caherbear
1 Nickel

Cannot install drivers; cannot update windows; have attempted and failed to boot in safe mode; Have received NT Authority/System message & system shut down!

Below is the information from the HijackThis file.  Know enough to get around systems, but when it comes to spyware and viruses, not my forte. Have Norton Internet Security 2011 on this system. Tower was my son's and it's been idle for over a year.  Got tired of my 30GB HD on my 7+ year old system and used PCMover to move files from my old system to this one not realizing it was polluted and now, after 3 days of fighting with it, I'm tired and need help.

Spoke to a tech at Norton 2 night ago and they tried to use Norton Power Erase on it.  Kept getting an error message saying "NPE.exe" was not in win32. Tech said operating system was probably infected with "advanced virus" and needed to use  other means - bootable something or other. Drive in system is CD and I do not have an unused USB key to create something bootable to try that. Downloaded and ran PCTOOLS spyware doctor and it found lots of stuff but want to charge to remove when I already have Norton emoticon.Sad.title   Just not having a great ....whatever.   Ran full scan with Norton and found 35 adware/spyware items and removed. don't recall if it found a virus.  Anything else, please ask.  Need major help.

Thanks so much

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:02:21 PM, on 12/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\V7PSTOQE\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/yme/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O1 - Hosts: 207.7.142.44 iwalton.com
O1 - Hosts: 207.7.142.44 www.iwalton.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /H
O4 - HKUS\S-1-5-21-2637955601-3924065142-218781117-1007\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Alternate')
O4 - HKUS\S-1-5-21-2637955601-3924065142-218781117-1007\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\Laplink\PCmover\CookieMerge.exe" "C:\Documents and Settings\Alternate\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'Alternate')
O4 - HKUS\S-1-5-21-2637955601-3924065142-218781117-501\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Guest')
O4 - HKUS\S-1-5-21-2637955601-3924065142-218781117-501\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\Laplink\PCmover\CookieMerge.exe" "C:\Documents and Settings\Guest\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154775489250
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by115fd.bay115.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/msn/TrueInstallMSN.exe
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 15497 bytes

0 Kudos
9 Replies
kevinf80
3 Zinc

Re: Cannot install drivers; cannot update windows; have attempted and failed to boot in safe mode; Have received NT Authority/System message & system shut down!

Hello caherbear,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.


Please proceed as follows :-

Step 1

Please re-open HiJackThis and scan only.  Check the boxes next to all the entries listed below.

O1 - Hosts: 207.7.142.44 iwalton.com
O1 - Hosts: 207.7.142.44 www.iwalton.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)


Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.  Reboot.

Step 2

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

Combofix

Don`t forget Combofix must be saved to your desktop. <--Very important

Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection


Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)


Step 3

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What i`d like to see in your reply :-

  • Log from Combofix
  • Log from Security Checks


Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
caherbear
1 Nickel

Re: Cannot install drivers; cannot update windows; have attempted and failed to boot in safe mode; Have received NT Authority/System message & system shut down!

Hi Kevin

Thank you so much for your help on this.  I'm not as familiar with this system as my old one so I'm not sure what's on it, but I did uninstall p2p software that I could see and ran the Combofix and the Security Checks. I am turing my firewall back on and my Norton AntiVirus to make sure nothing else comes in but here are the notes you requested.

Again, thank you

Melisse

 Results of screen317's Security Check version 0.99.6 
 Windows XP Service Pack 3 
 Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

 Windows Firewall Disabled! 
 Norton Internet Security   
```````````````````````````````
Anti-malware/Other Utilities Check:

 Spyware Doctor 7.0  
 Windows Defender Signatures  
 Adobe Flash Player 10.0.22.87 
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent

 Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:

 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

ComboFix 10-12-03.01 - Sean 12/03/2010  22:06:39.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1298 [GMT -8:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Sean\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Sean\Local Settings\Temp\IadHide4.dll
c:\program files\Common Files\inetget
c:\windows\system32\_003275_.tmp.dll
c:\windows\system32\_003276_.tmp.dll
c:\windows\system32\_003277_.tmp.dll
c:\windows\system32\_003278_.tmp.dll
c:\windows\system32\_003280_.tmp.dll
c:\windows\system32\_003281_.tmp.dll
c:\windows\system32\_003282_.tmp.dll
c:\windows\system32\_003283_.tmp.dll
c:\windows\system32\_003285_.tmp.dll
c:\windows\system32\_003286_.tmp.dll
c:\windows\system32\_003287_.tmp.dll
c:\windows\system32\_003288_.tmp.dll
c:\windows\system32\_003290_.tmp.dll
c:\windows\system32\_003291_.tmp.dll
c:\windows\system32\_003294_.tmp.dll
c:\windows\system32\_003295_.tmp.dll
c:\windows\system32\_003297_.tmp.dll
c:\windows\system32\_003298_.tmp.dll
c:\windows\system32\_003299_.tmp.dll
c:\windows\system32\_003301_.tmp.dll
c:\windows\system32\_003302_.tmp.dll
c:\windows\system32\_003303_.tmp.dll
c:\windows\system32\_003304_.tmp.dll
c:\windows\system32\_003305_.tmp.dll
c:\windows\system32\_003306_.tmp.dll
c:\windows\system32\_003308_.tmp.dll
c:\windows\system32\_003309_.tmp.dll
c:\windows\system32\_003310_.tmp.dll
c:\windows\system32\_003311_.tmp.dll
c:\windows\system32\_003312_.tmp.dll
c:\windows\system32\_003315_.tmp.dll
c:\windows\system32\_003316_.tmp.dll
c:\windows\system32\_003317_.tmp.dll
c:\windows\system32\_003318_.tmp.dll
c:\windows\system32\_003319_.tmp.dll
c:\windows\system32\_003320_.tmp.dll
c:\windows\system32\_003321_.tmp.dll
c:\windows\system32\_003322_.tmp.dll
c:\windows\system32\_003324_.tmp.dll
c:\windows\system32\_003325_.tmp.dll
c:\windows\system32\_003326_.tmp.dll
c:\windows\system32\_003327_.tmp.dll
c:\windows\system32\_003328_.tmp.dll
c:\windows\system32\_003329_.tmp.dll
c:\windows\system32\_003330_.tmp.dll
c:\windows\system32\_003331_.tmp.dll
c:\windows\system32\_003333_.tmp.dll
c:\windows\system32\_003334_.tmp.dll
c:\windows\system32\_003335_.tmp.dll
c:\windows\system32\_003336_.tmp.dll
c:\windows\system32\_003339_.tmp.dll
c:\windows\system32\_003340_.tmp.dll
c:\windows\system32\_003344_.tmp.dll
c:\windows\system32\_003345_.tmp.dll
c:\windows\system32\_003347_.tmp.dll
c:\windows\system32\_003350_.tmp.dll
c:\windows\system32\_003352_.tmp.dll
c:\windows\system32\_003353_.tmp.dll
c:\windows\system32\_003354_.tmp.dll
c:\windows\system32\_003355_.tmp.dll
c:\windows\system32\_003358_.tmp.dll
c:\windows\system32\_003359_.tmp.dll
c:\windows\system32\_003360_.tmp.dll
c:\windows\system32\_003361_.tmp.dll
c:\windows\system32\_003362_.tmp.dll
c:\windows\system32\_003367_.tmp.dll
c:\windows\system32\_003369_.tmp.dll
c:\windows\system32\Data
c:\windows\system32\drivers\oreans32.sys
c:\windows\system32\Packet.dll
c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
c:\windows\system32\spool\prtprocs\w32x86\hpzpp3xu.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LSASS
-------\Legacy_USNJSVC
-------\Service_usnjsvc
-------\Legacy_oreans32
-------\Service_oreans32


(((((((((((((((((((((((((   Files Created from 2010-11-04 to 2010-12-04  )))))))))))))))))))))))))))))))
.

2010-12-04 03:50 . 2010-12-04 03:50 -------- d-----w- C:\0ea602513249ed22e8382964b7a741
2010-12-04 03:21 . 2010-12-04 03:22 -------- d-----w- C:\52877e3b958102365cea9b
2010-12-02 05:10 . 2010-12-02 05:10 -------- d-----w- C:\c1048a79a9488be177a5
2010-12-02 04:56 . 2010-12-02 04:56 388096 ----a-r- c:\documents and settings\Sean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-02 04:56 . 2010-12-02 04:56 -------- d-----w- c:\program files\Trend Micro
2010-12-02 02:01 . 2010-12-02 02:01 -------- d-----w- C:\4cff4245cc575733e0e2655562
2010-12-01 14:50 . 2010-12-01 15:12 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\NPE
2010-12-01 02:01 . 2010-12-01 02:01 -------- d-----w- C:\6e2f003d31b06c8d60edeb19d41f6c
2010-11-30 07:17 . 2010-11-30 07:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-11-30 03:02 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-30 03:01 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-30 02:31 . 2010-11-30 02:31 -------- d-----w- c:\documents and settings\Sean\Application Data\Tific
2010-11-30 02:30 . 2010-11-30 02:30 -------- d-----w- C:\33650413c6799b40b0477e76
2010-11-29 05:21 . 2010-02-02 18:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-11-29 05:15 . 2010-02-05 17:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-29 05:14 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-29 05:14 . 2009-09-24 00:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-29 05:14 . 2010-02-05 17:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-29 05:14 . 2010-12-04 04:46 -------- d-----w- c:\program files\Spyware Doctor
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-29 05:14 . 2010-11-29 05:14 -------- d-----w- c:\documents and settings\Sean\Application Data\PC Tools
2010-11-29 05:10 . 2010-11-29 05:13 -------- d-----w- c:\documents and settings\Sean\Application Data\GetRightToGo
2010-11-29 02:40 . 2006-10-22 20:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-11-28 23:34 . 2010-11-28 23:34 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\PCHealth
2010-11-28 23:25 . 2006-04-10 22:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-11-28 23:25 . 2006-04-10 22:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-11-28 23:22 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-11-28 22:27 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-11-28 22:27 . 2006-04-13 00:04 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-28 22:27 . 2006-04-13 00:04 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-28 22:20 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-11-28 22:17 . 2010-11-29 03:53 -------- d-----w- c:\windows\ServicePackFiles
2010-11-28 22:15 . 2010-11-28 22:15 -------- d-----w- c:\program files\SystemRequirementsLab
2010-11-28 22:12 . 2006-10-22 23:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-11-28 20:40 . 2010-11-28 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton Installer
2010-11-28 20:38 . 2008-04-02 23:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-11-28 20:38 . 2008-04-02 23:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-11-28 20:38 . 2008-04-02 23:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-11-28 20:38 . 2010-11-29 02:46 -------- d-----w- c:\program files\Norton Utilities 14
2010-11-28 20:22 . 2010-11-28 20:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-28 20:22 . 2010-11-28 20:22 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-28 20:22 . 2010-11-28 20:22 -------- d-----w- c:\program files\Symantec
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\windows\system32\drivers\NIS
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Norton Internet Security
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Windows Sidebar
2010-11-28 19:36 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-28 19:26 . 2010-11-28 19:27 -------- d-----w- c:\windows\NV10921556.TMP
2010-11-28 19:25 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-11-28 19:23 . 2010-11-28 19:23 -------- d-----w- C:\NVIDIA
2010-11-28 18:01 . 2010-11-28 18:01 -------- d-----w- c:\program files\Hewlett-Packard
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Zynga
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intuit
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ServiceTest
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Unused Desktop Shortcuts
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\PrivacIE
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IETldCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IECompatCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.thumbnails
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.gimp-2.4
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Laplink
2010-11-28 03:07 . 2010-11-28 03:07 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Windows Live Writer
2010-11-28 03:06 . 2010-11-28 03:06 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-11-28 03:04 . 2010-11-28 03:05 -------- d-----w- C:\RV
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\PROVW21
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----r- C:\MSOCache
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\esfax
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\EPSONREG
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\Envision
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\DVDFab_Temp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\drvrtmp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\92f970bc563b815c829108
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\44781b6fa44d731cd457aca8a8
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\SHELLNEW
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Seiko
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Motive
2010-11-28 02:47 . 2010-11-28 02:47 -------- d--h--w- c:\windows\ie8
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\DRIVERS
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\.jagex_cache_32
2010-11-28 02:41 . 2010-11-28 02:42 -------- d-----w- c:\program files\Windows Live Toolbar
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live Favorites
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Western Digital
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Webroot
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\WebEx
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VZBB Toolbar
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VSO
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\Virtual Earth 3D
2010-11-28 02:37 . 2010-11-28 02:39 -------- d-----w- c:\program files\Verizon Online
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\verizon
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TurboTax
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TomTom International B.V
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TechSmith
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\SupportSoft
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Smart Label
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Samsung
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Research In Motion
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Reference Assemblies
2010-11-28 02:33 . 2010-11-28 02:36 -------- d-----w- c:\program files\QUICKEN
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Pure Networks
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm Digital Media
2010-11-28 02:30 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\OfficeUpdate11
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\NortonInstaller
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Nero
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MsnMusic
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSECache
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSBuild
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Motive
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft.NET
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-28 02:28 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft Picture It! 9
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft AntiSpyware
2010-11-28 02:24 . 2010-11-28 02:28 -------- d-----w- c:\program files\iTunes
2010-11-28 02:24 . 2010-11-28 02:24 -------- d-----w- c:\program files\ItsDeductible2005
2010-11-28 02:21 . 2010-11-28 02:24 -------- d-----w- c:\program files\HP
2010-11-28 02:20 . 2010-11-28 02:20 -------- d-----w- c:\program files\Flip Video

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 20:23 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 17:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 17:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-10 17:51 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-10 17:51 389120 ----a-w- c:\windows\system32\html.iec
2003-08-27 21:19 . 2005-09-12 01:53 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 20480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-11-28 4093288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-10 132248]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-24 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-12-24 581632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartCapture.lnk]
backup=c:\windows\pss\SmartCapture.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=c:\windows\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sean^Start Menu^Programs^Startup^Norton Disk Doctor.lnk]
backup=c:\windows\pss\Norton Disk Doctor.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180ClientStubInstall
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1136534396\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-04-14 02:51 385024 ----a-w- c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 20:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 20:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 20:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2008-07-08 23:41 2828184 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"GEARSecurity"=2 (0x2)
"WinDefend"=2 (0x2)
"Norton Ghost"=2 (0x2)
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"gusvc"=3 (0x3)
"IntuitUpdateService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/28/2010 9:14 PM 207280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [11/28/2010 12:22 PM 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [11/28/2010 12:22 PM 666672]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/28/2010 9:21 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/28/2010 9:21 PM 59664]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 6:20 PM 691248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/28/2010 9:15 PM 233136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [11/28/2010 12:22 PM 134704]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [11/28/2010 12:22 PM 126904]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 10:33 AM 110592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 10:32 AM 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 10:32 AM 482304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2010 4:06 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101130.001\IDSXpx86.sys [10/19/2010 12:36 PM 341880]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [5/8/2006 6:10 PM 347648]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter(R);Belkin Belkin 11Mbps Wireless USB Network Adapter(R) Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\bkusbxp.sys --> c:\windows\system32\DRIVERS\bkusbxp.sys [?]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [11/27/2010 2:54 PM 4736]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 10:29 AM 118106]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/28/2010 9:14 PM 70408]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [11/27/2010 2:54 PM 8960]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/28/2010 9:14 PM 365280]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/28/2010 9:21 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 wuddvvondl;wuddvvondl;\??\c:\program files\Mozilla Firefox\wuddvvondl.sys --> c:\program files\Mozilla Firefox\wuddvvondl.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2010-12-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE: {{1F958B09-3312-7f0e-9723-4C1324C57B20}
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
AddRemove-Lavasoft VX2 Cleaner - c:\progra~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 22:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2637955601-3924065142-218781117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(800)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-12-03  22:41:33 - machine was rebooted
ComboFix-quarantined-files.txt  2010-12-04 06:41

Pre-Run: 404,484,096 bytes free
Post-Run: 4,186,816,512 bytes free

- - End Of File - - 95FA479832112946D3F02C36FEE61DA6

0 Kudos
kevinf80
3 Zinc

Re: Cannot install drivers; cannot update windows; have attempted and failed to boot in safe mode; Have received NT Authority/System message & system shut down!

Hiya caherbear,

Proceed as follows please :-

Step 1

We need to install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. It may also be useful in the future.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named to the Desktop.

Note: If you have SP2 or SP3, use the SP2 package.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

user posted image

  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console



user posted image

  • at the next prompt, click 'No' we do not want to run ComboFix scan at this stage.



Step 2

user posted image Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the user posted image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

  • Click on user posted image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the user posted image icon on your desktop.

 

  • Check user posted image
  • Click the user posted image button.
  • Accept any security warnings from your browser.
  • Check user posted image
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push user posted image
  • Push user posted image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the user posted image button.
  • Push user posted image


You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your
system.


What i`d like in your reply :-

  • Confirmation Recovery Console installed ok
  • Log from Malwarebytes
  • Log from ESET
  • System update. improvements? remaining issues?



Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
caherbear
1 Nickel

Re: Cannot install drivers; cannot update windows; have attempted and failed to boot in safe mode; Have received NT Authority/System message & system shut down!

Hi Kevin

Recovery Console - now it is confirmed there.  I did what the instructions said to drag the file icon over to combofix and combofix started so I "assumed" it had done the console install.  Couldn't tell you if the dialog boxes came up, but now it does show as there.

Below is all the data from the different logs:

This is from Combofix:

ComboFix 10-12-03.03 - Sean 12/04/2010  11:33:34.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1467 [GMT -8:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sean\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Sean\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\Sean\Local Settings\Temp\IadHide4.dll
c:\windows\Imgtask.exe

.
(((((((((((((((((((((((((   Files Created from 2010-11-04 to 2010-12-04  )))))))))))))))))))))))))))))))
.

2010-12-04 07:11 . 2010-12-04 07:34 -------- d-----w- C:\9a08679f2544edbe6ef9ff
2010-12-04 03:50 . 2010-12-04 03:50 -------- d-----w- C:\0ea602513249ed22e8382964b7a741
2010-12-04 03:21 . 2010-12-04 03:22 -------- d-----w- C:\52877e3b958102365cea9b
2010-12-02 05:10 . 2010-12-02 05:10 -------- d-----w- C:\c1048a79a9488be177a5
2010-12-02 04:56 . 2010-12-02 04:56 388096 ----a-r- c:\documents and settings\Sean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-02 04:56 . 2010-12-02 04:56 -------- d-----w- c:\program files\Trend Micro
2010-12-02 02:01 . 2010-12-02 02:01 -------- d-----w- C:\4cff4245cc575733e0e2655562
2010-12-01 14:50 . 2010-12-01 15:12 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\NPE
2010-12-01 02:01 . 2010-12-01 02:01 -------- d-----w- C:\6e2f003d31b06c8d60edeb19d41f6c
2010-11-30 07:17 . 2010-11-30 07:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-11-30 03:02 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-30 03:01 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-30 02:31 . 2010-11-30 02:31 -------- d-----w- c:\documents and settings\Sean\Application Data\Tific
2010-11-30 02:30 . 2010-11-30 02:30 -------- d-----w- C:\33650413c6799b40b0477e76
2010-11-29 05:21 . 2010-02-02 18:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-11-29 05:15 . 2010-02-05 17:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-29 05:14 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-29 05:14 . 2009-09-24 00:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-29 05:14 . 2010-02-05 17:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-29 05:14 . 2010-12-04 04:46 -------- d-----w- c:\program files\Spyware Doctor
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-29 05:14 . 2010-11-29 05:14 -------- d-----w- c:\documents and settings\Sean\Application Data\PC Tools
2010-11-29 05:10 . 2010-11-29 05:13 -------- d-----w- c:\documents and settings\Sean\Application Data\GetRightToGo
2010-11-28 23:34 . 2010-11-28 23:34 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\PCHealth
2010-11-28 23:25 . 2006-04-10 22:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-11-28 23:25 . 2006-04-10 22:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-11-28 23:22 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-11-28 22:27 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-11-28 22:27 . 2006-04-13 00:04 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-28 22:27 . 2006-04-13 00:04 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-28 22:20 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-11-28 22:17 . 2010-11-29 03:53 -------- d-----w- c:\windows\ServicePackFiles
2010-11-28 22:15 . 2010-11-28 22:15 -------- d-----w- c:\program files\SystemRequirementsLab
2010-11-28 20:40 . 2010-11-28 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton Installer
2010-11-28 20:38 . 2008-04-02 23:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-11-28 20:38 . 2008-04-02 23:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-11-28 20:38 . 2008-04-02 23:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-11-28 20:38 . 2010-11-29 02:46 -------- d-----w- c:\program files\Norton Utilities 14
2010-11-28 20:22 . 2010-11-28 20:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-28 20:22 . 2010-11-28 20:22 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-28 20:22 . 2010-11-28 20:22 -------- d-----w- c:\program files\Symantec
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\windows\system32\drivers\NIS
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Norton Internet Security
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Windows Sidebar
2010-11-28 19:36 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-28 19:26 . 2010-11-28 19:27 -------- d-----w- c:\windows\NV10921556.TMP
2010-11-28 19:25 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-11-28 19:23 . 2010-11-28 19:23 -------- d-----w- C:\NVIDIA
2010-11-28 18:01 . 2010-11-28 18:01 -------- d-----w- c:\program files\Hewlett-Packard
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Zynga
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intuit
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ServiceTest
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Unused Desktop Shortcuts
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\PrivacIE
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IETldCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IECompatCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.thumbnails
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.gimp-2.4
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Laplink
2010-11-28 03:07 . 2010-11-28 03:07 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Windows Live Writer
2010-11-28 03:06 . 2010-11-28 03:06 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-11-28 03:04 . 2010-11-28 03:05 -------- d-----w- C:\RV
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\PROVW21
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----r- C:\MSOCache
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\esfax
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\EPSONREG
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\Envision
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\DVDFab_Temp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\drvrtmp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\92f970bc563b815c829108
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\44781b6fa44d731cd457aca8a8
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\SHELLNEW
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Seiko
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Motive
2010-11-28 02:47 . 2010-11-28 02:47 -------- d--h--w- c:\windows\ie8
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\DRIVERS
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\.jagex_cache_32
2010-11-28 02:41 . 2010-11-28 02:42 -------- d-----w- c:\program files\Windows Live Toolbar
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live Favorites
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Western Digital
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Webroot
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\WebEx
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VZBB Toolbar
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VSO
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\Virtual Earth 3D
2010-11-28 02:37 . 2010-11-28 02:39 -------- d-----w- c:\program files\Verizon Online
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\verizon
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TurboTax
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TomTom International B.V
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TechSmith
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\SupportSoft
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Smart Label
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Samsung
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Research In Motion
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Reference Assemblies
2010-11-28 02:33 . 2010-11-28 02:36 -------- d-----w- c:\program files\QUICKEN
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Pure Networks
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm Digital Media
2010-11-28 02:30 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\OfficeUpdate11
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\NortonInstaller
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Nero
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MsnMusic
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSECache
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSBuild
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Motive
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft.NET
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-28 02:28 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft Picture It! 9
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft AntiSpyware
2010-11-28 02:24 . 2010-11-28 02:28 -------- d-----w- c:\program files\iTunes
2010-11-28 02:24 . 2010-11-28 02:24 -------- d-----w- c:\program files\ItsDeductible2005
2010-11-28 02:21 . 2010-11-28 02:24 -------- d-----w- c:\program files\HP
2010-11-28 02:20 . 2010-11-28 02:20 -------- d-----w- c:\program files\Flip Video
2010-11-28 02:20 . 2010-11-28 02:20 -------- d-----w- c:\program files\Fax Machine

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 20:23 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 17:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 17:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-10 17:51 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-10 17:51 389120 ----a-w- c:\windows\system32\html.iec
2003-08-27 21:19 . 2005-09-12 01:53 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 20480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-11-28 4093288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-10 132248]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-24 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-12-24 581632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartCapture.lnk]
backup=c:\windows\pss\SmartCapture.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=c:\windows\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sean^Start Menu^Programs^Startup^Norton Disk Doctor.lnk]
backup=c:\windows\pss\Norton Disk Doctor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1136534396\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-04-14 02:51 385024 ----a-w- c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2008-07-08 23:41 2828184 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"GEARSecurity"=2 (0x2)
"WinDefend"=2 (0x2)
"Norton Ghost"=2 (0x2)
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"gusvc"=3 (0x3)
"IntuitUpdateService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/28/2010 9:14 PM 207280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [11/28/2010 12:22 PM 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [11/28/2010 12:22 PM 666672]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/28/2010 9:21 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/28/2010 9:21 PM 59664]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 6:20 PM 691248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/28/2010 9:15 PM 233136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [11/28/2010 12:22 PM 134704]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [11/28/2010 12:22 PM 126904]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 10:33 AM 110592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 10:32 AM 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 10:32 AM 482304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2010 4:06 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101130.001\IDSXpx86.sys [10/19/2010 12:36 PM 341880]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [5/8/2006 6:10 PM 347648]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter(R);Belkin Belkin 11Mbps Wireless USB Network Adapter(R) Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\bkusbxp.sys --> c:\windows\system32\DRIVERS\bkusbxp.sys [?]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [11/27/2010 2:54 PM 4736]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 10:29 AM 118106]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/28/2010 9:14 PM 70408]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [11/27/2010 2:54 PM 8960]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/28/2010 9:14 PM 365280]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/28/2010 9:21 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 wuddvvondl;wuddvvondl;\??\c:\program files\Mozilla Firefox\wuddvvondl.sys --> c:\program files\Mozilla Firefox\wuddvvondl.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2010-12-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE: {{1F958B09-3312-7f0e-9723-4C1324C57B20}
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-nwiz - nwiz.exe

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 11:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2637955601-3924065142-218781117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(748)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Norton Utilities 14\update.exe
.
**************************************************************************
.
Completion time: 2010-12-04  11:57:49 - machine was rebooted
ComboFix-quarantined-files.txt  2010-12-04 19:57
ComboFix2.txt  2010-12-04 06:41

Pre-Run: 3,584,061,440 bytes free
Post-Run: 3,816,243,200 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4A056E8C13940D4F389E08A543F233C6

Below from Malwarebytes:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5245

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/4/2010 12:49:21 PM
mbam-log-2010-12-04 (12-49-21).txt

Scan type: Quick scan
Objects scanned: 173308
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2850BDC7-2330-4E31-9FA0-88268846539A} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This is from ESET:

C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan
C:\Documents and Settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Sean\My Documents\Azureus Downloads\Ahead.Nero.v8.3.6.0.Incl.Keymaker-EMBRACE\keygen.exe probably a variant of Win32/TrojanDownloader.Obfuscated.GAHTPOW trojan
C:\Qoobox\Quarantine\C\WINDOWS\Imgtask.exe.vir Win32/AutoRun.AEU worm
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1231\A0235291.exe Win32/AutoRun.AEU worm

0 Kudos
kevinf80
3 Zinc

Re: Cannot install drivers; cannot update windows; have attempted and failed to boot in safe mode; Have received NT Authority/System message & system shut down!

Hello caherbear,

We have very strict forum rules regarding illega/cracked software, I also did include that very warning in my opening post. From the ESET log the following is flagged:

C:\Documents and Settings\Sean\My Documents\Azureus Downloads\Ahead.Nero.v8.3.6.0.Incl.Keymaker-EMBRACE\keygen.exe probably a variant of Win32/TrojanDownloader.Obfuscated.GAHTPOW trojan

As you can see this is an illegal download with a key generator to avoid paying for a licence. As per forum policy my help stops here, the thread will be referred to Admin and subsequently locked.

kevinf80

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
caherbear
1 Nickel

Re: Cannot install drivers; cannot update windows; have attempted and failed to boot in safe mode; Have received NT Authority/System message & system shut down!

Kevin and if the Administrator, if monitoring.  I do not use pirated software.  I have licenses for all the software I have on this machine and I've been honest about what I have relayed to you.  I relayed in the beginning this system was given to me and I moved my software from my system to this one not realizing it was loaded with viruses and such and it still has problem and I ask that you help me.  I am dead in the water without your help.  PLEASE, PLEASE DON'T JUST LEAVE ME OUT HERE AFTER WE HAVE STARTED THIS PROCESS!!!  IF YOU DO I'M STUCK AND DON'T KNOW WHAT TO DO NEXT.

0 Kudos
kevinf80
3 Zinc

Re: Cannot install drivers; cannot update windows; have attempted and failed to boot in safe mode; Have received NT Authority/System message & system shut down!

Hello caherbear,

I`ve asked Admin to hold off locking your thread, i`m prepared to accept your word, Dell are very strict and may not. We`ll see what happens. As follows please:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in between the dotted lines below into it:


------------------------------------------------------------------------------------------------------------------------------------------

KillAll::

Folder::
C:\Documents and Settings\Sean\My Documents\Azureus Downloads
File::
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe
C:\Documents and Settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe

RegNull::
[HKEY_USERS\S-1-5-21-2637955601-3924065142-218781117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

-------------------------------------------------------------------------------------------------------------------------------------------

Save this as CFScript.txt, in the same location as ComboFix.exe

user posted image

user posted image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Post the CF log in your reply, also let me know how your system is responding and if you have any specific issues or concerns.

Also be aware you cannot run two Antivirus programs together. You have Norton I.S. and Spywaredoctor with AV. You will have to uninstall SpywareDoctor AV.

Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
caherbear
1 Nickel

Re: Cannot install drivers; cannot update windows; have attempted and failed to boot in safe mode; Have received NT Authority/System message & system shut down!

Kevin - thank you and I do thank the admin people (either way). You see what is booting and I don't have much software on the system, but what I have is mine--licensed and paid for.  Anything that was here prior, I do not know, but I guess I would have to take responsibility if the admin people decide otherwise. I don't want you taking any chances that they would cause you difficulty so I would understand if the thread is locked.  I unloaded allot and deleted allot since putting my software on the system and found more yesterday that was removed.  Tried to install NVidia driver and still not working. Tried to update windows and it still fails to update--it just says it didn't install. Also, regarding Spywaredoctor, I downloaded the software and ran the spyware scan but didn't buy the AV because I already had Norton on the system first.  Was intending to uninstall it anyway because I had already purchased Norton. Thank you again. I will wait to hear back. I don't know what Azureus is.  What is it?

Here is the log info:

ComboFix 10-12-04.03 - Sean 12/05/2010  19:00:54.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1459 [GMT -8:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sean\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe"
"c:\documents and settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe
c:\documents and settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe
c:\documents and settings\Sean\My Documents\Azureus Downloads
c:\documents and settings\Sean\My Documents\Azureus Downloads\3OH!3 - WANT available now - DONT TRUST ME.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 01 intro.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 02 in_dying_days.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 03 my_fears_have_become_phobias.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 04 hester_prynne.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 05 pouring_reign.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 06 the_brighter_side_of_suffering.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 07 the_beautiful_mistake.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 08 strife_(chug_chug).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 09 beneath_the_surface.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 10 legends_never_die.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\Readme.txt
c:\documents and settings\Sean\My Documents\Azureus Downloads\BB.APDouble.wmv
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\benny_benassi-best_of_benny_benassi-(2007)-back.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\benny_benassi-best_of_benny_benassi-(2007)-front.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\101-benny_benassi-whos_your_daddy.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\102-benny_benassi-stop_go.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\103-benny_benassi-b_tone.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\104-benny_benassi-satisfaction.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\105-benny_benassi-time.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\106-benny_benassi-able_to_love.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\107-benny_benassi-get_loose.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\108-benny_benassi-put_your_hands_up.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\109-benny_benassi-i_love_my_sex.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\110-benny_benassi-love_is_gonna_save_us.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\111-benny_benassi-no_matter_what_you_do.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\112-benny_benassi-feel_alive.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\113-benny_benassi-rocket_in_the_sky.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\114-benny_benassi-every_single_day.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\201-benny_benassi-in_tango_(sfaction_extended).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\202-benny_benassi-get_better_(sfaction_reloaded_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\203-benny_benassi-no_no_no_(sfaction_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\204-benny_benassi-miles_of_love_(beeside_radio_edit).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\205-benny_benassi-love_is_gonna_save_us_(remix_2007).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\206-benny_benassi-whos_your_daddy_(fuzzy_hair_remix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\207-benny_benassi-stop_go_(b_side_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\208-benny_benassi-no_matter_what_you_do_(vision_x_long_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\209-benny_benassi-satisfaction_(b.deep_remix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\210-benny_benassi-illusion_(sfaction_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\211-benny_benassi-rocket_in_the_sky_(club_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\212-benny_benassi-feel_alive_(fuzzy_hair_vocal_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\213-benny_benassi-bootleg_megamix.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\Thumbs.db
c:\documents and settings\Sean\My Documents\Azureus Downloads\Flo-Rida_Ft_Wynter_Gordon-Sugar.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\01-God Forbid-Article I- The Twilight of Civilization, Section I- The End of the Worl.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\02-God Forbid-Article I- The Twilight of Civilization, Section 2- Chains of Humanity.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\03-God Forbid-Article I- The Twilight of Civilization, Section 3- Into the Wasteland.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\04-God Forbid-Article II- In the Darkest Hour, There Was One, Section 4- The Lonely D.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\05-God Forbid-Article II- In the Darkest Hour, There Was One, Section 5- Divinity.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\06-God Forbid-Article II- In the Darkest Hour, There Was One, Section 6- Under This F.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\07-God Forbid-Article II- In the Darkest Hour, There Was One, Section 7- To the Falle.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\08-God Forbid-Article III- Devolution, Section 8- Welcome to the Apocalypse (Preamble.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\09-God Forbid-Article III- Devolution, Section 9- Constitution of Treason.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\10-God Forbid-Article III- Devolution, Section 10- Crucify Your Beliefs.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\AlbumArt.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\Rockbits.url
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\Tracked_by_Demonoid_com.txt
c:\documents and settings\Sean\My Documents\Azureus Downloads\Kelly Clarkson - My Life Would Suck Without You.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Keri Hilson ft Kanye West ft Ne-Yo - Knock You Down.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Know Your Enemy.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Lady Gaga ft. Colby O Donis - Just Dance.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00-maino_ft_t-pain-all_the_above-(promo_cds)-2009-whoa.m3u
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00-maino_ft_t-pain-all_the_above-(promo_cds)-2009-whoa.nfo
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00-maino_ft_t-pain-all_the_above-(promo_cds)-2009-whoa.sfv
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00.Click here for more music.url
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00.Promoleak.com ANd DJLeak.com   PROMO USE ONLY.txt
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\01-maino_ft_t-pain-all_the_above_(radio)-whoa.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\02-maino_ft_t-pain-all_the_above_(instrumental)-whoa.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\03-maino_ft_t-pain-all_the_above_(explicit)-whoa.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\00-ne-yo-year_of_the_gentleman-2008-flm.m3u
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\00-ne-yo-year_of_the_gentleman-2008-flm.nfo
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\00-ne-yo-year_of_the_gentleman-2008-flm.sfv
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\01-ne-yo-closer.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\02-ne-yo-nobody.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\03-ne-yo-single.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\04-ne-yo-mad.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\05-ne-yo-miss_independent.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\06-ne-yo-why_does_she_stay.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\07-ne-yo-fade_into_the_background.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\08-ne-yo-so_you_can_cry.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\09-ne-yo-part_of_the_list.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\10-ne-yo-back_to_what_you_know.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\11-ne-yo-lie_to_me.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\12-ne-yo-stop_this_world.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\ne-yo-year_of_the_gentleman-(2008)-front.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\The All American Rejects - Gives You Hell.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Fray - You Found Me.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\01 Who Said We're Wack.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\02 Santana DVX (feat. E-40).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\03 Jizz In My Pants.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\04 I'm On A Boat (feat. T-Pain).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\05 Sax Man (feat. Jack Black).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\06 Lazy Sunday (feat. Chris Parnell).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\07 Normal Guy (Interlude).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\08 Boombox (feat. Julian Casablancas.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\09 Shrooms (Interlude).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\10 Like A Boss.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\11 We Like Sportz.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\12 Dreamgirl (feat. Norah Jones).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\13 Ras Trent.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\14 *** In A Box (feat. Justin Timbe.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\15 The Old Saloon (Interlude).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\16 Punch You In The Jeans.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\17 Space Olympics.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\18 Natalie's Rap (feat. Natalie Port.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\19 Incredibad.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\AlbumArtSmall.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\cover.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\Folder.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\01. Troublesome 96'.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\02. Brenda's Got A Baby.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\03. I Ain't Mad At Cha.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\04. I Get Around.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\05. Changes.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\06. California Love (Original Version).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\07. Picture Me Rollin'.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\08. How Long Will They Mourn Me.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\09. Toss It Up.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\10. Dear Mama.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\11. All About U.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\12. To Live & Die In L.A..mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\13. Heartz Of Men.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\14. Keep Ya Head Up.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\15. 2 Of Amerikaz Most Wanted.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\16. Temptations.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\17. God Bless The Dead.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\18. Hail Mary.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\19. Me Against The World.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\20. How Do U Want It.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\21. So Many Tears.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\22. Unconditional Love.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\23. Trapped.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\24. Life Goes On.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\25. Hit 'Em Up.mp3

.
(((((((((((((((((((((((((   Files Created from 2010-11-06 to 2010-12-06  )))))))))))))))))))))))))))))))
.

2010-12-06 02:23 . 2005-09-20 17:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-12-05 16:31 . 2010-12-05 16:31 -------- d-----w- c:\program files\Bonjour
2010-12-05 00:34 . 2006-10-22 20:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-12-05 00:34 . 2006-10-22 23:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-12-04 20:53 . 2010-12-04 20:53 -------- d-----w- c:\program files\ESET
2010-12-04 20:30 . 2010-12-04 20:30 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2010-12-04 20:30 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-04 20:30 . 2010-12-04 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-04 20:30 . 2010-12-04 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-04 20:30 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-04 07:11 . 2010-12-04 07:34 -------- d-----w- C:\9a08679f2544edbe6ef9ff
2010-12-04 03:50 . 2010-12-04 03:50 -------- d-----w- C:\0ea602513249ed22e8382964b7a741
2010-12-04 03:21 . 2010-12-04 03:22 -------- d-----w- C:\52877e3b958102365cea9b
2010-12-02 05:10 . 2010-12-02 05:10 -------- d-----w- C:\c1048a79a9488be177a5
2010-12-02 04:56 . 2010-12-02 04:56 388096 ----a-r- c:\documents and settings\Sean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-02 04:56 . 2010-12-02 04:56 -------- d-----w- c:\program files\Trend Micro
2010-12-02 02:01 . 2010-12-02 02:01 -------- d-----w- C:\4cff4245cc575733e0e2655562
2010-12-01 14:50 . 2010-12-01 15:12 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\NPE
2010-12-01 02:01 . 2010-12-01 02:01 -------- d-----w- C:\6e2f003d31b06c8d60edeb19d41f6c
2010-11-30 07:17 . 2010-11-30 07:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-11-30 03:02 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-30 03:01 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-30 02:31 . 2010-11-30 02:31 -------- d-----w- c:\documents and settings\Sean\Application Data\Tific
2010-11-30 02:30 . 2010-11-30 02:30 -------- d-----w- C:\33650413c6799b40b0477e76
2010-11-29 05:21 . 2010-02-02 18:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-11-29 05:15 . 2010-02-05 17:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-29 05:14 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-29 05:14 . 2009-09-24 00:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-29 05:14 . 2010-02-05 17:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-29 05:14 . 2010-12-04 04:46 -------- d-----w- c:\program files\Spyware Doctor
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-29 05:14 . 2010-11-29 05:14 -------- d-----w- c:\documents and settings\Sean\Application Data\PC Tools
2010-11-29 05:10 . 2010-11-29 05:13 -------- d-----w- c:\documents and settings\Sean\Application Data\GetRightToGo
2010-11-28 23:34 . 2010-11-28 23:34 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\PCHealth
2010-11-28 23:25 . 2006-04-10 22:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-11-28 23:25 . 2006-04-10 22:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-11-28 23:22 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-11-28 22:27 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-11-28 22:27 . 2006-04-13 00:04 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-28 22:27 . 2006-04-13 00:04 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-28 22:20 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-11-28 22:17 . 2010-11-29 03:53 -------- d-----w- c:\windows\ServicePackFiles
2010-11-28 22:15 . 2010-11-28 22:15 -------- d-----w- c:\program files\SystemRequirementsLab
2010-11-28 20:40 . 2010-11-28 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton Installer
2010-11-28 20:38 . 2008-04-02 23:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-11-28 20:38 . 2008-04-02 23:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-11-28 20:38 . 2008-04-02 23:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-11-28 20:38 . 2010-11-29 02:46 -------- d-----w- c:\program files\Norton Utilities 14
2010-11-28 20:22 . 2010-11-28 20:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-28 20:22 . 2010-11-28 20:22 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-28 20:22 . 2010-11-28 20:22 -------- d-----w- c:\program files\Symantec
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\windows\system32\drivers\NIS
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Norton Internet Security
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Windows Sidebar
2010-11-28 19:36 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-28 19:26 . 2010-11-28 19:27 -------- d-----w- c:\windows\NV10921556.TMP
2010-11-28 19:25 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-11-28 19:23 . 2010-11-28 19:23 -------- d-----w- C:\NVIDIA
2010-11-28 18:01 . 2010-11-28 18:01 -------- d-----w- c:\program files\Hewlett-Packard
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Zynga
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intuit
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ServiceTest
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Unused Desktop Shortcuts
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\PrivacIE
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IETldCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IECompatCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.thumbnails
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.gimp-2.4
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Laplink
2010-11-28 03:07 . 2010-11-28 03:07 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Windows Live Writer
2010-11-28 03:06 . 2010-11-28 03:06 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-11-28 03:04 . 2010-11-28 03:05 -------- d-----w- C:\RV
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\PROVW21
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----r- C:\MSOCache
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\esfax
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\EPSONREG
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\Envision
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\DVDFab_Temp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\drvrtmp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\92f970bc563b815c829108
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\44781b6fa44d731cd457aca8a8
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\SHELLNEW
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Seiko
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Motive
2010-11-28 02:47 . 2010-11-28 02:47 -------- d--h--w- c:\windows\ie8
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\DRIVERS
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\.jagex_cache_32
2010-11-28 02:41 . 2010-11-28 02:42 -------- d-----w- c:\program files\Windows Live Toolbar
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live Favorites
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Western Digital
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Webroot
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\WebEx
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VZBB Toolbar
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VSO
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\Virtual Earth 3D
2010-11-28 02:37 . 2010-11-28 02:39 -------- d-----w- c:\program files\Verizon Online
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\verizon
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TurboTax
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TomTom International B.V
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TechSmith
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\SupportSoft
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Smart Label
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Samsung
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Research In Motion
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Reference Assemblies
2010-11-28 02:33 . 2010-11-28 02:36 -------- d-----w- c:\program files\QUICKEN
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Pure Networks
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm Digital Media
2010-11-28 02:30 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\OfficeUpdate11
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\NortonInstaller
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Nero
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MsnMusic
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSECache
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSBuild
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Motive
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft.NET

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-18 20:23 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 17:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 17:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-10 17:51 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 19:17 . 2010-09-08 19:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 19:17 . 2010-09-08 19:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57 . 2004-08-10 17:51 389120 ----a-w- c:\windows\system32\html.iec
2003-08-27 21:19 . 2005-09-12 01:53 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 20480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-11-28 4093288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-10 132248]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-24 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-12-24 581632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartCapture.lnk]
backup=c:\windows\pss\SmartCapture.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=c:\windows\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sean^Start Menu^Programs^Startup^Norton Disk Doctor.lnk]
backup=c:\windows\pss\Norton Disk Doctor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1136534396\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-04-14 02:51 385024 ----a-w- c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2008-07-08 23:41 2828184 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"GEARSecurity"=2 (0x2)
"WinDefend"=2 (0x2)
"Norton Ghost"=2 (0x2)
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"gusvc"=3 (0x3)
"IntuitUpdateService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/28/2010 9:14 PM 207280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [11/28/2010 12:22 PM 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [11/28/2010 12:22 PM 666672]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/28/2010 9:21 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/28/2010 9:21 PM 59664]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 6:20 PM 691248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/28/2010 9:15 PM 233136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [11/28/2010 12:22 PM 134704]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [11/28/2010 12:22 PM 126904]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 10:33 AM 110592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 10:32 AM 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 10:32 AM 482304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2010 4:06 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101130.001\IDSXpx86.sys [10/19/2010 12:36 PM 341880]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [5/8/2006 6:10 PM 347648]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter(R);Belkin Belkin 11Mbps Wireless USB Network Adapter(R) Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\bkusbxp.sys --> c:\windows\system32\DRIVERS\bkusbxp.sys [?]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [11/27/2010 2:54 PM 4736]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 10:29 AM 118106]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/28/2010 9:14 PM 70408]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [11/27/2010 2:54 PM 8960]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/28/2010 9:14 PM 365280]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/28/2010 9:21 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 wuddvvondl;wuddvvondl;\??\c:\program files\Mozilla Firefox\wuddvvondl.sys --> c:\program files\Mozilla Firefox\wuddvvondl.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]

2010-12-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE: {{1F958B09-3312-7f0e-9723-4C1324C57B20}
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 19:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2637955601-3924065142-218781117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(800)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\WININET.dll
c:\docume~1\Sean\LOCALS~1\Temp\IadHide4.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-05  19:24:59 - machine was rebooted
ComboFix-quarantined-files.txt  2010-12-06 03:24
ComboFix2.txt  2010-12-04 19:57
ComboFix3.txt  2010-12-04 06:41

Pre-Run: 13,866,393,600 bytes free
Post-Run: 14,179,913,728 bytes free

- - End Of File - - 2D17A21F1AA483B0750133EFEB5BEFC9

0 Kudos
kevinf80
3 Zinc

Re: Cannot install drivers; cannot update windows; have attempted and failed to boot in safe mode; Have received NT Authority/System message & system shut down!

Hiya caherbear,

Azureus is a program used for d/l torrents from P2P sites (file sharing), whilst the program maybe classed as legal, its activities aint. As follows please:

Step 1

Please re-open HiJackThis and scan only.  Check the boxes next to the entry listed below.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.  Reboot

Step 2

Please download OTM by OldTimer.
Alternative Mirror
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator

  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy😞
    -------------------------------------------------------------------


    :Files
    c:\program files\Mozilla Firefox\wuddvvondl.sys
    ipconfig /flushdns /c
    :Services
    wuddvvondl
    :Commands
    [EmptyFlash]
    [Purity]
    [ResetHosts]
    [EmptyTemp]


    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Step 3

  • Re-open Malwarebytes and check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

What i`d like in your reply :-

  • Log from OTM
  • Log from Malwarebytes
  • Fresh HJT log
  • System update, any improvements? issues?



Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos