Downloads blocked; IE popup "website wants to open web content"

[rflindauer]

Thanks for your help in advance. The title problems began a few days ago. Running google searches under IE9 repeatedly gives a Protected Mode pop-up re "Website wants to open web content ... using Rundll32". Software downloads now stall (some don't start, some stall at 99%) and no security scan occurs, leaving a dot partial file in Download folder. I DL'd the anti-malware on a separate laptop.

Earlier today I ran the latest the latest MS malware removal tool (windows-kb890830-v3.21.exe) with no problems found. Malwarebytes' Antimalware and SuperAntiSpyware (SAS) both found trojan.agent/Gen-Kryptik. SAS also found Adware.Click.Spring/Yazzle in a game installation file that I had not run and two Adware.Tracking cookies. I used SAS to remove these threats and rebooted. The problems returned.

Following your thread on malware removal I have the following logs:
1)---------------------------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7377

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/4/2011 12:26:37 PM
mbam-log-2011-08-04 (12-26-37).txt

Scan type: Quick scan
Objects scanned: 177757
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
2)----------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-04 12:32:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.11.0
Running: 6pivmr35.exe; Driver: C:\Users\RFL\AppData\Local\Temp\kftdrpog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82F7AD48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82F7AD72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82F7AD5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82F7AD34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
3)------------------------------------------------
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by RFL at 12:37:29 on 2011-08-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2427 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\Logitech\H760\H760.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\!_Installs\Utils_SW\ProcExp\ProcessExplorer_v14.11\procexp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: H - No File
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110601141147.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [MSNcfgUI] rundll32.exe "c:\users\rfl\appdata\local\cvtpathdrm\MSNcfgUI.dll",usbcrtSupport dbNet64
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDFHook] c:\program files\nuance\pdf professional 7\pdfpro7hook.exe
mRun: [PDF7 Registry Controller] c:\program files\nuance\pdf professional 7\RegistryController.exe
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
mRun: [OmniPage Preload] c:\program files\nuance\omnipage18\OmniPage18.exe /preload
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe"
mRun: [Logitech H760] c:\program files\logitech\h760\H760.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM] "c:\programdata\flexnet\connect\11\isuspm.exe" -scheduler
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\users\rfl\appdata\roaming\micros~1\windows\startm~1\programs\startup\procex~1.lnk - c:\!_installs\utils_sw\procexp\processexplorer_v14.11\procexp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open with Nuance PDF Converter 7.0 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 216.144.187.37 204.186.0.201 207.44.96.129 192.168.1.1
TCP: Interfaces\{4B4E1B4E-7A4D-4E5C-A73E-DC93EDD1F7DC} : DhcpNameServer = 216.144.187.37 204.186.0.201 207.44.96.129 192.168.1.1
TCP: Interfaces\{A46102CB-674C-4D8F-A10A-11B71579F64D} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-6-1 64048]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2011-1-16 127744]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2010-8-30 20392]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-6-1 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-6-1 163400]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c09c50a2\AEstSrv.exe [2011-2-20 73728]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-8-28 722616]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-3-9 366000]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\McSACore.exe [2010-8-31 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-1 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-1 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-1 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-1 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-1 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-1 148520]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2010-9-10 2320712]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-2-20 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-2-20 416112]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-1 57432]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-8-9 111616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-1 179248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-1 337912]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BTWAMPFL;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2010-11-3 300584]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-11-3 33320]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [2011-1-16 157568]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-1 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-1 85984]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-2-20 16240]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-8-27 19968]
S4 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [2007-1-25 91496]
S4 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2010-7-25 134944]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-08-04 04:17:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-04 00:09:18 -------- d-----w- c:\users\rfl\appdata\roaming\Malwarebytes
2011-08-04 00:09:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 00:09:03 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 00:08:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 00:08:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 06:24:54 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-08-02 00:55:20 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-08-02 00:55:10 -------- d-----w- c:\windows\PCHEALTH
2011-08-02 00:37:38 -------- d-----w- c:\windows\pss
2011-08-01 19:32:46 -------- d-----w- c:\users\rfl\appdata\local\CvtPathdrm
2011-07-29 15:30:08 -------- d-----w- c:\programdata\WinZipSE
2011-07-29 15:30:06 -------- d-----w- c:\program files\WinZip Self-Extractor
2011-07-29 15:22:42 -------- d-----w- c:\programdata\BtCrashDumps
2011-07-23 00:34:11 -------- d-----w- c:\users\rfl\appdata\roaming\Autodesk
2011-07-22 22:15:19 -------- d-----w- c:\programdata\CADopia Standard 11
2011-07-22 22:14:17 -------- d-----w- c:\program files\CADopia
2011-07-20 01:53:41 -------- d-----w- c:\programdata\Amazon
2011-07-07 22:39:12 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-07 22:39:12 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-07 22:39:10 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-07 22:38:47 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-07 22:38:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-07 21:52:23 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
.
==================== Find3M ====================
.
2011-07-19 20:25:32 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-07-19 20:25:22 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-06-17 16:31:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:38:04.75 ===============
4)----------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/9/2010 4:32:28 AM
System Uptime: 8/4/2011 12:05:39 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | Microprocessor | 2167/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 34.505 GiB free.
D: is FIXED (NTFS) - 120 GiB total, 44.565 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 3.99 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
4TOPS Compare Spreadsheets using Excel 3.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Photoshop Elements 7.0
Adobe Photoshop v4.0
Adobe Premiere 6.0
Advanced RealMedia Export Plug-in for Premiere 6.0
Advertising Center
aioprnt
aioscnnr
Amazon Kindle For PC
Amazon Unbox Video
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
ArcSoft TotalMedia Extreme
Backer 6.7a
Bamboo
BCWipe 3.0
Binary Viewer 2.0.9.1214
BlackBerry Desktop Software 6.0.1
Bonjour
BufferChm
C4USelfUpdater
CADopia Standard 11
center
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Color Efex Pro 3.0 Wacom Edition 3
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Definition update for Microsoft Office 2010 (KB982726)
Dell Driver Download Manager
Dell Resource CD
Dell Touchpad
Dell Wireless WLAN Card Utility
Destination Component
DeviceManagementQFolder
Dragon NaturallySpeaking 10
eFax Messenger
essentials
Hauppauge HDPVR Scheduler
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Commercial Scanjet 5590 TWAIN Driver
HP Imaging Device Functions 9.0
HP LaserJet P2050 Series 4.0
HP Scanjet 5590 9.0
hpg5590
hpg5590QFolder
hppFonts
hppQFolderP2050
HPScanjet5590Corporate11
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iolo technologies' System Mechanic
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Karen's Directory Printer
Kodak AIO Printer
KODAK AiO Software
Logitech H760
Malwarebytes' Anti-Malware version 1.51.1.1800
Marvell Miniport Driver
McAfee Total Protection
McAfee Virtual Technician
Menu Templates - Pack 1
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word 2003
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Modem Diagnostic Tool
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
Nuance OmniPage 18
Nuance PDF Converter Professional 7
O&O Defrag Professional
ocr
OFX Writer
OGA Notifier 2.0.0048.0
PanoStandAlone
PCMagazine WMatch Version 3.0
PreReq
Quicken 2009
QuickTime
RER Video Converter
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Scan
ScannerCopy
ScanSoft PaperPort 11
Scansoft PDF Professional
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
ShareFile Desktop Sync
SigmaTel Audio
Skype Toolbars
Skype™ 5.3
SlingPlayer
System Requirements Lab for Intel
Text Twist 2 (remove only)
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wpaiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wpaiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wpaiper
TurboTax 2010 wrapper
TXTcollector
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2494150)
Visual C++ Runtime for Dragon NaturallySpeaking
VoiceOver Kit
VZAccess Manager for RIM
WD SmartWare
WebReg
WebSlingPlayer ActiveX
WebTablet IE Plugin
WebTablet Netscape Plugin
WIDCOMM Bluetooth Software
Windows 7 Upgrade Advisor
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip 14.5
WinZip Self-Extractor
.
==== Event Viewer Messages From Past Week ========
.
8/4/2011 12:28:43 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume NewVista.
8/4/2011 12:26:37 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
8/4/2011 12:26:37 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
8/4/2011 12:24:26 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/4/2011 12:15:43 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
8/4/2011 12:07:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/4/2011 12:07:39 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/4/2011 12:07:18 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/3/2011 8:07:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user RFL-PC\RFL SID (S-1-5-21-1479082335-3112900221-3136061019-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/3/2011 6:03:44 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/3/2011 5:48:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/3/2011 5:48:23 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2011 5:48:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/3/2011 4:59:33 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.105 did not allow the name to be claimed by this computer.
8/3/2011 3:28:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.48 for the Network Card with network address 00242B4FEBC3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/3/2011 11:37:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
8/3/2011 11:37:23 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/3/2011 11:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/3/2011 11:35:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/3/2011 11:35:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/3/2011 11:35:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/3/2011 11:35:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp ElRawDisk spldr Wanarpv6
8/3/2011 11:35:23 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting.
8/3/2011 11:35:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/3/2011 11:34:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/3/2011 11:34:07 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
8/2/2011 3:42:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/2/2011 3:41:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/2/2011 3:41:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD archlp DfsC ElRawDisk mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 3:39:41 AM, Error: EventLog [6008] - The previous system shutdown at 3:38:38 AM on 8/2/2011 was unexpected.
8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service.
8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
8/2/2011 2:51:45 AM, Error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/2/2011 2:51:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Scanner service to connect.
8/2/2011 2:51:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
8/2/2011 2:19:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
8/1/2011 11:29:48 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): 'SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
8/1/2011 11:28:41 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
7/31/2011 12:58:47 PM, Error: Service Control Manager [7043] - The McAfee McShield service did not shut down properly after receiving a preshutdown control.
7/30/2011 10:33:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
7/30/2011 10:11:41 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
7/28/2011 7:25:05 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/28/2011 7:25:05 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
7/28/2011 7:17:44 PM, Error: EventLog [6008] - The previous system shutdown at 7:11:08 PM on 7/28/2011 was unexpected.
7/28/2011 10:52:38 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
7/28/2011 10:21:25 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

Regarding the "file system structure" error, this has been occurring sporadically for the past few months. System Mechanic v10.5.3 sometimes finds a drive problem and schedules CHKDSK on reboot. Chkdsk repeatedly finds numerous index errors, always for *.loc files in the same index ($I30) in the same file (1549)(example: Index entry ... 1394.inf_loc ... index $I30 ... file 1549 is incorrect). CHKDSK deletes the entries, does something, then recovers the orphans, and finishes up with no other error indications. Upon reboot the system has worked without evident error during these months. Spinrite deep scan on the whole drive (all pertitions) found no disk errors so I am assuming there is a file problem in a system area that isn't used now.

Any insights or help on the download/popup problems will be greatly appreciated. Ditto for the "file system structure" error. Thank you.

 

[Bobbye]

Welcome to TechSpot!
I'd like you to refer to this for an understanding of Protected Mode
Please use the links there and adjust your setting accordingly.

Please refer to this regarding File System Structure.
Make use of any fixes that may apply.

You may have malware but these are basically system related problems. Please make use of the sites I referred you too and make any setting adjustment needed. When you have finished that and the system is more stable, let me know and we'll check for malware.

 

[rflindauer]

Download and Pop-up Problem Solved

Thanks for responding, Bobbye.

The new problems started last weekend with Office 2007 apps (Word, Excel) that had worked for two years but suddenly were invoking installers upon being launched and then closing down with failed installations. Downloading various install files suddenly did not complete, leaving dot-partial files (Office 2007, MSRTool, MBAM, and SAS). The Protected Mode pop-up started about the same time. (I was able to download the above files on another machine.) Until this past weekend, I had no problems downloading executable files. Something changed.

The Protected Mode reference was interesting. As I understand it, IE operates at a low integrity level in Protected Mode, which implies that processes invoked under IE also operate at low integrity (cannot interfere with higher integrity objects). The pop-up warns about a website wanting to launch rundll32 outside of Protected Mode. I’m not sure what settings you thought I should change. The only obvious one was to disable Protected Mode for IE. Wouldn’t that allow the new, unknown app to be launched under rundll32 without integrity restrictions? That didn’t sound like a good idea.

I took a close look at the DDS log and saw a suspicious uRun entry under the Pseudo HJT Report: [MSNcfgUI] rundll32.exe
"c:\users\rfl\appdata\local\cvtpathdrm\MSNcfgUI.dll", usbcrtSupport dbNet64. I checked the folder and file (cvtpathdrm\MSNcfgUI.dll); they were dated last Sunday. I renamed the file to MSNcfgUI.dll.bad and rebooted. When I logged on, there was an error message that that DLL was not found. The IE pop-up did not appear, and I was able to download an executable file. I checked the Registry and found the corresponding value under the HKCU_SW_MS_WIN_CV_Run key; this was the only reference to MSNcfgUI.dll, so I exported the key and then deleted the MSNcfgUI entry from the Registry. Reboot and log in went without error, the pop-up has not reappeared, and I can now download executable files again.

At the risk of being off-topic, I had mentioned the CHKDSK problem with which I have been dealing for a few months. I am quite familiar with the File Structure article in Wikipedia. The best I have been able to glean from my readings is that some infrequently used part of Vista might be corrupted. I would appreciate your thoughts (or any other expert's) on what I should do to resolve the CHKDSK issue.

Thanks to the Forum for the Seven Steps. RFL

 

[Bobbye]

I took a close look at the DDS log and saw a suspicious uRun entry under the Pseudo HJT Report: [MSNcfgUI] rundll32.exe
"c:\users\rfl\appdata\local\cvtpathdrm\MSNcfgUI.dll", usbcrtSupport dbNet64. I checked the folder and file (cvtpathdrm\MSNcfgUI.dll); they were dated last Sunday. I renamed the file to MSNcfgUI.dll.bad and rebooted. When I logged on, there was an error message that that DLL was not found. The IE pop-up did not appear, and I was able to download an executable file. I checked the Registry and found the corresponding value under the HKCU_SW_MS_WIN_CV_Run key; this was the only reference to MSNcfgUI.dll, so I exported the key and then deleted the MSNcfgUI entry from the Registry. Reboot and log in went without error, the pop-up has not reappeared, and I can now download executable files again.

uRun: [MSNcfgUI] rundll32.exe "c:\users\rfl\appdata\local\cvtpathdrm\MSNcfgUI.dll",usbcrtSupport dbNet64

MSNcfgUI.dll
1 & 2 MSN> Microsoft Network/ cdfgUI or CFGui is a Java app for species counterpoint analysis, composition, and playback.
3. cvtpathdrm> can't ID
cvt> (Coordinated Video Timings)
path
drm: > digital rights management
4.USB crt support >CRT Monitor - Installing the USB Function: HP Support document
5. DbNet x64.exe> Database for .net for Win 7, 64bit.
Error which can appear if corrupt or removed:
DBNETLIB ConnectionOpen (Connect()) error with Delphi 2010 application accessing SQL Server 2005 with OLEDB drivers on Windows 7 x64
File description: DbNet 64
File size: 1.51 MB

We do not delete. remove/change.rename, etc. because we don't know what it is. It is a problem? Possibly? Should it have been sent out to pasture without knowing what it was? No.

I'm going to have your thread moved to a more appropriate forum. After you get these issues resolved, you can come back here to check for malware. You have invalidated these logs by making the changes you did.

I did not include the following because I did not know if I would leave the thread here. But if I had, you will note that most of what I said not to do has been done

My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[rflindauer]

OK

My apologies, Bobbye. This is my first experience with Techspot. I see that you have a process and value the opportunity to get your help. I am sorry to have wasted any of your time. I will behave myself. I will follow all future advice on the CHKDSK issue and pop-up issue if it recurs.

Just know that I lost two+ days on a critical, high-dollar client account because of this download problem.

Please feel free to delete the thread. It would be relatively easy to start over in a more appropriate forum. Which forum do you recommend or would you be moving the thread to?

I appreciate your overview of why the dll might have been legitimate. I do not have a USB crt. I do not use or have access to any Delphi type system and overtly run no SQL apps. I have no file sharing apps. I am running Vista 32-bit not Windows 7 64-bit. There is no obvious dbnet*.exe file on the machine. And the dll showed up concurrrently with the pop-up problem.

I use rigorous problem solving approaches in my job. I have been working with "personal computers" since 1976 with a PDP-11/23 system; I have written 1000's of lines of code, and have extensive electronic experience. This has tought me to be extremely conservative with system changes. Generally, I am.

Nevertheless, these problems are beyond me. I should have respected your process. Humble apologies again.

 

[Bobbye]

The thread has been moved so hopefully someone will be able to assist you.

I understand your frustration. However please look at it from my point of view> it took considerable time to find, read and give you all of the references I did. While it didn't cost me money, it cost me time- and time is a very valuable commodity to me.

I'll sign off the thread now.