is there any other way i can download this? my laptop doesnt seem to want to let the download manager for avg connect to the internet in safe mode?

is there a way without this download manager or another program i can use?

ive tried via wireless and wired - no luck.

Matt

Yeah, Safe Mode with Networking?

Or you could do PCHF Prework first. Transfer the log file via memory stick?

Safe mode with networking was what i had it on however didnt seem to want to let the avg download manager connect?????

anyway followed ur advice and completed prework

Attached as requested

Matt


DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by Matthew Norris at 11:39:07.46 on 13/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.246.26 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Matthew Norris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew Norris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew Norris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew Norris\My Documents\Downloads\dds (1).scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 0.0.0.0:80
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*Yahoo! Search - Web Search
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\windows\system32\WSBar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Google Update] "c:\documents and settings\matthew norris\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUt il.exe -p
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [SECEDIT] c:\drivers\SECEDIT.EXE
mRun: [Nfo] c:\windows\system32\nfomon\nfomon.exe
mRun: [vidmon] c:\windows\system32\vidmon\vidmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [<NO NAME>]
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [{D0476948-063C-2057-0712-05042820002c}] "c:\program files\common files\{d0476948-063c-2057-0712-05042820002c}\Update.exe" te-110-12-0000073
dExplorerRun: [{D0476948-063C-2057-0712-05042820002c}] "c:\program files\common files\{d0476948-063c-2057-0712-05042820002c}\Update.exe" te-110-12-0000073
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ado ber~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205350999667
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} - hxxp://support.packardbell.com/files/activex/InfosFinder2.CAB
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

S2 Client IP-IPX;Client IP-IPX;"c:\windows\system32\svchosts.exe" -e te-110-12-0000073 --> c:\windows\system32\svchosts.exe [?]
S2 cmdService;Command Service;c:\windows\twf0dghldybob3jyaxm\command.exe --> c:\windows\twf0dghldybob3jyaxm\command.exe [?]
S2 Network Monitor;Network Monitor;c:\program files\network monitor\netmon.exe service --> c:\program files\network monitor\netmon.exe service [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\driv ers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2008-9-5 4608]

=============== Created Last 30 ================

2009-11-12 14:08:15 0 d-----w- c:\docume~1\matthe~1\applic~1\AVG8

==================== Find3M ====================

2009-11-11 12:29:54 98304 ----a-w- c:\windows\DUMPba34.tmp
2009-11-06 13:41:27 98304 ----a-w- c:\windows\DUMPc7bd.tmp
2006-12-29 19:03:08 80 -csh--r- c:\windows\system32\362E5B03BE.dll
2008-09-03 23:31:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080 905\index.dat
2005-07-29 16:24:26 472 --sha-r- c:\windows\twf0dghldybob3jyaxm\nqIXx315xV1ivaLVurg .vbs

============= FINISH: 11:39:53.22 ===============



Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
``````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
HijackThis 1.99.1
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_05
Out of date Java installed!
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

** Transferred to HJT Froum
@security, please contact me for malware information first

Hello norris,

A few things before we start....
1. Please Read All Instructions Carefully.
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you.
4. If you have to go away for an extended period of time, let me know.
5. Please continue to respond until I give you the "All Clear".
(Just because you can't see a problem doesn't mean it isn't there)


You may have to do all these in Safe Mode with Networking.

First, download - rustbfix.exe ...and save it to your desktop.
Double click on rustbfix.exe to run the tool.
If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically.
After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post them in your reply later.

=============

Please download Malwarebytes' Anti-Malware by clicking the link below:
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

================

Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.


Please include MBAM log, C:\ComboFix.txt, the two logs from Rustbfix.exe, and a new DDS log for further review, so that we may continue cleansing the system. You may have to split them up in multiple posts if it gets too long.


Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

ok done all that , here's my next logs,

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
15/11/2009 13:10:00.98

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 69670
Total size: 69670 bytes.
Attempting to remove ADS...
system32: deleted 69670 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ********************************


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\xgpirkbx

*******************

Script file located at: \??\C:\jwfxhshi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.