Sachin Naik]

I don't have any other problem rather then the problem which I have mentioned above
plz note: I have first run a MBAM scan then Combo fix scan and then hijack this
Please help me

Malwarebytes' Anti-Malware 1.38
Database version: 2340
Windows 5.1.2600 Service Pack 2

27-Jun-09 11:40:28 AM
mbam-log-2009-06-27 (11-40-28).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 127326
Time elapsed: 46 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_________________________________________________________
ComboFix 09-06-26.02 - Sachin Naik 27-Jun-09 12:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.489 [GMT 5.5:30]
Running from: c:\download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-26 15:27 . 2009-06-26 15:27 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-19 14:49 . 2009-06-19 14:49 -------- d-----w- c:\program files\Santa Claus in trouble ...again! - Demo
2009-06-17 15:56 . 2009-06-17 15:56 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\Thunderbird
2009-06-17 15:56 . 2009-06-17 15:56 -------- d-----w- c:\documents and settings\Sachin Naik\Local Settings\Application Data\Thunderbird
2009-06-17 15:56 . 2009-06-27 06:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-17 14:46 . 2009-06-17 14:46 -------- d-----w- c:\documents and settings\Sachin Naik\Local Settings\Application Data\Help
2009-06-17 14:45 . 2009-06-17 14:45 -------- d-----w- C:\Multimedia Files
2009-06-17 14:44 . 2009-06-17 14:46 -------- d-----w- c:\program files\Microsoft GIF Animator
2009-06-15 07:02 . 2009-06-15 07:04 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-15 07:01 . 2009-06-15 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-11 17:19 . 2009-05-28 06:21 2075416 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-06-11 17:18 . 2009-06-02 18:27 1948440 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\prepare\avgtray.exe
2009-06-11 17:18 . 2009-06-02 18:27 1213720 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\prepare\avgfrw.exe
2009-06-11 17:18 . 2009-06-02 18:26 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\prepare\setup.exe
2009-06-11 17:18 . 2009-06-02 18:26 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\prepare\avgsrmax.exe
2009-06-11 17:18 . 2009-06-02 18:26 760600 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\prepare\avgscanx.exe
2009-06-05 10:49 . 2009-06-05 10:49 8854 ----a-r- c:\documents and settings\Sachin Naik\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-06-05 10:49 . 2009-06-05 10:49 40960 ----a-r- c:\documents and settings\Sachin Naik\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-06-05 10:49 . 2009-06-05 10:49 40960 ----a-r- c:\documents and settings\Sachin Naik\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-06-05 10:49 . 2009-06-05 14:20 -------- d-----w- c:\program files\Project64 1.6
2009-06-05 10:42 . 2009-06-05 10:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1596C986-55C5-4898-A908-44973D039EA5}
2009-06-04 15:27 . 2009-06-04 17:37 -------- d-----w- c:\program files\Ultimate Racing Showdown
2009-06-04 07:35 . 2009-06-24 07:42 -------- d-----w- c:\program files\Aladdin
2009-06-03 05:52 . 2009-06-03 05:52 -------- d-----w- c:\program files\Santa Claus in Trouble
2009-06-03 04:50 . 2005-04-12 07:24 331184 ------w- c:\windows\system32\difxapi.dll
2009-06-03 04:47 . 2008-12-16 10:18 21144 ----a-w- c:\windows\system32\drivers\xfilt.sys
2009-06-03 04:47 . 2008-12-16 10:17 13976 ----a-w- c:\windows\system32\drivers\videX32.sys
2009-06-02 18:27 . 2009-06-02 18:27 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\prepare\avgupd.exe
2009-06-02 17:35 . 2009-06-02 17:35 -------- d-----w- c:\program files\VIA
2009-06-01 10:27 . 2009-06-01 10:37 -------- d-----w- c:\program files\MSI
2009-06-01 10:23 . 2009-06-01 10:23 -------- d-----w- C:\Intel
2009-06-01 07:28 . 2009-06-01 07:28 -------- d-----w- c:\documents and settings\Sachin Naik\Local Settings\Application Data\Adobe
2009-06-01 07:28 . 2009-06-01 07:28 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\AdobeUM
2009-06-01 07:26 . 2009-06-01 07:26 -------- d-----w- c:\windows\Cache
2009-05-30 05:42 . 2009-05-30 05:42 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-29 06:47 . 2009-05-29 06:55 -------- d-----w- c:\program files\DOSBox-0.72
2009-05-29 06:44 . 2009-05-29 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Softdisk LLC
2009-05-28 12:22 . 2009-06-27 05:26 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-28 08:25 . 2009-05-28 06:21 76040 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2009-05-28 08:25 . 2009-05-28 06:21 97928 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-05-28 08:25 . 2009-05-28 06:21 10520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-05-28 08:25 . 2009-05-28 06:21 26824 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-05-28 08:25 . 2009-05-28 06:21 287000 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-28 08:11 . 2009-05-28 08:11 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-28 08:11 . 2009-05-28 08:11 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-05-28 08:11 . 2009-05-28 08:11 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-28 08:11 . 2009-05-28 08:11 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-05-28 07:55 . 2009-05-28 07:55 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\AVG8
2009-05-28 07:49 . 2009-05-28 07:49 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\MiniDm
2009-05-28 07:08 . 2009-05-28 07:08 -------- d-----w- c:\documents and settings\Sachin Naik\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 06:37 . 2009-05-18 14:00 -------- d-----w- c:\program files\Crawler
2009-06-27 05:55 . 2009-05-24 08:21 117760 ----a-w- c:\documents and settings\Sachin Naik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-27 05:14 . 2009-05-18 06:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-27 05:11 . 2009-05-18 08:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-26 17:11 . 2009-05-23 17:10 -------- d-----w- c:\program files\ProxyWay
2009-06-26 15:30 . 2009-05-18 14:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 13:58 . 2009-05-19 11:25 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\OpenOffice.org2
2009-06-26 13:53 . 2009-05-18 06:22 -------- d-----w- c:\program files\ThreatFire
2009-06-19 20:37 . 2009-05-18 06:22 46864 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-06-19 20:37 . 2009-05-18 06:22 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-06-19 20:37 . 2009-05-18 06:22 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-06-17 05:57 . 2009-05-18 14:05 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 05:57 . 2009-05-18 14:05 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 06:21 . 2009-05-28 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-03 15:06 . 2009-05-28 06:21 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\AVGTOOLBAR
2009-06-03 04:58 . 2009-06-03 04:57 -------- d-----w- c:\program files\S3
2009-06-03 04:57 . 2009-05-17 17:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 07:28 . 2009-05-18 05:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 08:25 . 2009-05-28 06:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-28 08:25 . 2009-05-28 06:21 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-28 08:25 . 2009-05-28 06:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-28 08:24 . 2009-05-28 06:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-27 09:29 . 2009-05-27 09:29 -------- d-----w- c:\program files\Enigma Software Group
2009-05-27 09:02 . 2009-05-18 14:55 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup2.exe
2009-05-26 14:50 . 2009-05-24 08:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-25 17:21 . 2009-05-25 17:21 -------- d-----w- c:\program files\FLVPlayer
2009-05-24 14:23 . 2009-05-24 14:23 -------- d-----w- c:\program files\prince 4d
2009-05-24 08:20 . 2009-05-24 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-24 08:20 . 2009-05-24 08:20 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\SUPERAntiSpyware.com
2009-05-24 08:18 . 2009-05-24 08:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-24 05:52 . 2009-05-24 05:52 -------- d-----w- c:\program files\Trend Micro
2009-05-22 09:04 . 2009-05-22 09:04 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\aAvgApi
2009-05-20 17:49 . 2009-05-18 05:15 21272 ----a-w- c:\documents and settings\Sachin Naik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 15:58 . 2009-05-20 15:58 -------- d-----w- c:\program files\Avira GmbH
2009-05-20 13:58 . 2009-05-20 13:58 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\Apple Computer
2009-05-20 13:56 . 2009-05-20 13:53 -------- d-----w- c:\program files\QuickTime
2009-05-20 13:53 . 2009-05-20 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-20 13:52 . 2009-05-17 17:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-19 12:30 . 2009-05-19 12:30 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\Desktopicon
2009-05-19 12:30 . 2009-05-19 12:30 -------- d-----w- c:\program files\FormatFactory
2009-05-19 12:20 . 2009-05-19 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-05-19 12:20 . 2009-05-19 12:20 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\NCH Swift Sound
2009-05-19 12:20 . 2009-05-19 12:20 -------- d-----w- c:\program files\NCH Swift Sound
2009-05-19 11:23 . 2009-05-19 11:23 -------- d-----w- c:\program files\OpenOffice.org 2.1
2009-05-19 11:19 . 2009-05-19 11:19 -------- d-----w- c:\program files\WordWeb
2009-05-18 14:46 . 2009-05-18 14:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-18 14:46 . 2009-05-18 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 14:05 . 2009-05-18 14:05 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\Malwarebytes
2009-05-18 14:05 . 2009-05-18 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-18 13:57 . 2009-05-18 13:57 0 ----a-w- c:\windows\nsreg.dat
2009-05-18 13:56 . 2009-05-18 13:56 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-05-18 13:53 . 2009-05-18 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-05-18 13:53 . 2009-05-18 13:53 -------- d-----w- c:\program files\NCH Software
2009-05-18 13:53 . 2009-05-18 13:53 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\NCH Software
2009-05-18 13:47 . 2009-05-18 13:47 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\IEPro
2009-05-18 13:47 . 2009-05-18 13:47 -------- d-----w- c:\program files\IEPro
2009-05-18 08:56 . 2009-05-18 08:56 -------- d-----w- c:\program files\WIDCOMM
2009-05-18 08:54 . 2009-05-18 08:54 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\Audio Record Edit Toolbox Pro
2009-05-18 08:44 . 2009-05-18 08:44 -------- d-----w- c:\program files\ATI Technologies
2009-05-18 08:44 . 2009-05-18 08:44 -------- d-----w- c:\program files\ATI
2009-05-18 07:05 . 2009-05-18 06:20 -------- d-----w- c:\program files\Billeo
2009-05-18 07:05 . 2009-05-18 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\billeo
2009-05-18 06:22 . 2009-05-18 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2009-05-18 06:22 . 2009-05-18 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-18 06:21 . 2009-05-18 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2009-05-18 06:18 . 2009-05-18 06:18 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\Audio Recorder for Free
2009-05-18 06:18 . 2009-05-18 06:17 -------- d-----w- c:\program files\Audio Recorder for Free
2009-05-18 05:53 . 2009-05-18 05:53 -------- d-----w- c:\program files\AVG
2009-05-18 05:28 . 2009-05-18 05:28 -------- d-----w- c:\documents and settings\Sachin Naik\Application Data\InterTrust
2009-05-18 05:23 . 2009-05-17 17:09 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-18 05:12 . 2009-05-18 05:12 2232 ----a-w- c:\windows\java\Packages\Data\DFZJVRXJ.DAT
2009-05-18 05:12 . 2009-05-18 05:12 155995 ----a-w- c:\windows\java\Packages\H3DZJZDB.ZIP
2009-05-18 05:12 . 2009-05-18 05:12 2678 ----a-w- c:\windows\java\Packages\Data\U3V5BDB1.DAT
2009-05-18 05:12 . 2009-05-18 05:12 2678 ----a-w- c:\windows\java\Packages\Data\TNBRD3FB.DAT
2009-05-18 05:12 . 2009-05-18 05:12 2678 ----a-w- c:\windows\java\Packages\Data\GP7NN3N5.DAT
2009-05-18 05:12 . 2009-05-18 05:12 2678 ----a-w- c:\windows\java\Packages\Data\AWWFDBXV.DAT
2009-05-18 05:12 . 2009-05-18 05:12 2678 ----a-w- c:\windows\java\Packages\Data\2IBZBXFD.DAT
2009-05-18 05:11 . 2009-05-18 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-05-18 05:11 . 2009-05-18 05:11 -------- d-----w- c:\program files\Common Files\Motive
2009-05-17 17:34 . 2009-05-17 17:34 -------- d-----w- c:\program files\Realtek
2009-05-17 17:33 . 2009-05-17 17:33 315392 ----a-w- c:\windows\HideWin.exe
2009-05-17 17:10 . 2009-05-17 17:10 -------- d-----w- c:\program files\microsoft frontpage
2009-05-17 17:07 . 2009-05-17 17:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-06-19 259344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-20 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-28 1947928]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]

c:\documents and settings\Sachin Naik\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-5-19 19968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billeo.lnk - c:\program files\Billeo\billeo.exe [2008-11-20 1176840]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
SecureDoc.lnk - c:\program files\MSI\SecureDoc\Logon.exe [2009-6-1 82944]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 06:35 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-28 08:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [18-May-09 11:52 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [18-May-09 11:52 AM 46864]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [03-Jun-09 10:17 AM 21144]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28-May-09 11:51 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28-May-09 11:51 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23-Mar-09 02:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23-Mar-09 02:07 PM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [28-May-09 01:54 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28-May-09 01:54 PM 298776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-May-09 07:35 PM 195856]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-May-09 07:35 PM 19096]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23-Mar-09 02:07 PM 7408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [18-May-09 11:52 AM 33552]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = about:blank
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Crawler Search - tbr:iemenu
IE: Download with Star Downloader - f:\download\Star Downloader\sdie.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Sachin Naik\Application Data\Mozilla\Firefox\Profiles\t6tu1aay.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 12:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll

- - - - - - - > 'lsass.exe'(784)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(456)
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2009-06-27 12:22
ComboFix-quarantined-files.txt 2009-06-27 06:52

Pre-Run: 14,214,832,128 bytes free
Post-Run: 14,506,696,704 bytes free

242


_______________________________________________--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:27 PM, on 27-Jun-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Billeo\billeo.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Billeo - {465E08E7-F005-4389-980F-1D8764B3486C} - C:\Program Files\Billeo\billeo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - F:\Download\STARDO~1\SDIEInt.dll
O3 - Toolbar: Billeo - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - C:\Program Files\Billeo\billeo.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Billeo.lnk = C:\Program Files\Billeo\billeo.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download with Star Downloader - F:\Download\Star Downloader\sdie.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\Program Files\Billeo\billeo.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242710893437
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 6702 bytes

[Sachin Naik]

Presently I don't have any MBAM update problems, as I have updated it twice today successfully, but yes the one particular setting of MBAM “start with windows” is causing minor start-up problems sometimes, so i have unticked that option for MBAM, so i manually start MBAM protection.

The next strange thing that I have observed just now is that, when I opened my windows firewall, I was afraid to see the message “windows firewall is controlled by group policy”, I have not installed or i don't know anything about group policy later after doing some google search I found out that we can solve this problem by deleting one reg. key, so i deleted that key and my firewall came to normal as it was before
Is combo fix scan responsible for such thing (i.e. Group Policy) or malware? Because before running combofix such thing had not happened

I also use AVG 8.5 free & threatfire

well in my previous message I have posted the log files which u told me, this is just an additional message

[AdvancedSetup]

Please hang in there and I'll try to get back to you in a couple days. Hopefully we'll have a test version for you to use and see if it corrects this issue for you.
Yes its very possible that CF did put back the policy if it was already there.

[Sachin Naik]

ok thank you,

[AdvancedSetup]

Just wanted to keep you updated. Still don't have the file from the Developers. Will post back again soon.

[Sachin Naik]

still i am able to update my MBAM without any problems but I dont know about why u told be in the last topic that I am infected i.e here http://www.malwarebytes.org/forums/index.p...amp;#entry93392 as I dont have any problems presently
I mean don't you think so it could be the server problem? or still (malware).......

[AdvancedSetup]

You say you can now update MBAM? If so then please run the following and post back the log.

Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

[AdvancedSetup]

Please post an update on this.

[Sachin Naik]

actually its raining heavily here, my pc may get a power surge
so i need to wait for around 3 days
then i will post back

[AdvancedSetup]

Well please post back the Quick Scan log as soon as you can. It should only take a few minutes.
Just want to make sure all looks okay now.

[Sachin Naik]

Actually I had already posted the MBAM log file in my old message, I think u missed it, well this is the fresh log,

As I have allready mentioned, I dont have any problems with MBAM updating, but the only problem I face is that, I cannot start MBAM protection with windows because this causes start up problem, so I have to manually start it.
The other softwae I use is threatfire latest, and avg free latest version

but is this is malware issue? I dont think so but still no guarantee



Malwarebytes' Anti-Malware 1.38
Database version: 2379
Windows 5.1.2600 Service Pack 2

06-Jul-09 02:21:34 PM
mbam-log-2009-07-06 (14-21-34).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 115475
Time elapsed: 41 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[AdvancedSetup]

Okay let's try the following then if you're willing to spend some time and testing on this.

Let's first do a clean removal and reinstall of MBAM to ensure nothing odd is causing this from an old install or something.


Temporarily disable your Anti-Virus and Threatfire programs.
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. http://www.malwareby.../mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts make sure that your Anti-Virus is still disabled as well as Threatfire, then install the latest version of MBAM from here. http://www.malwareby...am-download.php
Note: You will need to reactivate the program using the license you were sent
Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray AND that it's not freezing.

Now re-enable your Anti-Virus only and restart the computer and verify if the issue still exists. If all is okay then re-enable Threatfire and reboot and verify if still all okay or not.

Post back and let me know the results. If it does still freeze then please run the following scanner and post both of those logs.


[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt

[/indent]

[AdvancedSetup]

Were you able to run through this? Did you have any questions?

[AdvancedSetup]

Are you still with us? Did you want to try and work through this if possible?

Let me know otherwise I'll go ahead and close up the post if you don't have the time or are not interested.

Thank you.

[Sachin Naik]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17-May-09 10:43:02 PM
System Uptime: 07-Sep-09 08:29:43 PM (-1439 hours ago)

Motherboard: ECS | | P4M890T-M
Processor: Intel® Pentium® D CPU 3.00GHz | CPU 1 | 2992/200mhz
Processor: Intel® Pentium® D CPU 3.00GHz | CPU 1 | 2992/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 13.224 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 19.424 GiB free.
E: is FIXED (NTFS) - 20 GiB total, 19.454 GiB free.
F: is FIXED (NTFS) - 16 GiB total, 13.867 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&1D8E1589&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&1D8E1589&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: WIDCOMM, Inc.
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS

==== System Restore Points ===================

RP1: 17-May-09 10:49:15 PM - System Checkpoint
RP2: 17-May-09 11:03:58 PM - Installed Realtek High Definition Audio Driver
RP3: 17-May-09 11:04:27 PM - Installed Windows XP KB888111WXPSP2.
RP4: 18-May-09 11:23:24 AM - Installed AVG Free 8.0
RP5: 18-May-09 11:47:59 AM - Installed Windows Media Format 9 Series Runtime Setup
RP6: 18-May-09 02:26:39 PM - Installed WIDCOMM Bluetooth Software
RP7: 18-May-09 02:29:04 PM - Unsigned driver install
RP8: 18-May-09 08:07:33 PM - Installed Windows XP KB915865.
RP9: 18-May-09 08:08:00 PM - Installed Windows NLSDownlevelMapping.
RP10: 18-May-09 08:08:16 PM - Installed Windows IDNMitigationAPIs.
RP11: 18-May-09 08:09:43 PM - Installed Windows Internet Explorer 7.
RP12: 18-May-09 08:15:42 PM - Avg8 Update
RP13: 18-May-09 08:19:07 PM - Avg8 Update
RP14: 19-May-09 04:53:43 PM - Installed OpenOffice.org 2.1
RP15: 19-May-09 05:23:46 PM - Unsigned driver install
RP16: 19-May-09 05:28:53 PM - Unsigned driver install
RP17: 19-May-09 06:00:05 PM - Installed FormatFactory
RP18: 20-May-09 07:23:01 PM - Installed QuickTime
RP19: 20-May-09 09:28:31 PM - Installed Avira RootKit Detection
RP20: 22-May-09 11:30:57 AM - System Checkpoint
RP21: 22-May-09 01:36:04 PM - Configured AVG Free 8.0
RP22: 22-May-09 01:39:06 PM - Configured AVG Free 8.0
RP23: 22-May-09 01:56:07 PM - Avg8 Update
RP24: 22-May-09 01:59:24 PM - Avg8 Update
RP25: 23-May-09 10:40:25 PM - Installed ProxyWay Extra
RP26: 24-May-09 01:50:17 PM - Installed SUPERAntiSpyware Free Edition
RP27: 28-May-09 11:45:37 AM - Removed AVG 8.5
RP28: 28-May-09 11:51:23 AM - Installed AVG Free 8.0
RP29: 28-May-09 12:02:30 PM - Configured AVG Free 8.0
RP30: 28-May-09 01:35:28 PM - Configured AVG Free 8.0
RP31: 28-May-09 01:41:32 PM - Avg8 Update
RP32: 28-May-09 01:55:15 PM - Avg8 Update
RP33: 01-Jun-09 12:57:31 PM - Installed Adobe Reader 6.0
RP34: 02-Jun-09 11:05:25 PM - Installed Platform
RP35: 03-Jun-09 10:20:34 AM - Installed Platform
RP36: 05-Jun-09 04:19:35 PM - Installed Project64 1.6
RP37: 11-Jun-09 10:47:34 PM - Avg8 Update
RP38: 11-Jun-09 10:49:53 PM - Avg8 Update
RP39: 26-Jun-09 10:41:57 PM - Removed ProxyWay Extra
RP40: 03-Jul-09 09:26:30 PM - Avg8 Update
RP41: 03-Jul-09 09:29:04 PM - Avg8 Update

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0
Aladdin
Audio Recorder for Free
AVG Anti-Rootkit Free
AVG Free 8.0
Avira RootKit Detection
Billeo
Crawler Toolbar with Web Security Guard
Das Unit Converter 6.25
Debut Video Capture Software
DriverAgent by TouchStone Software
FLV Player 1.3.3
FormatFactory
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
IE7Pro
Malwarebytes' Anti-Malware
Microsoft GIF Animator
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.22)
MSN
OpenOffice.org 2.1
PasswordKeeper
Platform
Project64 1.6
QuickTime
Realtek High Definition Audio Driver
Santa Claus in Trouble
Santa Claus in trouble ...again! - Demo
SecureDoc
Spybot - Search & Destroy
Star Downloader Free
SUPERAntiSpyware Free Edition
ThreatFire
Ultimate Racing Showdown 1.0
VIA Platform Device Manager
VIA/S3G Display Driver 6.14.10.0359
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WavePad Sound Editor
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Internet Explorer 7
WinRAR archiver
WordWeb

==== End Of File ===========================




DDS (Ver_09-06-26.01) - NTFSx86
Run by Sachin Naik at 21:04:23.20 on 09-Jul-09
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.252 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Billeo\billeo.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Sachin Naik\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = about:blank
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Billeo: {465e08e7-f005-4389-980f-1d8764b3486c} - c:\program files\billeo\billeo.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: : {fffffef0-5b30-21d4-945d-000000000000} - f:\download\stardo~1\SDIEInt.dll
TB: Billeo: {6adb0f93-1aa5-4bcf-9df4-cea689a3c111} - c:\program files\billeo\billeo.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [VTTimer] VTTimer.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\sachin~1\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\program files\billeo\billeo.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\msi\securedoc\Logon.exe
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Crawler Search - tbr:iemenu
IE: Download with Star Downloader - f:\download\star downloader\sdie.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242710893437
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: {E0AB15F7-D716-4717-9C83-24F4BBF80EAE} = 218.248.255.177 218.248.240.134
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sachin~1\applic~1\mozilla\firefox\profiles\t6tu1aay.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-5-18 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-5-18 46864]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-6-3 21144]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-5-18 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-28 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-28 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-3 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-3 298776]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-5-18 195856]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-18 19096]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-5-18 33552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-07-03 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-29 10:41 32,768 a------- c:\documents and settings\sachin naik\das_uc_dat625.dat
2009-06-29 10:35 <DIR> --d----- c:\program files\Das Unit Converter
2009-06-27 22:59 <DIR> --d----- C:\ComboFix
2009-06-27 22:59 388,608 a------- c:\windows\system32\CF21290.exe
2009-06-27 22:56 388,608 a------- c:\windows\system32\cmd.execf
2009-06-27 21:22 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-06-27 12:19 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-06-27 12:10 161,792 a------- c:\windows\SWREG.exe
2009-06-27 12:10 155,136 a------- c:\windows\PEV.exe
2009-06-27 12:10 98,816 a------- c:\windows\sed.exe
2009-06-27 11:57 <DIR> --dshr-- C:\cmdcons
2009-06-24 13:34 140,408 a------- C:\Aladdin-(U)-[!].gs0
2009-06-19 20:19 <DIR> --d----- c:\program files\Santa Claus in trouble ...again! - Demo
2009-06-17 20:15 <DIR> --d----- C:\Multimedia Files
2009-06-17 20:14 <DIR> --d----- c:\program files\Microsoft GIF Animator
2009-06-12 11:00 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-12 11:00 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-07-03 21:28 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 21:28 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-20 02:07 46,864 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-06-20 02:07 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-06-20 02:07 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-28 13:54 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-18 19:26 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-05-18 10:53 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-18 10:42 155,995 a------- c:\windows\java\packages\H3DZJZDB.ZIP
2009-05-18 10:42 2,232 a------- c:\windows\java\packages\data\DFZJVRXJ.DAT
2009-05-18 10:42 2,678 a------- c:\windows\java\packages\data\U3V5BDB1.DAT
2009-05-18 10:42 2,678 a------- c:\windows\java\packages\data\TNBRD3FB.DAT
2009-05-18 10:42 2,678 a------- c:\windows\java\packages\data\GP7NN3N5.DAT
2009-05-18 10:42 2,678 a------- c:\windows\java\packages\data\AWWFDBXV.DAT
2009-05-18 10:42 2,678 a------- c:\windows\java\packages\data\2IBZBXFD.DAT
2009-05-17 23:03 315,392 a------- c:\windows\HideWin.exe
2009-05-17 22:37 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 21:06:03.42 ===============


the first method did not work

[AdvancedSetup]

Well let me send you a Private Message for a beta version of the software you can try.

However you do have a lot of software that it could potentially be conflicting with, some of which might have logs to show an issue or in the Event Viewer.

AVG Anti-Rootkit Free
AVG Free 8.0
Avira RootKit Detection
Crawler Toolbar with Web Security Guard
SecureDoc
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
ThreatFire

I'll send you the Private Message and if it still has issues loading then we'll need to run some debugging tools to see if we can track down the the cause. Do you have access to another computer that is on the same network as this computer in case we need to run a remote debug session?