Hi

You have a Rogue security Program with fake allerts with UAC or part of 

Could you please Download and run Hijackthis creating a log. 3rd executable version  http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Quads 

Thanks for the quick reply.

The HJT log file is attached.

Go back into HiJackThis and check the following enteries please:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

Then click on Fix Checked in HIjackThis.

After that I would recommend you upgrade NAV2009 to the latest version.  Directions for this are below.

1) Copy your Norton key for safe keeping just in case you need it. You should not need this but it is better to have the key on hand than to need it and not have ready access to the key. You can find a copy of your currently installed key in My Documents\Symantec\Norton AntiVirus_Key.txt.

2) Download the Norton Removal Tool from this link. Norton Removal Tool Choose the 2009 product link and the Norton Removal Tool (NRT) to your desktop. Directions are on the link page.

3) Download the latest version of NAV2009 from this link. Reinstall After Removal Choose the 'I have Norton Antivirus 2006 or later' link on this page. On the next page you can download the latest NAV2009 installation software.

4) Disconnect from the Internet until your system needs the connection later in the process.

5) Go to START > Norton IAntiVirus > Uninstall and let NAV2009 uninstall itself. It will want to reboot the machine. Let it.

6) During the booting of your system, go to Safe Mode by tapping the F8 key until the Advanced Options menu is shown. Choose the Safe Mode option (no network or command prompt).

7) In Safe Mode, run the NRT tool. When the tool is finished, click on the Reboot to restart your system.

8) Let Windows boot into normal mode now.

9) Install NAV2009 by double clicking the file you downloaded and saved to your desktop in step 3.

10) When the installation asks for your key or says activating your product, reconnect to the internet then (plug your cable in or turn on the wireless card). [Note: The installation may not ask for your key and activate by using the previous key on the system. Your system will still need to connect to the internet at this point so updated definitions can be downloaded.]

11) Run the Live Update process manually until Live Update reports that there are no more updates to download, NAV2009 is fully up to date.

12) Reboot your system now to insure that any components updated during step 11 are loaded properly.

13) See if your error is fixed now.

Report back here with how this works for you.

Thanks.  This was partially successful.  I was  successful through step 5. 

However at step 6, the computer still would not boot in safe mode.  I rebooted in normal mode instead and ran the NRT tool.  It  seemed to run successfully.  I ran HJT (log attached as  hijackthis2.log) and the items checked for removal were indeed removed.  I ran GMER again and the SSTD hooks to SYMEFA.sys and  SYMEVENTS.sys are now gone, although there still is one SSTD entry (not a hook, I don’t think) listed.  So it is still a mystery why the XP refuses to boot in safe mode.

As it is booting to safe mode and listing the drivers, the last thing on the screen is the loading of a driver called MUP.sys (supposedly a Microsoft driver).  I suspect the driver following (whatever that is) is causing the problem.  Is there any way to get a boot log from an unsuccessful safe mode boot attempt?

I did not re-install Norton AV yet.

Suggestions?

Please run the following and post / attach the log here.  Thanks.

Please download SysProt here http://homepages.slingshot.co.nz/~crutches/SysProt  and run it.

Choose the Log tab and select all the items in the Write to log box. Then select Create Log to start scanning. When it is done, a message window will appear with the location of the log file.

Please attach the log file to a post here; the Add Attachments links is below the orange Post button. Thanks

OK, here is the log file.

Any ideas yet on what the problem is with XP booting to safe mode and next steps?  Was the SysProt log useful?

Thanks.

What does the actual infection looks like as all your logs look clean

Quads 

The problem I am having is that XP will not boot in safe-mode.  I was unable to complete step 6 of the instructions that dbrisendine sent me (see posts 4 and 5 above) and have not yet re-installed Norton AV.  As the list of device drivers are displayed on the screen, the load information for MUP.sys is displayed just before the screen goes blank and XP starts another re-boot cycle.  As this was one of the original symptoms of the infection (not able to boot to safe mode) I am concerned as to whether there is some residual device driver or device driver contamination still infecting the machine.   At any rate, I need to restore the ability to boot in safe-mode to have a maintainable machine.

Thanks for any suggestions you can give me.