Ask the PC Guy

please help me get rid of winerrorfixer 2007

15 Jan, 2008 Uncategorized

Deckard’s System Scanner v20071014.68
Run by Administrator on 2008-01-15 13:03:42
Computer is in Normal Mode.
——————————————————————————–

– System Restore ————————————————————–

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –
10: 2008-01-15 13:03:47 UTC - RP442 - Deckard’s System Scanner Restore Point
9: 2008-01-15 12:28:58 UTC - RP441 - Software Distribution Service 3.0
8: 2008-01-15 11:53:41 UTC - RP440 - Software Distribution Service 3.0
7: 2008-01-14 16:30:33 UTC - RP439 - Software Distribution Service 3.0
6: 2008-01-14 09:56:33 UTC - RP438 - Spyware Doctor: Cleaning Threats

– First Restore Point —
1: 2008-01-09 13:52:04 UTC - RP433 - martins first go

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).

– HijackThis Clone ————————————————————

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-15 13:06:12
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSexplorer.exe
C:Program FilesMcAfeeMSCmcmscsvc.exe
C:Program FilesCommon FilesMcAfeeMNAMcNASvc.exe
C:Program FilesCommon FilesMcAfeeMcProxyMcProxy.exe
C:Program FilesMcAfeeVirusScanMcshield.exe
C:Program FilesMcAfeeMPFMpfSrv.exe
C:Program FilesMicrosoft SQL ServerMSSQL$MICROSOFTBCMBinnsqlservr.exe
C:Program FilesSiteAdvisor6253SAService.exe
C:WINDOWSsystem32slserv.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32UAService7.exe
C:WINDOWSsystem32igfxtray.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesAnalog DevicesSoundMAXSMTray.exe
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:Program FilesSiteAdvisor6253SiteAdv.exe
C:Program FilesThomsonSpeedTouch USBdragdiag.exe
C:Program FilesBroadcomBACSBacsTray.exe
C:Program FilesMcAfeeMcAfee QuickCleanPlgUni.exe
C:Program Filesinstallersi.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHewlett-PackardDigital Imaginginhpobnz08.exe
C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe
C:Program FilesHewlett-PackardDigital Imaginginhpoevm08.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesHewlett-PackardDigital Imaginginhposts08.exe
C:Program FilesMcAfeeVirusScanmcsysmon.exe
C:Program FilesMcAfeeMSCmcuimgr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5L2Z0QH51dss[1].exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.karoo.co.uk/searchpage.asp
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.google.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.karoo.co.uk/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - {2BC28047-8A2D-463F-B410-F069F639C7A7} - C:WINDOWSsystem32awtsr.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:Program FilesSiteAdvisor6253SiteAdv.dll
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSMTray.exe
O4 - HKLM..Run: [SetRefresh] C:Program FilesCompaqSetRefreshSetRefresh.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [SiteAdvisor] C:Program FilesSiteAdvisor6253SiteAdv.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [mcagent_exe] C:Program FilesMcAfee.comAgentmcagent.exe /runkey
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [bacstray] C:Program FilesBroadcomBACS\BacsTray.exe
O4 - HKLM..Run: [6f330ce6] rundll32.exe "C:WINDOWSsystem32qrjwnekf.dll",b
O4 - HKCU..Run: [McAfee QuickClean Imonitor] C:Program FilesMcAfeeMcAfee QuickCleanPlguni.exe /START
O4 - HKCU..Run: [updateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU..Run: [NI] "C:Program Filesinstallersi.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:Program FilesHewlett-PackardDigital Imaginginhpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWS
etwork diagnosticxpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWS
etwork diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {3BA4271E-5C1E-48E2-B432-D8BF420DD31D} () - http://deuscleaneronline.com/CleanerInstall.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh…0/mcinsctl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get…/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives…ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV…oadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh…26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s…sh/swflash.cab
O17 - HKLMSYSTEMCCSServicesTcpip..{8B663F1C-FC26-46A6-8955-F1284858A63F}: NameServer = 212.50.160.100 213.249.130.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:Program FilesMSN Messengermsgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:Program FilesMSN Messengermsgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:Program FilesCommon FilesMicrosoft SharedWeb Components10OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:Program FilesCommon FilesMicrosoft SharedWeb Components11OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:Program FilesSiteAdvisor6253SiteAdv.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:Program FilesMcAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeMNAMcNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:Program FilesMcAfeeVirusScanmcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeMcProxyMcProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:Program FilesMcAfeeVirusScanMcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:Program FilesMcAfeeVirusScanmcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMpfSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:Program FilesSiteAdvisor6253SAService.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:WINDOWSsystem32slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:WINDOWSsystem32UAService7.exe

–
End of file - 9496 bytes

– File Associations ———————————————————–

All associations okay.

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ———————

R0 RecAgent - c:windowssystem32drivers
ecagent.sys <Not Verified; ; Modem>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:windowssystem32driverssfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:windowssystem32driverssfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:windowssystem32driverssfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>

S3 Mtlmnt5 - c:windowssystem32driversmtlmnt5.sys <Not Verified; ; Modem>
S3 Mtlstrm - c:windowssystem32driversmtlstrm.sys <Not Verified; ; Modem>
S3 NtMtlFax - c:windowssystem32drivers
tmtlfax.sys <Not Verified; ; Modem>
S3 SDTHOOK - c:windowssystem32driverssdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 Slnt7554 (USB Soft Modem Driver) - c:windowssystem32driversslnt7554.sys <Not Verified; ; Modem>
S3 SlWdmSup - c:windowssystem32driversslwdmsup.sys <Not Verified; ; Modem>
S3 SYMIDSCO - c:progra~1common~1symant~1symcdataids-di~120040813.178symidsco.sys (file missing)

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ——————–

R2 SLService (SmartLinkService) - slserv.exe <Not Verified; ; Modem>
R2 UserAccess7 (SecuROM User Access Service (V7)) - c:windowssystem32uaservice7.exe

– Device Manager: Disabled —————————————————-

No disabled devices found.

– Scheduled Tasks ————————————————————-

2007-10-09 05:15:03 406 –a—— C:WINDOWSTasksFRU Task #Hewlett-Packard#hp psc 2170 series#1126847679.job
2007-08-01 00:00:07 368 –ah—– C:WINDOWSTasksMcQcTask.job
2007-05-02 11:17:01 358 –a—— C:WINDOWSTasksFRU Task #Hewlett-Packard#hp psc 2170 series#1170416511.job
2006-11-02 09:25:36 280 –ah—– C:WINDOWSTasksMcDefragTask.job

– Files created between 2007-12-15 and 2008-01-15 —————————–

2008-01-15 11:43:07 2008-01-15 11:38:46 2008-01-15 10:43:32 2008-01-15 10:28:21 2008-01-15 10:24:04 2008-01-15 10:23:35 2008-01-14 16:25:24 2008-01-11 15:13:42 2008-01-11 13:48:26 etwork diagnostic
2008-01-10 14:38:12 2008-01-10 13:51:31 2008-01-10 11:55:19 2008-01-10 11:52:15 2008-01-10 11:40:31 2008-01-09 14:06:21 2008-01-08 13:52:36 2008-01-07 09:42:57 2007-12-31 11:57:33 2007-12-18 15:07:07 stwa.ini2
2007-12-18 15:06:26 2007-12-18 15:00:46 0 d——– C:ie-spyad_zo
0 d——– C:Program FilesSpywareBlaster
8576 –a—— C:WINDOWSsystem32driversigybegelbpto.sys <Not Verified; Panda Software International; RKPavProc Driver>
89152 –a—— C:WINDOWSsystem32qrjwnekf.dll
44928 –a—— C:WINDOWSsystem32driversSDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
8576 –a—— C:WINDOWSsystem32driversfxysrxohjaey.sys <Not Verified; Panda Software International; RKPavProc Driver>
0 d——– C:WINDOWSsystem32ActiveScan
0 d-a—— C:Documents and SettingsAll UsersApplication DataTEMP
0 d——– C:WINDOWS
0 d——– C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
0 d——– C:Program FilesThomson
1050281 —hs—- C:WINDOWSsystem32kdnoqvvt.ini2
0 dr-h—– C:Documents and SettingsAdministratorRecent
0 d——– C:Program FilesThomson(2)
0 d——– C:Documents and SettingsAdministratorApplication DataGrisoft
0 d——– C:Program Filesinstaller
0 d–h—– C:WINDOWSmsdownld.tmp
4155 –a—— C:dec207
406215 –ahs—- C:WINDOWSsystem32
328704 —–n— C:WINDOWSsystem32awtsr.dll
0 d——– C:WINDOWSsystem32ineWc01

– Find3M Report —————————————————————

2008-01-14 15:53:53 0 d——– C:Documents and SettingsAdministratorApplication DataMcAfee
2008-01-14 15:50:39 0 d——– C:Program FilesCommon Files
2008-01-10 14:38:44 0 d——– C:Documents and SettingsAdministratorApplication DataSiteAdvisor
2008-01-10 13:57:43 0 d——– C:Program FilesCommon FilesKCins
2008-01-10 11:52:09 0 d–h—– C:Program FilesInstallShield Installation Information
2008-01-09 13:17:45 0 d——– C:Program FilesCompaq
2008-01-08 15:08:22 0 d——– C:Program FilesDivX
2007-12-31 11:57:43 0 d——– C:Program FilesSage Payroll
2007-12-19 12:47:05 0 d——– C:Program FilesSiteAdvisor
2007-12-03 14:23:01 4009 –a—— C:dec07
2007-11-22 10:57:29 0 d——– C:Program FilesMcAfee
2007-11-21 09:52:49 0 d——– C:Program FilesCommon FilesMcAfee
2007-11-06 10:16:47 3920 –a—— C:
ov07

– Registry Dump —————————————————————

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{2BC28047-8A2D-463F-B410-F069F639C7A7}]
18/12/2007 15:06 328704 ——— C:WINDOWSsystem32awtsr.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"IgfxTray"="C:WINDOWSsystem32igfxtray.exe" [30/09/2004 16:41]
"HotKeysCmds"="C:WINDOWSsystem32hkcmd.exe" [30/09/2004 16:37]
"Smapp"="C:Program FilesAnalog DevicesSoundMAXSMTray.exe" [30/07/2003 16:08]
"SetRefresh"="C:Program FilesCompaqSetRefreshSetRefresh.exe" [20/11/2003 18:01]
"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" [21/11/2006 14:38]
"SiteAdvisor"="C:Program FilesSiteAdvisor6253SiteAdv.exe" [02/10/2006 19:09]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [23/10/2007 08:40]
"mcagent_exe"="C:Program FilesMcAfee.comAgentmcagent.exe" [03/08/2007 22:33]
"SpeedTouch USB Diagnostics"="C:Program FilesThomsonSpeedTouch USBDragdiag.exe" [26/01/2004 11:38]
"bacstray"="C:Program FilesBroadcomBACS\BacsTray.exe" [18/08/2004 19:26]
"6f330ce6"="C:WINDOWSsystem32qrjwnekf.dll" [15/01/2008 10:28]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"McAfee QuickClean Imonitor"="C:Program FilesMcAfeeMcAfee QuickCleanPlguni.exe" [08/09/2004 04:00]
"updateMgr"="C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" [30/03/2006 15:45]
"NI"="C:Program Filesinstallersi.exe" [23/03/2007 17:07]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [04/08/2004 08:00]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe [23/09/2005 21:05:26]
hp psc 2000 Series.lnk - C:Program FilesHewlett-PackardDigital Imaginginhpobnz08.exe [09/04/2003 17:41:38]
hpoddt01.exe.lnk - C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe [06/04/2003 00:06:58]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32awtsr.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
@=""

– End of Deckard’s System Scanner: finished at 2008-01-15 13:07:18 ————

Attached Files