I have successfully ran Combofix under the new name MyPoppy.exe
It has installed the recovery console.
Here is the report;
ComboFix 11-01-10.04 - default 17/01/2011 22:42:47.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2038.1634 [GMT 0:00]
Running from: C:\MyPoppy.exe
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2010-12-17 to 2011-01-17 )))))))))))))))))))))))))))))))
.
2011-01-17 21:44 . 2011-01-17 21:44 120951 ----a-w- C:\hskrby9y.exe
2011-01-16 07:48 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-16 07:48 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-15 16:29 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-15 16:28 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-14 08:45 . 2011-01-14 08:45 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2011-01-14 08:45 . 2011-01-14 08:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2011-01-14 08:45 . 2011-01-14 08:45 -------- d-----w- c:\documents and settings\default\Application Data\Intel
2011-01-14 08:45 . 2011-01-14 08:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2011-01-14 08:45 . 2011-01-14 08:45 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-01-14 08:45 . 2011-01-14 08:45 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-01-14 08:45 . 2011-01-14 08:45 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2011-01-14 08:45 . 2011-01-14 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2011-01-14 08:45 . 2007-02-25 06:05 2203520 ----a-w- c:\windows\system32\drivers\NETw4x32.sys
2011-01-14 08:45 . 2007-02-15 12:31 2756608 ----a-w- c:\windows\system32\NETw4r32.dll
2011-01-14 08:45 . 2007-02-15 12:30 679936 ----a-w- c:\windows\system32\NETw4c32.dll
2011-01-08 17:14 . 2011-01-08 17:15 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-08 02:35 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-12-29 22:20 . 2010-12-29 22:20 -------- d-s---w- c:\documents and settings\Administrator\IETldCache
2010-12-29 22:19 . 2010-10-23 17:55 553984 ----a-r- C:\OTLPE.exe
2010-12-29 22:18 . 2010-12-31 21:25 -------- d-----w- C:\_OTL
2010-12-26 07:26 . 2010-12-26 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-12-25 16:13 . 2010-12-29 02:57 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-06-19 22:15 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-06-19 22:17 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2008-06-19 22:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-06-19 22:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2008-06-19 22:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-06-19 22:15 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-06-19 22:17 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-06-19 22:13 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-06-19 22:19 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-27 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-23 202256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SMSERIAL"="sm56hlpr.exe" [2006-01-10 544768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\default\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 05:40 135664]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PXKOAAOD
*Deregistered* - pxkoaaod
.
Contents of the 'Scheduled Tasks' folder
2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:40]
2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:40]
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3604336360-109894556-3801463734-1006Core.job
- c:\documents and settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 15:03]
2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3604336360-109894556-3801463734-1006UA.job
- c:\documents and settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 15:03]
2011-01-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3604336360-109894556-3801463734-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2011-01-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3604336360-109894556-3801463734-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-10-24 c:\windows\Tasks\User_Feed_Synchronization-{2E16A703-F1B3-4340-B56D-A79C454F9DE3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-01-17 22:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(852)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-01-17 22:45:35
ComboFix-quarantined-files.txt 2011-01-17 22:45
Pre-Run: 144,860,549,120 bytes free
Post-Run: 144,878,952,448 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 8663BD45A4A075B9FC11C65654B4C771