Downloads blocked; IE popup "website wants to open web content"

By rflindauer
Aug 4, 2011
Post New Reply
  1. Thanks for your help in advance. The title problems began a few days ago. Running google searches under IE9 repeatedly gives a Protected Mode pop-up re "Website wants to open web content ... using Rundll32". Software downloads now stall (some don't start, some stall at 99%) and no security scan occurs, leaving a dot partial file in Download folder. I DL'd the anti-malware on a separate laptop.

    Earlier today I ran the latest the latest MS malware removal tool (windows-kb890830-v3.21.exe) with no problems found. Malwarebytes' Antimalware and SuperAntiSpyware (SAS) both found trojan.agent/Gen-Kryptik. SAS also found Adware.Click.Spring/Yazzle in a game installation file that I had not run and two Adware.Tracking cookies. I used SAS to remove these threats and rebooted. The problems returned.

    Following your thread on malware removal I have the following logs:
    1)---------------------------------------------------
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7377

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    8/4/2011 12:26:37 PM
    mbam-log-2011-08-04 (12-26-37).txt

    Scan type: Quick scan
    Objects scanned: 177757
    Time elapsed: 11 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    2)----------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-04 12:32:42
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.11.0
    Running: 6pivmr35.exe; Driver: C:\Users\RFL\AppData\Local\Temp\kftdrpog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82F7AD48]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82F7AD72]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82F7AD5E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82F7AD34]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
    3)------------------------------------------------
    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by RFL at 12:37:29 on 2011-08-04
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2427 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\OO Software\Defrag\oodag.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\McAfee\MAT\McPvTray.exe
    C:\Program Files\Logitech\H760\H760.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\!_Installs\Utils_SW\ProcExp\ProcessExplorer_v14.11\procexp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    mURLSearchHooks: H - No File
    BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110601141147.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
    uRun: [OpAgent] "OpAgent.exe" /agent
    uRun: [MSNcfgUI] rundll32.exe "c:\users\rfl\appdata\local\cvtpathdrm\MSNcfgUI.dll",usbcrtSupport dbNet64
    uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [PDFHook] c:\program files\nuance\pdf professional 7\pdfpro7hook.exe
    mRun: [PDF7 Registry Controller] c:\program files\nuance\pdf professional 7\RegistryController.exe
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
    mRun: [OmniPage Preload] c:\program files\nuance\omnipage18\OmniPage18.exe /preload
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe"
    mRun: [Logitech H760] c:\program files\logitech\h760\H760.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM] "c:\programdata\flexnet\connect\11\isuspm.exe" -scheduler
    mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    mRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
    StartupFolder: c:\users\rfl\appdata\roaming\micros~1\windows\startm~1\programs\startup\procex~1.lnk - c:\!_installs\utils_sw\procexp\processexplorer_v14.11\procexp.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Open with Nuance PDF Converter 7.0 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB
    DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 216.144.187.37 204.186.0.201 207.44.96.129 192.168.1.1
    TCP: Interfaces\{4B4E1B4E-7A4D-4E5C-A73E-DC93EDD1F7DC} : DhcpNameServer = 216.144.187.37 204.186.0.201 207.44.96.129 192.168.1.1
    TCP: Interfaces\{A46102CB-674C-4D8F-A10A-11B71579F64D} : DhcpNameServer = 192.168.1.1 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-6-1 64048]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
    R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2011-1-16 127744]
    R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2010-8-30 20392]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-6-1 64648]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-6-1 163400]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c09c50a2\AEstSrv.exe [2011-2-20 73728]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-8-28 722616]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-3-9 366000]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\McSACore.exe [2010-8-31 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-1 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-1 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-1 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-1 165000]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-1 159832]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-1 148520]
    R2 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2010-9-10 2320712]
    R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
    R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-2-20 4869488]
    R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-2-20 416112]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-1 57432]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-8-9 111616]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-1 179248]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-1 337912]
    RUnknown SASKUTIL;SASKUTIL; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 BTWAMPFL;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2010-11-3 300584]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-11-3 33320]
    S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [2011-1-16 157568]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-1 59288]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-1 85984]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-2-20 16240]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-8-27 19968]
    S4 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
    S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [2007-1-25 91496]
    S4 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2010-7-25 134944]
    .
    =============== File Associations ===============
    .
    JSEFile=NOTEPAD.EXE %1
    regfile=NOTEPAD.EXE %1
    scrfile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2011-08-04 04:17:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-08-04 00:09:18 -------- d-----w- c:\users\rfl\appdata\roaming\Malwarebytes
    2011-08-04 00:09:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-04 00:09:03 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-04 00:08:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-04 00:08:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-02 06:24:54 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-08-02 00:55:20 -------- d-----w- c:\program files\Microsoft ActiveSync
    2011-08-02 00:55:10 -------- d-----w- c:\windows\PCHEALTH
    2011-08-02 00:37:38 -------- d-----w- c:\windows\pss
    2011-08-01 19:32:46 -------- d-----w- c:\users\rfl\appdata\local\CvtPathdrm
    2011-07-29 15:30:08 -------- d-----w- c:\programdata\WinZipSE
    2011-07-29 15:30:06 -------- d-----w- c:\program files\WinZip Self-Extractor
    2011-07-29 15:22:42 -------- d-----w- c:\programdata\BtCrashDumps
    2011-07-23 00:34:11 -------- d-----w- c:\users\rfl\appdata\roaming\Autodesk
    2011-07-22 22:15:19 -------- d-----w- c:\programdata\CADopia Standard 11
    2011-07-22 22:14:17 -------- d-----w- c:\program files\CADopia
    2011-07-20 01:53:41 -------- d-----w- c:\programdata\Amazon
    2011-07-07 22:39:12 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
    2011-07-07 22:39:12 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
    2011-07-07 22:39:10 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-07-07 22:38:47 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-07-07 22:38:47 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-07 21:52:23 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
    .
    ==================== Find3M ====================
    .
    2011-07-19 20:25:32 11776 ----a-w- c:\windows\system32\smrgdf.exe
    2011-07-19 20:25:22 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
    2011-06-17 16:31:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 12:38:04.75 ===============
    4)----------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/9/2010 4:32:28 AM
    System Uptime: 8/4/2011 12:05:39 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0U990C
    Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | Microprocessor | 2167/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 100 GiB total, 34.505 GiB free.
    D: is FIXED (NTFS) - 120 GiB total, 44.565 GiB free.
    E: is FIXED (NTFS) - 10 GiB total, 3.99 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    4TOPS Compare Spreadsheets using Excel 3.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop 7.0
    Adobe Photoshop Elements 7.0
    Adobe Photoshop v4.0
    Adobe Premiere 6.0
    Advanced RealMedia Export Plug-in for Premiere 6.0
    Advertising Center
    aioprnt
    aioscnnr
    Amazon Kindle For PC
    Amazon Unbox Video
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft MediaImpression
    ArcSoft TotalMedia Extreme
    Backer 6.7a
    Bamboo
    BCWipe 3.0
    Binary Viewer 2.0.9.1214
    BlackBerry Desktop Software 6.0.1
    Bonjour
    BufferChm
    C4USelfUpdater
    CADopia Standard 11
    center
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Color Efex Pro 3.0 Wacom Edition 3
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    Definition update for Microsoft Office 2010 (KB982726)
    Dell Driver Download Manager
    Dell Resource CD
    Dell Touchpad
    Dell Wireless WLAN Card Utility
    Destination Component
    DeviceManagementQFolder
    Dragon NaturallySpeaking 10
    eFax Messenger
    essentials
    Hauppauge HDPVR Scheduler
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Commercial Scanjet 5590 TWAIN Driver
    HP Imaging Device Functions 9.0
    HP LaserJet P2050 Series 4.0
    HP Scanjet 5590 9.0
    hpg5590
    hpg5590QFolder
    hppFonts
    hppQFolderP2050
    HPScanjet5590Corporate11
    ImagXpress
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    iolo technologies' System Mechanic
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) 6 Update 7
    Karen's Directory Printer
    Kodak AIO Printer
    KODAK AiO Software
    Logitech H760
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Marvell Miniport Driver
    McAfee Total Protection
    McAfee Virtual Technician
    Menu Templates - Pack 1
    Menu Templates - Starter Kit
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word 2003
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Modem Diagnostic Tool
    Movie Templates - Starter Kit
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero Vision Help
    NeroExpress
    neroxml
    Nuance OmniPage 18
    Nuance PDF Converter Professional 7
    O&O Defrag Professional
    ocr
    OFX Writer
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    PCMagazine WMatch Version 3.0
    PreReq
    Quicken 2009
    QuickTime
    RER Video Converter
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Scan
    ScannerCopy
    ScanSoft PaperPort 11
    Scansoft PDF Professional
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    ShareFile Desktop Sync
    SigmaTel Audio
    Skype Toolbars
    Skype™ 5.3
    SlingPlayer
    System Requirements Lab for Intel
    Text Twist 2 (remove only)
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wpaiper
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wpaiper
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wpaiper
    TurboTax 2010 wrapper
    TXTcollector
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2494150)
    Visual C++ Runtime for Dragon NaturallySpeaking
    VoiceOver Kit
    VZAccess Manager for RIM
    WD SmartWare
    WebReg
    WebSlingPlayer ActiveX
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    WIDCOMM Bluetooth Software
    Windows 7 Upgrade Advisor
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    WinZip 14.5
    WinZip Self-Extractor
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/4/2011 12:28:43 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume NewVista.
    8/4/2011 12:26:37 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
    8/4/2011 12:26:37 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
    8/4/2011 12:24:26 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    8/4/2011 12:15:43 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    8/4/2011 12:07:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    8/4/2011 12:07:39 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/4/2011 12:07:18 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    8/3/2011 8:07:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user RFL-PC\RFL SID (S-1-5-21-1479082335-3112900221-3136061019-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    8/3/2011 6:03:44 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    8/3/2011 5:48:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    8/3/2011 5:48:23 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/3/2011 5:48:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/3/2011 4:59:33 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.105 did not allow the name to be claimed by this computer.
    8/3/2011 3:28:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.48 for the Network Card with network address 00242B4FEBC3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/3/2011 11:37:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    8/3/2011 11:37:23 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    8/3/2011 11:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/3/2011 11:35:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/3/2011 11:35:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    8/3/2011 11:35:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/3/2011 11:35:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp ElRawDisk spldr Wanarpv6
    8/3/2011 11:35:23 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting.
    8/3/2011 11:35:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/3/2011 11:34:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/3/2011 11:34:07 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
    8/2/2011 3:42:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/2/2011 3:41:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/2/2011 3:41:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD archlp DfsC ElRawDisk mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:41:07 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/2/2011 3:39:41 AM, Error: EventLog [6008] - The previous system shutdown at 3:38:38 AM on 8/2/2011 was unexpected.
    8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
    8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
    8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
    8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
    8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
    8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service.
    8/2/2011 3:35:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
    8/2/2011 2:51:45 AM, Error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/2/2011 2:51:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Scanner service to connect.
    8/2/2011 2:51:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
    8/2/2011 2:19:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    8/1/2011 11:29:48 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): 'SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
    8/1/2011 11:28:41 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
    7/31/2011 12:58:47 PM, Error: Service Control Manager [7043] - The McAfee McShield service did not shut down properly after receiving a preshutdown control.
    7/30/2011 10:33:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    7/30/2011 10:11:41 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
    7/28/2011 7:25:05 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/28/2011 7:25:05 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    7/28/2011 7:17:44 PM, Error: EventLog [6008] - The previous system shutdown at 7:11:08 PM on 7/28/2011 was unexpected.
    7/28/2011 10:52:38 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
    7/28/2011 10:21:25 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================

    Regarding the "file system structure" error, this has been occurring sporadically for the past few months. System Mechanic v10.5.3 sometimes finds a drive problem and schedules CHKDSK on reboot. Chkdsk repeatedly finds numerous index errors, always for *.loc files in the same index ($I30) in the same file (1549)(example: Index entry ... 1394.inf_loc ... index $I30 ... file 1549 is incorrect). CHKDSK deletes the entries, does something, then recovers the orphans, and finishes up with no other error indications. Upon reboot the system has worked without evident error during these months. Spinrite deep scan on the whole drive (all pertitions) found no disk errors so I am assuming there is a file problem in a system area that isn't used now.

    Any insights or help on the download/popup problems will be greatly appreciated. Ditto for the "file system structure" error. Thank you.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot!
    I'd like you to refer to this for an understanding of Protected Mode
    Please use the links there and adjust your setting accordingly.

    Please refer to this regarding File System Structure.
    Make use of any fixes that may apply.

    You may have malware but these are basically system related problems. Please make use of the sites I referred you too and make any setting adjustment needed. When you have finished that and the system is more stable, let me know and we'll check for malware.
  3. rflindauer

    rflindauer Newcomer, in training Topic Starter

    Download and Pop-up Problem Solved

    Thanks for responding, Bobbye.

    The new problems started last weekend with Office 2007 apps (Word, Excel) that had worked for two years but suddenly were invoking installers upon being launched and then closing down with failed installations. Downloading various install files suddenly did not complete, leaving dot-partial files (Office 2007, MSRTool, MBAM, and SAS). The Protected Mode pop-up started about the same time. (I was able to download the above files on another machine.) Until this past weekend, I had no problems downloading executable files. Something changed.

    The Protected Mode reference was interesting. As I understand it, IE operates at a low integrity level in Protected Mode, which implies that processes invoked under IE also operate at low integrity (cannot interfere with higher integrity objects). The pop-up warns about a website wanting to launch rundll32 outside of Protected Mode. I’m not sure what settings you thought I should change. The only obvious one was to disable Protected Mode for IE. Wouldn’t that allow the new, unknown app to be launched under rundll32 without integrity restrictions? That didn’t sound like a good idea.

    I took a close look at the DDS log and saw a suspicious uRun entry under the Pseudo HJT Report: [MSNcfgUI] rundll32.exe
    "c:\users\rfl\appdata\local\cvtpathdrm\MSNcfgUI.dll", usbcrtSupport dbNet64. I checked the folder and file (cvtpathdrm\MSNcfgUI.dll); they were dated last Sunday. I renamed the file to MSNcfgUI.dll.bad and rebooted. When I logged on, there was an error message that that DLL was not found. The IE pop-up did not appear, and I was able to download an executable file. I checked the Registry and found the corresponding value under the HKCU_SW_MS_WIN_CV_Run key; this was the only reference to MSNcfgUI.dll, so I exported the key and then deleted the MSNcfgUI entry from the Registry. Reboot and log in went without error, the pop-up has not reappeared, and I can now download executable files again.

    At the risk of being off-topic, I had mentioned the CHKDSK problem with which I have been dealing for a few months. I am quite familiar with the File Structure article in Wikipedia. The best I have been able to glean from my readings is that some infrequently used part of Vista might be corrupted. I would appreciate your thoughts (or any other expert's) on what I should do to resolve the CHKDSK issue.

    Thanks to the Forum for the Seven Steps. RFL
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    uRun: [MSNcfgUI] rundll32.exe "c:\users\rfl\appdata\local\cvtpathdrm\MSNcfgUI.dll",usbcrtSupport dbNet64

    MSNcfgUI.dll
    1 & 2 MSN> Microsoft Network/ cdfgUI or CFGui is a Java app for species counterpoint analysis, composition, and playback.
    3. cvtpathdrm> can't ID
    cvt> (Coordinated Video Timings)
    path
    drm: > digital rights management
    4.USB crt support >CRT Monitor - Installing the USB Function: HP Support document
    5. DbNet x64.exe> Database for .net for Win 7, 64bit.
    Error which can appear if corrupt or removed:
    DBNETLIB ConnectionOpen (Connect()) error with Delphi 2010 application accessing SQL Server 2005 with OLEDB drivers on Windows 7 x64
    File description: DbNet 64
    File size: 1.51 MB

    We do not delete. remove/change.rename, etc. because we don't know what it is. It is a problem? Possibly? Should it have been sent out to pasture without knowing what it was? No.

    I'm going to have your thread moved to a more appropriate forum. After you get these issues resolved, you can come back here to check for malware. You have invalidated these logs by making the changes you did.

    I did not include the following because I did not know if I would leave the thread here. But if I had, you will note that most of what I said not to do has been done

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  5. rflindauer

    rflindauer Newcomer, in training Topic Starter

    OK

    My apologies, Bobbye. This is my first experience with Techspot. I see that you have a process and value the opportunity to get your help. I am sorry to have wasted any of your time. I will behave myself. I will follow all future advice on the CHKDSK issue and pop-up issue if it recurs.

    Just know that I lost two+ days on a critical, high-dollar client account because of this download problem.

    Please feel free to delete the thread. It would be relatively easy to start over in a more appropriate forum. Which forum do you recommend or would you be moving the thread to?

    I appreciate your overview of why the dll might have been legitimate. I do not have a USB crt. I do not use or have access to any Delphi type system and overtly run no SQL apps. I have no file sharing apps. I am running Vista 32-bit not Windows 7 64-bit. There is no obvious dbnet*.exe file on the machine. And the dll showed up concurrrently with the pop-up problem.

    I use rigorous problem solving approaches in my job. I have been working with "personal computers" since 1976 with a PDP-11/23 system; I have written 1000's of lines of code, and have extensive electronic experience. This has tought me to be extremely conservative with system changes. Generally, I am.

    Nevertheless, these problems are beyond me. I should have respected your process. Humble apologies again.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The thread has been moved so hopefully someone will be able to assist you.

    I understand your frustration. However please look at it from my point of view> it took considerable time to find, read and give you all of the references I did. While it didn't cost me money, it cost me time- and time is a very valuable commodity to me.

    I'll sign off the thread now.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.