System files and a few other little questions

[Stevepac]

I posted the attachment. Its a few posts up. Its called stuff.txt and Ive done everything else you said.

[mauserme]

Sorry I missed it.  I have it now and will post again in a little while.

[mauserme]

The winpfind log looks fine.  Let's get rid of the malware remants and some leftover McAfee entries in the registry.

Please download ERUNT from here and back up your entire registry

http://www.snapfiles.com/get/erunt.html

Having done that then please apply the registry fix below

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2CF0B992-5EEB-4143-99C0-5297EF71F444}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"0IwM"=-
"2LRX2W83X2T3MQ"=-
"Bakra"=-
"Dpi"=-
"Pcsv"=-
"Rundll32_8"=-
"RVP"=-
"updmgr"=-
"WebSavingsfromEbates"=-
"WhenUSave"=-
"WhenUSearch"=-
"MCAgentExe"=-
"MCUpdateExe"=-

Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file.  Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop.

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

[Stevepac]

Ok Ill get on that tonight. I also have the result from VirusTotal:

Complete scanning result of "aswBoot.exe", processed in VirusTotal at 07/08/2007
09:14:51 (CET).

[ file data ]
* name: aswBoot.exe
* size: 745600
* md5.: e4cb48e2b994a91522ed2f7769ab0b30
* sha1: adb17e6e5070eafe041585be767a63cc8b4efe37

[ scan result ]
 AhnLab-V3   2007.7.7.0/20070706   found nothing
AntiVir   7.4.0.39/20070707   found nothing
Authentium   4.93.8/20070707   found nothing
Avast   4.7.997.0/20070706   found nothing
AVG   7.5.0.476/20070707   found nothing
BitDefender   7.2/20070708   found nothing
CAT-QuickHeal   9.00/20070707   found nothing
ClamAV   devel-20070416/20070707   found nothing
DrWeb   4.33/20070707   found nothing
eSafe   7.0.15.0/20070706   found nothing
eTrust-Vet   30.8.3769/20070707   found nothing
Ewido   4.0/20070707   found nothing
F-Prot   4.3.2.48/20070706   found nothing
F-Secure   6.70.13260.0/20070707   found nothing
FileAdvisor   1/20070708   found nothing
Fortinet   2.91.0.0/20070708   found nothing
Ikarus   T3.1.1.8/20070708   found nothing
Kaspersky   4.0.2.24/20070708   found nothing
McAfee   5069/20070706   found nothing
Microsoft   1.2704/20070708   found nothing
NOD32v2   2384/20070708   found nothing
Norman   5.80.02/20070706   found nothing
Panda   9.0.0.4/20070707   found nothing
Sophos   4.19.0/20070706   found nothing
Sunbelt   2.2.907.0/20070707   found nothing
Symantec   10/20070708   found nothing
TheHacker   6.1.6.143/20070705   found nothing
VBA32   3.12.0.2/20070707   found nothing
VirusBuster   4.3.23:9/20070707   found nothing
Webwasher-Gateway   6.0.1/20070708   found nothing


Looks good to me, but when I sent it it said this attachment could be dangerous blah blah.

[Lisandro]

aswBoot.exe is avast the boot time scanner... it's clean, isn't it?

[DavidR]

aswBoot.exe should be in the c:\windows\system32 folder, so it would appear to be correct.

[mauserme]

I'll go along with that.

I found some references to the file name aswboot.exe being used by a worm now so I wanted to double check.  Not really sure how accurate the information was ...

@Stevepac

Let me know when you've run the registry fix. 

We'll just clean your restore points and be done unless you want a firewall recommendation (it would be a good idea).

[Stevepac]

Well for once I am stumped. You completely lost me on what to do. I downloaded it and went through the whole set up process, but never seen anything were I could enter info

[mauserme]

Sorry.  Its 2 distinct steps. 

First download/install ERUNT and back up your registy.  Once the backup is done you're finished with this program (though its a good program worth keeping).

Second, open the notepad (Start>All Programs>Accessories>Notepad) and paste the contents of my quote box (above) into it.  Save it to your desktop with the name "fix.reg".  Close the notepad, right click the fix.reg icon, and choose  merge. 

[Stevepac]

Ok that is done. So can you tell me what exactly I've done to my computer :p

Also, some of my file names have turned blue and some are still black. You know anything about that?

Could any of this deleted all my itunes things too? Cuz they are all gone

[mauserme]

Blue file names indicate files that have been compressed by Windows XP to conserve disk space.  This is normal.

What we've done to your computer is remove two trojan backups and remants of Delfin Media Viewer spyware/adware, EUniverse Kean Value adware, WebSavingsFromEbates adware, WhenU.Save adware, WhenUSearch adware, BrowesreAid adware, and a reference to an unidentifiable executable that was running from a temporary folder (never a good thing).  When I asked you to uninstall Delfin and kill the other files associated with this adware with OTMoveIt none of them were found, meaning they were not runnable/no longer present.  So the only actual deletions were the trojans.

When you say your iTunes things are missing what do you mean by "things". 

[Stevepac]

All my songs and podcasts are gone.

This wasnt suppose to speed my computer up much was it? I dont see much of a difference so Im assuming its just a protection thing.

[mauserme]

After I used MoveIt I got this

C:\WINDOWS\system32\hhhkj.bak2 moved successfully.
C:\WINDOWS\system32\hhhkj.bak1 moved successfully.
File/Folder C:\WINDOWS\System32\IEHost34.exe not found.
File/Folder C:\WINDOWS\System32\LsxI52.exe not found.
File/Folder C:\documents and settings\megan\local settings\temp\0IwM.exe not found.
File/Folder C:\WINDOWS\System32\inetp60.dll not found.
File/Folder C:\Program Files\Common files\updmgr\updmgr.exe not found.
File/Folder C:\Program Files\Save\Save.exe not found.
File/Folder C:\PROGRAM Files\WHENUSEARCH\Search.exe not found.
File/Folder C:\WINDOWS\System32\stlbdist.DLL not found.
 
Created on 07-06-2007 10:36:05


Some not found....


EDIT: I had to send a email to VirusTool with C:\WINDOWS\system32\aswBoot.exe as the attachment because they were having a lot of entries or something

EDIT: No Delfin Media Viewer

The  two in bold are what we've deleted. They are both Vundo;  nothing to do with iTunes at all.

And yes, this is about protection rather than speeding things up.  Those two deleted files were lurking - wainting to be reactivated.  Similar concept with the adware (though not as menacing).

Have you looked directly at the iTunes folder in the file system for the files?

[Stevepac]

Yeah they are gone, no biggie. As for the adware, I have Ad Aware and I run that everyweek, but I was hoping you could help me with a few other problems:

Everytime I close my internet window I get this error: "The instruction at "0x7e1f9af3" referenced memory at "0x7dc48950" The memory could not be found.

Also when I log out I usually get a not responding error from MCCWSAWINDOW. You know anything that could help me?

[mauserme]

Everytime I close my internet window I get this error: "The instruction at "0x7e1f9af3" referenced memory at "0x7dc48950" The memory could not be found.

Is that still occuring even after the registry fix?

Also when I log out I usually get a not responding error from MCCWSAWINDOW. You know anything that could help me?

See if this helps

http://www.techsupportforum.com/microsoft-support/windows-xp-support/163951-logging-off-resolved.html