Not able to print on Dell 968w AIO; Printer tech suggested Malware & provided your links

Faith_Michele will be your helper. Please have patience until she makes her first post.

Greetings JJ8765, Welcome to the Dell Community Malware Removal Forum!

I am faith_michele, but you can call me Faith. I will be helping you today.

• Please do not run any anti-malware, anti-virus or so-called "registry cleaners" unless I specifically tell you to do so. Running the wrong thing at the wrong time can seriously damage your system.
• Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However, it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. We might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
• Backup any personal files and folders before you start.
• Copy and print out any instructions using Notepad so they will be readily available to you.
• Once we start a fix, make sure to work through all the Steps in the exact order in which they are listed. It is important to complete the fix all the way through (even if your computer is running better).
• Please let me know of any steps that you are unable to complete before moving on to the next one. If there is anything that you don't understand, please ask your question(s) before doing anything further.
• Any topics in any other forum (this also applies to friends, family, or anyone in the computer field that you may know) must cease once we start a fix. It is impossible to keep up with other changes made or suggested relating to this issue.
• If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
• If you are using Cracked or Illegal software your thread will be locked and all help will cease.

  I am currently in training for Malware Removal at SpywareHammer Academy. This means that I am under the supervision of a Mentor and all of my replies must be reviewed prior to posting.
  ---

  I read your other topic with the printer, but please keep in mind that we need to rule out malware before attempting to fix the printer again. I will need some additional logs and information from you, in order to proceed. When posting your logs, make sure that Word Wrap is unchecked in the Notepad settings under Format (at the top).

  First

  Please download TFC.exe - Temp File Cleaner by OldTimer:

  Alternate link: www.itxassociates.com/OT-Tools/TFC.exe

  • Save it to your Desktop.
  • Close any open windows, save your work.
  • Double click the TFC icon to run the program. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • Allow TFC to run uninterrupted,
  • The program should not take long to finish its job.
  • Once it's finished, click OK to reboot.
  ---

  Second

  Please post the previous MalwareBytes (MBAM) log with your reply.

  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  ----

  Third

  As for HijackThis- If this does not work please skip this step and continue on to the next step.

  Start>All Programs>Expand the HijackThis folder>Right Mouse Click on the HijackThis program file>Properties>Compatability>Check the box at the bottom to Run HijackThis as Administrator>Apply>OK

  Run HijackThis from that location by double-clicking on it.

  • Click on "Do a system scan and save logfile." When the log pops up in Notepad, copy and paste that file back here as a New Message in this forum.[/li]
  • DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. [/li]
  • Before closing HJT, please click on the AnalyzeThis button. "Analyze This" is for use by TrendMicro, and DOES NOT mean "Analyze My Log". You will still need to post your log on the Hijackthis Forum. [/li]
  • Close the web page that appears and then close the program. [/li]
  ---
  
  Fourth

  Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • DDS.com
    • DDS.scr
    • DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.
    
  • Instead of attaching, please copy/paste both logs into your next reply.

    These will be long logs, so please use multiple post if need be.

  • Close the program window, and delete the program from your desktop.
  Please note: You may have to disable any script protection running if the scan fails to run.
  After downloading the tool, disconnect from the internet and disable all antivirus protection.
  Run the scan, enable your A/V and reconnect to the internet.
  Information on A/V control HERE
  ----

  Fifth

  Download my Security Check:
  http://screen317.spywareinfoforum.org/SecurityCheck.exe

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  ---

  Review What to include in your response.

  1. Let me know if you experienced any errors with the instructions and tell me exactly what problems you are still experiencing.
  2. The HijackThis log.
  3. The previous MBAM log.
  4. The DDS.txt & Attach.txt logs (may take several posts).
  5. The checkup.txt results.

  Thank you,

  Faith

Faith,

Thanks for the details.

I'm assuming that the bullet point list was a copy & paste of general instructions. The fourth bullet suggests I print out the instructions, which I'd like to do, but the printer communication issue is why I'm here. I've had to hand write steps.

First:  Completed

Second:  MBAM Log -

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5954

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/6/2011 2:13:52 PM
mbam-log-2011-03-06 (14-13-52).txt

Scan type: Quick scan
Objects scanned: 0
Time elapsed: 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Third: 

These are your steps for HiJackThis:

Start>All Programs>Expand the HijackThis folder>Right Mouse Click on the HijackThis program file>Properties>Compatability>Check the box at the bottom to Run HijackThis as Administrator>Apply>OK

After clicking Properties, there are 5 tabs: General, Shortcut, Security, Details, & Previous Versions. Which do you want me to be on? None of them have a "Compatability" anything, and there was no box to check for "Run HJT as Admin".  Here is a screen shot of the Security tab, in case that is the tab you want me to be on. I didn't want to make an incorrect assumption at this point:

That is as far as I got. Since you wrote to skip this in case it didn't work, I'll continue working on the "Fourth" item.

I figured you might be able to tell me how to complete this third step after seeing the Properties box that I see.

Thank you.

JJ8765

Faith,

Continuing with your steps:

Fourth:  

DDS.txt file:

.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Glory at 14:36:10.32 on Sun 03/06/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.2037.656 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldocoms.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\locator.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\dllhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\dllhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Glory\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ ]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"
mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"
mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\glory\appdata\roaming\mozilla\firefox\profiles\c5yutw2i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-23 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110225.002\BHDrvx86.sys [2011-2-25 800376]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-23 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20110303.001\IDSvix86.sys [2011-3-4 353912]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-23 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-9-23 339504]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-11-10 43912]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-5-17 179712]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-1 102448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
.
=============== Created Last 30 ================
.
2011-03-06 14:46:30 45056 ----a-w- c:\windows\system32\DLDOPMON.DLL
2011-03-06 14:46:30 32768 ----a-w- c:\windows\system32\DLDOFXPU.DLL
2011-03-06 14:46:09 49152 ----a-w- c:\windows\system32\dldooem.dll
2011-03-06 14:46:09 12288 ----a-w- c:\windows\system32\DLDOPMRC.DLL
2011-03-06 05:01:43 562871 ----a-w- c:\progra~2\SPL646A.tmp
2011-03-06 04:31:44 2602137 ----a-w- c:\progra~2\SPLEE50.tmp
2011-03-06 03:54:52 5816236 ----a-w- c:\progra~2\SPL2FE6.tmp
2011-03-05 18:44:14 388096 ----a-r- c:\users\glory\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-05 18:44:12 -------- d-----w- c:\program files\Trend Micro
2011-03-04 22:11:56 -------- d-----w- c:\users\glory\appdata\roaming\Malwarebytes
2011-03-04 22:11:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 22:11:37 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-04 22:11:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 22:11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-04 15:21:09 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-04 15:19:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-04 15:19:58 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-19 00:29:43 -------- d-----w- c:\users\glory\appdata\local\AOL
2011-02-19 00:29:43 -------- d-----w- c:\users\glory\appdata\local\AIM
2011-02-19 00:28:54 -------- d-----w- c:\progra~2\AIM
2011-02-19 00:28:46 -------- d-----w- c:\program files\AIM
2011-02-19 00:28:44 -------- d-----w- c:\program files\common files\Software Update Utility
2011-02-19 00:28:43 -------- d-----w- c:\program files\common files\AOL
2011-02-18 23:41:10 -------- d-----w- c:\program files\GIMP-2.0
.
==================== Find3M  ====================
.
2011-01-28 02:05:23 72080 ----a-w- c:\users\glory\g2mdlhlpx.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-18 16:45:41 4905574 ----a-w- c:\users\glory\SetupInstantArticleWizard.exe
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-31 03:09:21 58791152 ----a-w- c:\users\glory\R241344.exe
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-26 00:11:06 521220 ----a-w- c:\progra~2\SPL8AF0.tmp
2010-12-25 16:57:17 467502 ----a-w- c:\progra~2\SPL58B1.tmp
2010-12-25 16:31:38 467502 ----a-w- c:\progra~2\SPLDFCA.tmp
2010-12-25 16:28:13 467502 ----a-w- c:\progra~2\SPLBEF7.tmp
2010-12-21 01:02:30 2336550 ----a-w- c:\progra~2\SPLFBAD.tmp
2010-12-20 22:58:06 862892 ----a-w- c:\progra~2\SPL1447.tmp
2010-12-20 22:53:44 862892 ----a-w- c:\progra~2\SPL169C.tmp
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-11 14:46:04 1165948 ----a-w- c:\progra~2\SPLDD68.tmp
2010-12-11 00:29:30 64864 ----a-w- c:\windows\system32\sqlctr90.dll
2010-12-11 00:29:30 2248032 ----a-w- c:\windows\system32\sqlncli.dll
2010-12-10 03:25:55 411841 ----a-w- c:\progra~2\SPL2A7D.tmp
2010-12-10 03:17:02 411841 ----a-w- c:\progra~2\SPL63B.tmp
2010-12-10 03:10:17 365596 ----a-w- c:\progra~2\SPLDA4B.tmp
2010-12-10 03:09:38 365596 ----a-w- c:\progra~2\SPL42BE.tmp
2010-12-10 03:07:39 411841 ----a-w- c:\progra~2\SPL719A.tmp
2010-12-10 03:05:01 411841 ----a-w- c:\progra~2\SPL782.tmp
2010-12-10 03:00:48 411841 ----a-w- c:\progra~2\SPL2C8F.tmp
2010-12-06 23:44:03 492902 ----a-w- c:\progra~2\SPLF1B6.tmp
2010-12-06 23:42:13 492902 ----a-w- c:\progra~2\SPL43AC.tmp
2010-12-06 23:40:36 492902 ----a-w- c:\progra~2\SPLC7E9.tmp
2010-12-06 23:37:56 492902 ----a-w- c:\progra~2\SPL586F.tmp
.
============= FINISH: 14:37:39.37 ===============

Attach.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume3
Install Date: 5/17/2008 3:32:50 AM
System Uptime: 3/6/2011 2:04:58 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz | Microprocessor | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 7.54 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.399 GiB free.
E: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1260: 3/5/2011 11:40:02 PM - Device Driver Package Install: Adobe Printers
RP1261: 3/5/2011 11:47:02 PM - Device Driver Package Install: Dell Inkjet Drivers Printers
RP1262: 3/6/2011 8:34:06 AM - Device Driver Package Install: Dell Inkjet Drivers Printers
RP1263: 3/6/2011 8:36:18 AM - Device Driver Package Install: Adobe Printers
RP1264: 3/6/2011 8:47:15 AM - Device Driver Package Install: Dell Imaging devices
.
==== Installed Programs ======================
.
2007 Microsoft Office system
ABBYY FineReader 6.0 Sprint
Adobe Acrobat  8 Standard
Adobe Acrobat 8.2.5 - CPSID_83708
Adobe Acrobat 8.2.5 Standard
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 7
Any Video Converter 3.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
biolsp patch
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
Business Contact Manager for Outlook 2007 SP2
Camtasia Studio 7
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Dell 968 AIO Printer
Dell Driver Download Manager
Dell Driver Download Manager - 1
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Getting Started Guide
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
DLCO_AIOC
DLCO_Fax4
DLCO_MCM
DLCO_Pubs
DLCO_Wireless
Document Manager Lite
Download Updater (AOL LLC)
DVD Architect Studio 5.0
EDocs
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
FileZilla Client 3.3.5.1
Firebird SQL Server - MAGIX Edition (US)
FlipShare
GearDrvs
Gemalto
GemSafe Standard Edition 5.1
GIMP 2.6.11
Google Desktop
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GoToMeeting 4.5.0.457
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InstantArticleWizard
Intel(R) Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
MFCLOC
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft FrontPage 2002
Microsoft IntelliPoint 8.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Mihov Image Resizer 1.1 (remove only)
Mobipocket Reader 6.2
Modem Diagnostic Tool
Moyea Video Converter version 2.5.1.1757
Mozilla Firefox (3.6.15)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetWaiting
Norton 360
NTRU TCG Software Stack
OGA Notifier 2.0.0048.0
PMB
PowerDVD
Preboot Manager
Private Information Manager
QuickBooks Pro 2008
QuickSet
QuickTime
Revo Uninstaller 1.83
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Secure Update
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Wizards
Skype Toolbars
Skype™ 5.0
SmarterMail Sync for Outlook 2003 and above
SnagIt 8
Sonic CinePlayer Decoder Pack
SupportSoft Assisted Service
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
upekmsi
Wave Infrastructure Installer
Wave Support Software
WebEx
.
==== Event Viewer Messages From Past Week ========
.
3/6/2011 8:47:12 AM, Error: Service Control Manager [7030]  - The dldo_device service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/6/2011 2:14:01 PM, Error: Service Control Manager [7000]  - The BCM42RLY service failed to start due to the following error:  The system cannot find the file specified.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Tablet PC Input Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The ReadyBoost service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The PnP-X IP Bus Enumerator service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Offline Files service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2011 2:11:57 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2011 2:05:44 PM, Error: Service Control Manager [7001]  - The NTRU TSS v1.2.1.25 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.
3/6/2011 2:04:14 PM, Error: Service Control Manager [7034]  - The Dell Internal Network Card Power Management service terminated unexpectedly.  It has done this 1 time(s).
3/6/2011 2:03:00 PM, Error: Service Control Manager [7034]  - The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
3/6/2011 12:09:07 AM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Microsoft Word - Dell Printer Problem Offline - 2011-03-05.docx, owned by Glory, failed to print on printer Dell 968 AIO Printer (Copy 1). Try to print the document again, or restart the print spooler.  Data type: LEMF. Size of the spool file in bytes: 517971. Number of bytes printed: 517971. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 0. The operation completed successfully.
3/6/2011 1:57:33 PM, Error: EventLog [6008]  - The previous system shutdown at 1:56:18 PM on 3/6/2011 was unexpected.
3/6/2011 1:57:14 PM, Error: volmgr [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
3/5/2011 5:01:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/5/2011 5:01:19 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
3/5/2011 11:58:31 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the dldoCATSCustConnectService service to connect.
3/5/2011 11:58:31 PM, Error: Service Control Manager [7000]  - The dldoCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/5/2011 11:48:47 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/4/2011 12:09:13 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.
3/4/2011 11:57:53 AM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Test Page, owned by Glory, failed to print on printer Dell 968 AIO Printer. Try to print the document again, or restart the print spooler.  Data type: LEMF. Size of the spool file in bytes: 1088612. Number of bytes printed: 1088612. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 0. The operation completed successfully.
3/4/2011 1:43:23 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Microsoft Word - Document1, owned by Glory, failed to print on printer Dell 968 AIO Printer. Try to print the document again, or restart the print spooler.  Data type: LEMF. Size of the spool file in bytes: 8548. Number of bytes printed: 8548. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 0. The operation completed successfully.
3/4/2011 1:30:28 PM, Error: Service Control Manager [7030]  - The LogMeIn Rescue (60b11dc8-84e2-4454-bd3b-60d3cd848ea1) service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/3/2011 8:16:12 AM, Error: SRTSP [4]  - Error loading virus definitions.
3/3/2011 7:11:54 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
3/3/2011 5:57:50 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Gmail - Confirmation - Order Number 77055, owned by Glory, failed to print on printer Dell 968 AIO Printer. Try to print the document again, or restart the print spooler.  Data type: LEMF. Size of the spool file in bytes: 680079. Number of bytes printed: 680079. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 0. The operation completed successfully.
3/2/2011 9:49:58 AM, Error: Microsoft-Windows-PrintSpooler [22]  - Failed to upgrade printer settings for printer Fax Dell 968 AIO Printer driver Fax Dell 968 AIO Printer. Error: 1392. The device settings for the printer are set to those configured by the manufacturer.
3/2/2011 9:49:58 AM, Error: Microsoft-Windows-PrintSpooler [22]  - Failed to upgrade printer settings for printer \\GLORY-LAPTOP\Fax Dell 968 AIO Printer,LocalOnly driver C:\Windows\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL. Error: 1392. The device settings for the printer are set to those configured by the manufacturer.
3/2/2011 9:38:25 AM, Error: Service Control Manager [7000]  - The dldo_device service failed to start due to the following error:  The system cannot find the file specified.
3/2/2011 10:17:40 AM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Microsoft Word - Glory_Details - update site - 2011-03-02.docx, owned by Glory, failed to print on printer Dell 968 AIO Printer. Try to print the document again, or restart the print spooler.  Data type: LEMF. Size of the spool file in bytes: 788452. Number of bytes printed: 788452. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 0. The operation completed successfully.
3/2/2011 10:06:06 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
3/1/2011 8:13:25 AM, Error: Service Control Manager [7031]  - The Norton 360 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/1/2011 7:48:49 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
3/1/2011 2:06:21 PM, Error: Service Control Manager [7034]  - The dldo_device service terminated unexpectedly.  It has done this 1 time(s).
2/28/2011 8:23:10 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
2/28/2011 5:38:40 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document C:\Users\Glory\AppData\Local\...t.IE5\7OTG49YM\preview[1].pdf, owned by Glory, failed to print on printer Dell 968 AIO Printer XPS. Try to print the document again, or restart the print spooler.  Data type: RAW. Size of the spool file in bytes: 171997. Number of bytes printed: 171997. Total number of pages in the document: 2. Number of pages printed: 2. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 1726. The remote procedure call failed.
2/28/2011 5:09:15 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document 2010 Fillable Forms Return, owned by Glory, failed to print on printer Dell 968 AIO Printer XPS. Try to print the document again, or restart the print spooler.  Data type: RAW. Size of the spool file in bytes: 3538858. Number of bytes printed: 3538858. Total number of pages in the document: 2. Number of pages printed: 2. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 1726. The remote procedure call failed.
2/27/2011 9:45:50 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document 2010 Fillable Forms Return, owned by Glory, failed to print on printer Dell 968 AIO Printer XPS. Try to print the document again, or restart the print spooler.  Data type: RAW. Size of the spool file in bytes: 4235240. Number of bytes printed: 4235240. Total number of pages in the document: 2. Number of pages printed: 2. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 1726. The remote procedure call failed.
2/27/2011 9:42:36 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document 2010 Fillable Forms Return, owned by Glory, failed to print on printer Dell 968 AIO Printer XPS. Try to print the document again, or restart the print spooler.  Data type: RAW. Size of the spool file in bytes: 1844646. Number of bytes printed: 1844646. Total number of pages in the document: 1. Number of pages printed: 1. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 1726. The remote procedure call failed.
2/27/2011 9:24:39 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document 2010 Fillable Forms Return, owned by Glory, failed to print on printer Dell 968 AIO Printer XPS. Try to print the document again, or restart the print spooler.  Data type: RAW. Size of the spool file in bytes: 2803873. Number of bytes printed: 2803873. Total number of pages in the document: 2. Number of pages printed: 2. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 1726. The remote procedure call failed.
2/27/2011 9:21:44 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document 2010 Fillable Forms Return, owned by Glory, failed to print on printer Dell 968 AIO Printer XPS. Try to print the document again, or restart the print spooler.  Data type: RAW. Size of the spool file in bytes: 2802369. Number of bytes printed: 2802369. Total number of pages in the document: 2. Number of pages printed: 2. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 1726. The remote procedure call failed.
2/27/2011 9:07:07 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document 2010 Fillable Forms Return, owned by Glory, failed to print on printer Dell 968 AIO Printer XPS. Try to print the document again, or restart the print spooler.  Data type: RAW. Size of the spool file in bytes: 2803878. Number of bytes printed: 2803878. Total number of pages in the document: 2. Number of pages printed: 2. Client computer: \\GLORY-LAPTOP. Win32 error code returned by the print processor: 1726. The remote procedure call failed.
2/27/2011 2:53:13 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {4991D34B-80A1-4291-83B6-3328366B9097}  to the user Glory-laptop\Glory SID (S-1-5-21-2480516280-3371835043-3709030324-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Faith,

Continuing with your instructions.

Fifth:  

Checkup.txt data:

 Results of screen317's Security Check version 0.99.9 
 Windows Vista Service Pack 2 (UAC is enabled)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 Norton 360    
 McAfee Security Scan Plus  
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 24 
 Adobe Flash Player  10.2.152.32 
 Mozilla Firefox (3.6.15)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Norton ccSvcHst.exe
``````````End of Log````````````

Hi JJ8765,

Yes, the printing of the instructions did not specifically apply to you. I don’t want to worry about running HijackThis right now, we can try again later. Thanks for the image, it really did clarify you problem with running HijackThis. Is HijackThis the only application that is affected by this?

Please proceed as follows:

First

It is not a good idea to run two antivirus (AV) applications at the same time. You have Norton 360 which is a full version AV & firewall (FW). You also have McAfee Security Scan Plus which is not a full AV, but I recommend that you uninstall this through Add/Remove Programs. It was most likely installed bundled with another application by default.

Reboot

Second

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

Combofix

Don`t forget Combofix must be saved to your desktop. <--Very important

Ensure you have disabled your Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection

Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

---

Review What to include in your response.

1. Let me know if you experienced any errors with the instructions and tell me exactly what problems you are still experiencing.
2. The ComboFix.txt log.

Thank you,

Faith

Faith,

I disabled the firewall and antivirus protection, but Combofix also wants me to disable the antispyware, and I don't know how to do that.

Here is the Combofix window:

I would show you the "simple" menu from Norton, but suddenly SnagIt won't let me use the print screen key as a hot print key - and using their window's button to initiate a screen shot closes the Norton simple menu. (Disabling/Enabling the Firewall and Antivirus are on that menu, but not the Antispyware.)

Opening Norton, I can see Antispyware, but don't know how to disable it:

 I've clicked several other options in Norton 360, but don't see a way to disable the Antispyware.

Since Combofix gave me the option to continue, I'm going to do that.

Thank you.

JJ8765

Faith,

Below are the details from the ComboFix.txt file:

ComboFix 11-03-06.06 - Glory 03/07/2011  12:10:11.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.2037.1021 [GMT -6:00]
Running from: c:\users\Glory\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\Glory\g2mdlhlpx.exe
c:\users\Glory\GoToAssistDownloadHelper.exe
c:\users\Glory\ir.exe
c:\users\Glory\R241344.exe
c:\users\Glory\SetupInstantArticleWizard.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\LogFiles\Firewall\mpssvc.dat
c:\windows\system32\LogFiles\HTTPERR\httperr1.log
c:\windows\system32\LogFiles\Scm\SCM.EVM
c:\windows\system32\LogFiles\Scm\SCM.EVM.1
c:\windows\system32\LogFiles\Scm\SCM.EVM.2
c:\windows\system32\LogFiles\Scm\SCM.EVM.3
c:\windows\system32\LogFiles\Scm\SCM.EVM.4
c:\windows\system32\LogFiles\Scm\SCM.EVM.5
c:\windows\system32\LogFiles\Srt\SrtTrail.txt
c:\windows\system32\LogFiles\WMI\tscore1.etl
c:\windows\system32\LogFiles\WMI\tscore2.etl
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl
c:\program files\Norton 360\Engine\4.3.0.5\ccVrTrst.dll . . . . Failed to delete
c:\windows\system32\LogFiles . . . . Failed to delete
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-07 to 2011-03-07  )))))))))))))))))))))))))))))))
.
.
2011-03-07 18:19 . 2011-03-07 18:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-06 14:46 . 2009-04-13 15:20 45056 ----a-w- c:\windows\system32\DLDOPMON.DLL
2011-03-06 14:46 . 2009-04-13 15:20 32768 ----a-w- c:\windows\system32\DLDOFXPU.DLL
2011-03-06 14:46 . 2009-04-13 15:21 12288 ----a-w- c:\windows\system32\DLDOPMRC.DLL
2011-03-06 14:46 . 2007-06-11 15:01 49152 ----a-w- c:\windows\system32\dldooem.dll
2011-03-06 05:39 . 2011-03-06 05:40 -------- d-----w- c:\windows\system32\config\systemprofile\{0ef779ad-6a77-44a1-a5ab-19a5a12e7b54}
2011-03-06 05:01 . 2011-03-06 05:01 562871 ----a-w- c:\programdata\SPL646A.tmp
2011-03-06 04:31 . 2011-03-06 04:31 2602137 ----a-w- c:\programdata\SPLEE50.tmp
2011-03-06 03:54 . 2011-03-06 03:54 5816236 ----a-w- c:\programdata\SPL2FE6.tmp
2011-03-05 18:44 . 2011-03-05 18:44 388096 ----a-r- c:\users\Glory\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-05 18:44 . 2011-03-05 18:44 -------- d-----w- c:\program files\Trend Micro
2011-03-04 22:11 . 2011-03-04 22:11 -------- d-----w- c:\users\Glory\AppData\Roaming\Malwarebytes
2011-03-04 22:11 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 22:11 . 2011-03-04 22:11 -------- d-----w- c:\programdata\Malwarebytes
2011-03-04 22:11 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 22:11 . 2011-03-04 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-04 15:19 . 2011-03-04 15:19 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-04 15:19 . 2011-03-04 15:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-04 00:34 . 2011-03-04 00:34 -------- d-----w- c:\windows\system32\config\systemprofile\{d7cf77b2-9ac0-4aff-96ed-a754ecb701bd}
2011-02-27 00:08 . 2011-02-27 00:08 -------- d-----w- c:\windows\system32\config\systemprofile\{5933d7d1-5ec4-4b12-8b01-cd9d3d02335c}
2011-02-19 00:29 . 2011-02-19 00:29 -------- d-----w- c:\users\Glory\AppData\Roaming\acccore
2011-02-19 00:29 . 2011-02-19 00:29 -------- d-----w- c:\users\Glory\AppData\Local\AOL
2011-02-19 00:29 . 2011-02-19 00:29 -------- d-----w- c:\users\Glory\AppData\Local\AIM
2011-02-19 00:28 . 2011-02-19 00:28 -------- d-----w- c:\programdata\AIM
2011-02-19 00:28 . 2011-02-19 00:28 -------- d-----w- c:\program files\AIM
2011-02-19 00:28 . 2011-02-19 00:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-02-19 00:28 . 2011-02-19 00:28 -------- d-----w- c:\program files\Common Files\AOL
2011-02-18 23:49 . 2011-02-18 23:49 -------- d-----w- c:\program files\FileZilla FTP Client
2011-02-18 23:41 . 2011-02-18 23:41 -------- d-----w- c:\program files\GIMP-2.0
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 15:55 . 2011-01-12 12:25 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-26 00:11 . 2010-12-26 00:11 521220 ----a-w- c:\programdata\SPL8AF0.tmp
2010-12-25 16:57 . 2010-12-25 16:57 467502 ----a-w- c:\programdata\SPL58B1.tmp
2010-12-25 16:31 . 2010-12-25 16:31 467502 ----a-w- c:\programdata\SPLDFCA.tmp
2010-12-25 16:28 . 2010-12-25 16:28 467502 ----a-w- c:\programdata\SPLBEF7.tmp
2010-12-21 01:02 . 2010-12-21 01:02 2336550 ----a-w- c:\programdata\SPLFBAD.tmp
2010-12-20 22:58 . 2010-12-20 22:58 862892 ----a-w- c:\programdata\SPL1447.tmp
2010-12-20 22:53 . 2010-12-20 22:53 862892 ----a-w- c:\programdata\SPL169C.tmp
2010-12-14 14:49 . 2011-01-12 12:25 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-11 14:46 . 2010-12-11 14:46 1165948 ----a-w- c:\programdata\SPLDD68.tmp
2010-12-11 00:29 . 2010-12-11 00:29 64864 ----a-w- c:\windows\system32\sqlctr90.dll
2010-12-11 00:29 . 2010-12-11 00:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
2010-12-10 03:25 . 2010-12-10 03:25 411841 ----a-w- c:\programdata\SPL2A7D.tmp
2010-12-10 03:17 . 2010-12-10 03:17 411841 ----a-w- c:\programdata\SPL63B.tmp
2010-12-10 03:10 . 2010-12-10 03:10 365596 ----a-w- c:\programdata\SPLDA4B.tmp
2010-12-10 03:09 . 2010-12-10 03:09 365596 ----a-w- c:\programdata\SPL42BE.tmp
2010-12-10 03:07 . 2010-12-10 03:07 411841 ----a-w- c:\programdata\SPL719A.tmp
2010-12-10 03:05 . 2010-12-10 03:05 411841 ----a-w- c:\programdata\SPL782.tmp
2010-12-10 03:00 . 2010-12-10 03:00 411841 ----a-w- c:\programdata\SPL2C8F.tmp
2009-04-01 03:47 . 2009-03-08 21:55 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2010-06-11 01:51 . 2010-01-16 00:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-17 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-31 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-31 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-27 17920]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 85504]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2009-04-27 455336]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2009-04-27 410280]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2009-04-27 311976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-17 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-11 30192]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110225.002\BHDrvx86.sys [2011-02-25 800376]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110303.001\IDSvix86.sys [2010-11-09 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-11-11 43912]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]
S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2006-11-02 7168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-21 44432]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-31 102448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 00:08]
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 00:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Glory\AppData\Roaming\Mozilla\Firefox\Profiles\c5yutw2i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
AddRemove-Firebird SQL Server US - c:\magix\Common\Database\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-07 12:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5980)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\locator.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\msdtc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-03-07  12:35:38 - machine was rebooted
ComboFix-quarantined-files.txt  2011-03-07 18:35
.
Pre-Run: 5,189,099,520 bytes free
Post-Run: 13,684,039,680 bytes free
.
- - End Of File - - 5B31636AA0123064FEB41864F4ED0750

Thank you.

JJ8765

Hi JJ8765,

How is your computer running now? Please see if you are getting the printing error.

Please proceed as follows:

First

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
• Click on to download the ESET Smart Installer. Save it to your desktop.
• Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

  ---
  Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

  **Note**
  To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

-----

To turn off NORTON 360 Virus & Spyware Protection

• Right-click the Norton 360 icon in the system tray and select Open Tasks and
  Settings Window.
• On the right side, under Settings, click on Change advanced settings.
• Next, click on the Virus & Spyware Protection Settings.
• Uncheck Turn on Auto-Protect and select Apply.
• You will be asked to select a time for Norton to reactivate.
• Choose Until I turn it back on.
• You can re-enable after the malware has been removed from your machine.

---

Second

Download from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3

• Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
• Under the Custom Scan box paste this in

netsvcs
msconfig
drivers32 /all
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.sys /90
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav 
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Review What to include in your response.

1. Let me know if you experienced any errors with the instructions and tell me exactly what problems you are still experiencing.
2. The ESET log.
3. The OTL.Txt and the Extras.txt logs (may take several posts).

Thank you,

Faith

Faith,

"Just for fun," I thought I'd try to scan a doc this morning. When I tried, it said the 968W wasn't installed. So I ran thru the install process. Then I was able to scan a document (didn't attempt to print at that time). When I received your msg, I tried to print a page - this time, only the 968 XPS was listed, not the regular 968 printer (not even in Control Panel/Printers). The print action to 968 XPS resulted in one of the msgs I've seen before - no communication between the PC and printer.

I'll go through the next set of steps you listed in your message.

Thank you.

JJ8765

Faith,

Wow - I'm trying to follow the steps in the "First" section, and I'm just not able to follow.

RE your instructions for Vista users, to right-click IE and "run as admin" - and then do what? Now I've got an open IE window that was opened as "run as admin", but when I follow the other steps, such as to "Press Ctrl and click the "ESET Scan Online" link provided, that opens in its own IE window, too. So what was the point of right-clicking IE and choosing to "run as admin"? ESET is in the other non-admin window.

These steps are confusing:

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

In the second bullet, which steps do you intend for me to skip? Do you mean to skip all of the rest of the bullet points? Do you mean to skip some of them? If only skip some of them, which steps to skip?

If I click the button on the "non-admin" IE window, what is going to happen because (1) that window is not "admin" and (2) what do you want me to do after clicking that button? Since I'm using IE, I don't know which steps to skip and which steps to do. Where do I take up with the steps again?

Shouldn't I disable the Norton firewall and antivirus before starting this? The steps state to do that after all of the ESET steps are complete.

When do I reenable the firewall and antivirus?

Thank you.

JJ8765

Faith,

Regarding the "Norton 360" notes you last included:

To turn off NORTON 360 Virus & Spyware Protection

• Right-click the Norton 360 icon in the system tray and select Open Tasks and
  Settings Window.
• On the right side, under Settings, click on Change advanced settings.
• Next, click on the Virus & Spyware Protection Settings.
• Uncheck Turn on Auto-Protect and select Apply.
• You will be asked to select a time for Norton to reactivate.
• Choose Until I turn it back on.
• You can re-enable after the malware has been removed from your machine.

I wrote yesterday that the menu I get when I right-click the Norton 360 icon isn't what your steps state. I can "Disable Firewall" and "Disable Antivirus", but I cannot disable the Antispyware.  Since my "Print Screen" key is not working with SnagIt right now, I can't get you a screen shot (I've logged that issue with TechSmith). "Open Tasks and Settings Window" is not a valid selection.

Opening Norton 360 and clicking "Settings", there is no "Change Advanced Settings" selection.

Did you get those exact steps from Norton? My Norton 360 is up to date.

Thank you.

JJ8765

Faith,

Are you able to address my questions in the previous post?

Thank you.

JJ8765

Hi JJ8765,

I am not very familiar with Norton 360, but those are the instructions that we have available to us. You do not have to disable it for the ESET scan. You might have to allow it through the firewall and disable the AV if a fix is needed. I will give you a different scan to try if you continue to have problems with ESET.

In Vista, there is a tool called Snipping Tool that you can capture screenshots with. Click Start>All Programs>Accessories>Snipping Tool

You do need to run Internet Explorer (IE) as Administrator for ESET

Click Start>All Programs>Right Mouse Click on IE>Run as Administrator

Please proceed as follows:

First

To clear your Print Spooler.

Click Start>All Programs>Accessories>Right Mouse Click on Command Prompt>Run as Administrator

Copy & Paste the following commands in one at a time. Enter.

sc stop spoolsv.exe
Wait a couple of minutes.
sc start spoolsv.exe

If your printer is still not listed reinstall it.

Second

Run an online virus scan called Kaspersky from HERE.

1. At the main page. Press on "Accept". After reading the contents.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.

Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.
---

Review What to include in your response.

1. Let me know if you experienced any errors with the instructions and tell me exactly what problems you are still experiencing.
2. The ESET or kaspersky.txt log.
3. The OTL.Txt and the Extras.txt logs from my previous post (may take several posts).

Thank you,

Faith

Faith,

I'm still confused.

Before we go on to new steps, can you address the questions I asked earlier?

I'll copy & paste them here:

RE your instructions for Vista users, to right-click IE and "run as admin" - and then do what? Now I've got an open IE window that was opened as "run as admin", but when I follow the other steps, such as to "Press Ctrl and click the "ESET Scan Online" link provided, that opens in its own IE window, too. So what was the point of right-clicking IE and choosing to "run as admin"? ESET is in the other non-admin window.

These steps are confusing:

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

In the second bullet, which steps do you intend for me to skip? Do you mean to skip all of the rest of the bullet points? Do you mean to skip some of them? If only skip some of them, which steps to skip?

If I click the button on the "non-admin" IE window, what is going to happen because (1) that window is not "admin" and (2) what do you want me to do after clicking that button? Since I'm using IE, I don't know which steps to skip and which steps to do. Where do I take up with the steps again?

***********************

I still don't understand the points I pasted above.

In you last response, you wrote, "You do need to run Internet Explorer (IE) as Administrator for ESET "  I understand that. However, it doesn't address my questions above. Having an open IE that I opened as "run as admin" doesn't do anything. ESET is still in another IE window that is non-admin.

Thank you.

JJ8765