As I'm sure you can see, the Windows Recovery Console failed to install. I do/did have an active internet connection while I ran Combo-Fix. I tried running it again but it didnt work. The first time three files were deleted: two of which were located in my C: (one was "twain32"?) and the third file was F:/INSTALL if i remember correctly. (Does any of what I say even matter? Or do you guys just need my logs? Or is this just a computer program?)
ComboFix 10-01-21.08 - James 01/22/2010 22:48:54.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.2047 [GMT -6:00]
Running from: c:\documents and settings\James\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.
2010-01-22 23:43 . 2010-01-22 23:43 -------- d-----w- c:\documents and settings\James\Application Data\Malwarebytes
2010-01-22 23:43 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-22 23:43 . 2010-01-22 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 23:43 . 2010-01-22 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-22 23:43 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-08 03:18 . 2010-01-08 03:48 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-08 03:18 . 2010-01-08 03:48 -------- d-----w- c:\program files\MSBuild
2010-01-08 03:18 . 2010-01-08 03:47 -------- d-----w- c:\program files\Reference Assemblies
2010-01-08 02:59 . 2010-01-08 02:59 4079616 ----a-w- c:\windows\system32\msdllrv.exe
2010-01-05 00:29 . 2010-01-05 00:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-05 00:29 . 2010-01-05 00:29 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-26 19:30 . 2009-12-26 19:30 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-26 19:30 . 2009-12-26 19:30 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-26 19:30 . 2009-12-26 19:30 -------- d-----w- c:\program files\OpenAL
2009-12-26 17:05 . 2009-12-26 17:05 -------- d-----w- c:\program files\Activision
2009-12-25 18:06 . 2009-12-25 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-12-25 18:06 . 2009-12-25 18:06 836464 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2009-12-25 18:05 . 2010-01-18 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-25 17:57 . 2010-01-23 00:04 -------- d-----w- c:\program files\Steam
2009-12-25 15:41 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-25 15:41 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 04:28 . 2009-07-16 23:56 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2010-01-23 02:37 . 2008-11-30 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-23 00:03 . 2005-08-31 19:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-23 00:01 . 2008-07-21 17:16 -------- d-----w- c:\program files\Lx_cats
2010-01-22 23:34 . 2009-06-26 23:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-22 21:30 . 2010-01-19 21:26 -------- d-----w- c:\documents and settings\Abby\Application Data\vlc
2010-01-22 04:15 . 2010-01-22 04:15 388096 ----a-r- c:\documents and settings\James\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-22 04:15 . 2010-01-22 04:15 -------- d-----w- c:\program files\TrendMicro
2010-01-20 21:52 . 2008-08-05 01:12 56 --sh--r- c:\windows\system32\8F53FFE3C8.sys
2010-01-20 21:52 . 2008-08-05 01:12 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-20 02:38 . 2009-09-02 22:14 69 ----a-w- c:\documents and settings\Abby\jagex_runescape_preferences2.dat
2010-01-20 02:38 . 2009-08-27 22:38 39 ----a-w- c:\documents and settings\Abby\jagex_runescape_preferences.dat
2010-01-19 21:25 . 2009-07-24 00:00 55376 ----a-w- c:\documents and settings\Abby\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-19 04:34 . 2009-10-26 23:28 -------- d-----w- c:\program files\SwiftKit
2010-01-19 04:34 . 2008-07-21 21:07 39 ----a-w- c:\documents and settings\James\jagex_runescape_preferences.dat
2010-01-19 04:32 . 2009-09-02 13:11 69 ----a-w- c:\documents and settings\James\jagex_runescape_preferences2.dat
2010-01-19 04:12 . 2008-10-03 04:33 -------- d-----w- c:\documents and settings\James\Application Data\Azureus
2010-01-19 00:28 . 2008-07-21 16:39 55376 ----a-w- c:\documents and settings\James\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 23:33 . 2009-03-20 03:04 -------- d-----w- c:\program files\MSECACHE
2010-01-08 04:07 . 2010-01-08 04:07 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-05 06:44 . 2009-11-16 07:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 05:28 . 2009-09-01 13:21 -------- d-----w- c:\documents and settings\James\Application Data\vlc
2010-01-05 00:33 . 2008-09-05 02:05 -------- d-----w- c:\program files\Safari
2009-12-29 01:53 . 2008-07-21 16:43 -------- d-----w- c:\program files\Google
2009-12-26 16:43 . 2008-10-03 04:33 -------- d-----w- c:\program files\Vuze
2009-12-26 01:29 . 2008-09-04 02:51 -------- d-----w- c:\documents and settings\James\Application Data\Apple Computer
2009-12-25 15:41 . 2008-09-04 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-13 17:42 . 2009-12-13 17:42 -------- d-----w- c:\program files\Sierra
2009-12-13 16:16 . 2009-12-13 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-13 07:21 . 2005-08-31 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-13 07:21 . 2009-12-13 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-13 06:49 . 2009-12-13 06:49 -------- d-----w- c:\program files\AskBarDis
2009-11-21 15:51 . 2004-08-10 17:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 03:39 . 2009-11-10 03:39 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll
2006-05-03 10:06 . 2009-02-18 23:03 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-02-18 23:03 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-18 23:03 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-30 39408]
"Steam"="c:\program files\steam\steam.exe" [2009-12-25 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 49512]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-07-21 100056]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-06-20 286720]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 294912]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 98304]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
c:\documents and settings\James\Start Menu\Programs\Startup\
DeskPins.lnk - c:\program files\DeskPins\DeskPins.exe [2004-5-2 62464]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 5:39 PM 72992]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [1/13/2009 5:39 PM 1078560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/4/2009 4:54 PM 24652]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/26/2008 1:58 PM 717296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 7:54 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-01-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-21 20:12]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 01:53]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 01:53]
2010-01-23 c:\windows\Tasks\Norton AntiVirus - Scan my computer - James.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-15 19:47]
2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{29AEBFDC-A264-4A24-BB84-5866662250B2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{D239880A-44B6-4660-BA81-865330690F1B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-22 22:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2352)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-01-22 22:53:36
ComboFix-quarantined-files.txt 2010-01-23 04:53
ComboFix2.txt 2010-01-23 04:39
Pre-Run: 14,331,420,672 bytes free
Post-Run: 14,320,185,344 bytes free
- - End Of File - - 672D184049CC0CEE0FDEAC256B25DFF0