Help with Windows XP

[Bewildered]

So, my wife's computer is acting up. Windows XP, SP3.

 

Occasionally, when shes idle for a period of time, the machine reboots. Also it appears to hang during shutdown (also occasionally). In the system event viewer, I find the following appears consistent with reboot/hang on shutdown times.

 

The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

 

For the hang on shutdown this message appears every hour.

 

Any smart ideas?

Edited September 3, 2008 by Bewildered

[ZeroDamage]

Download Hijackthis from here, run it and copy+paste the log in a post.

 

http://www.trendsecure.com/portal/en-US/to...ools/hijackthis

[ZesteR]

Well I was gonna put my 2 cents in, but then u had to go and say this:

 

Any smart ideas?

 

 

+1 for Hijackthis

Edited September 3, 2008 by ZesteR

[Bewildered]

Download Hijackthis from here, run it and copy+paste the log in a post.

 

http://www.trendsecure.com/portal/en-US/to...ools/hijackthis

 

See attached.

hijackthis.txt

[ZeroDamage]

This is a classic spyware infection. Remove these items via Hijackthis first.

 

Spyware Related:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

 

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021YYUS

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

 

 

 

Stuff that isn't really needed and is obviously not advising your wife very well.

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Remove and will reinstall if legit and needed later.

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v47/...GamesLoader.cab

O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v45/solit...litairerush.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.25/uploader2.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tba...pointsSetup.exe

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179532521265

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179532578281

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab

 

Start with these things and especially the virus stuff. Another post coming with a few more things to do.

[ZeroDamage]

Ok, there is seriously so much junk running on the computer at start up that are probably not being used that it is over the top. First and foremost though is to get rid of that spyware.

 

Close all of your other programs. Disable the antivirus (McAfee is crap anyway. I wouldn't renew and I would actually probably remove it and install something lighter weight and that actually works). Close all of your programs and then download this to your desktop and run it from your desktop. Let it do it's thing and do not interrupt it or run any other apps while it is doing the cleaning. It will get rid of all traces of the mywebsearch junk. Then copy and paste the log of what it did in a post here.

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[Bewildered]

Thanks so much ... I'll do this tonight, and report back.

 

P.S. ... what should we use instead of McAfee? I wanted something that would keep itself up-to-date and be maintenance free (for me). Symantec?

[ZeroDamage]

After you run the ComboFix.exe and post the log here, restart the computer and install Spybot. Completely update spybot. You will have to right-click on the screen for what you want to update and select all. Then run a complete scan on your computer so it will get anything left behind or that combofix isn't meant to clean off of your wife's PC. Do not install the TeaTimer program as it is more of a headache than anything. Can be useful though if you are having a hard time getting something removed.

 

http://fileforum.betanews.com/detail/Spybo...oy/1043809773/1

 

If your wife doesn't use firefox, get it installed and show her how to use it. Also explain that "SmileyCentral" is spyware and not to install it, no matter how cool the smilies look.

 

 

I would seriously consider doing away with McAfee and getting the free AVG or Cujo's pick NOD32 which is a much better anti-virus than anything else out there, it is cheap, and it is easy on the resources. McAfee is as bad as Symantec/Norton now when it comes to how badly it hogs the system. And it is obviously not working too well.

 

After installing Spybot, I would download these tasks and put them in your C:\Windows\Tasks\ Folder. Open each one up and make sure you set your wife's password for each one so that they run. The one titled Spybot Update.Job will run Spybot in the background when your wife logs on and it will update all of the definitions, it will update the immunization database, and then it will all close and she will not see it work.

 

http://dl.getdropbox.com/u/71249/spybot/Spybot%20Update.job

 

 

This one will actualy run the same thing as above but it will also do a scheduled scan of the system, it will automatically clean the infections, and it will then close all in the background so your wife cannot see it. It can slow the machine down some so it is best to modify it on the Settings tab to run if the machine has only been idle for like 10 minutes and to cease if the machine stop being idle. You can also set it to keep retrying to run if the machine is not busy at the designated scan time. If your wife leaves it on all night normally, then set it to run at like 4 am or something. Otherwise, set it for when she is home and the PC is normally on but you are eating dinner or something. How you want to set it is up to you but know this, it works like a charm. I have this set up on all of my users at work to run at night or during their lunch and the idle settings keep them from being burdened with a slow machine if they happen to work through lunch that day. In two years, there hasn't been a single major virus/spyware outbreak on my 100~ or so users and they all have admin rights (not my decision but in place when I came to the department). This is one of my "secret computer ninja" techniques. Give it a try.

 

http://dl.getdropbox.com/u/71249/spybot/Sp...and%20Clean.job

[ZeroDamage]

Thanks so much ... I'll do this tonight, and report back.

 

P.S. ... what should we use instead of McAfee? I wanted something that would keep itself up-to-date and be maintenance free (for me). Symantec?

 

If you do the spybot thing that I have above with the scheduled scans and the automatic immunizations, you will basically have the malware thing taken care of. To compliment that, install the new AVG 8.0 Free and in the program, set a scheduled task to do scans at night if your wife leaves the PC on. Or have her leave it on Friday and Saturday nights for example and schedule the virus scans on those nights. I cannot use AVG on the work machines due to licensing issues but it works great on my wife's machine and my Dad's machine and etc. Works great in combination with the Spybot setup. Just do not schedule them to run at the same time as that can really slow the machine down.

 

http://free.avg.com/ww.download?prd=afe

[Bewildered]

Then copy and paste the log of what it did in a post here

log.txt

[Shazz]

+1 for this thread. Great info ZD.

[ZeroDamage]

She had that thing awfully infected. It should run a lot better now.

 

The next steps are to download and run CCleaner.

 

Do the registry one too but just make sure you make a backup and dump it to your my docs or better yet, an external drive like a thumb drive.

 

Then do a full defrag over night.

[ZeroDamage]

One more thing you can do is install this which puts an icon in your control panel (works for Vista as well). http://www.mlin.net/StartupCPL.shtml

 

This will let you disable apps from starting with the PC. No need for Steam to start when the PC starts. That includes most of that other crap that I saw on the Hijackthis log. If you install AVG, do not disable those nor the Nvidia items but much of that crap could be disabled such as Instant Messagers and the like.

[Cujo]

i for sure recommend nod32.

 

as for all this new junk being released i find malware bytes does a solid job getting rid of it. a quick scan is much quicker than spybot and 95% of the time it gets rid of everything. make sure you disable system restore before you start and then enable it again once you're clean.

[Bewildered]

I'm done up through the AVG install. Will run ccleaner tonight then.

 

[ZeroDamage]

i for sure recommend nod32.

 

as for all this new junk being released i find malware bytes does a solid job getting rid of it. a quick scan is much quicker than spybot and 95% of the time it gets rid of everything. make sure you disable system restore before you start and then enable it again once you're clean.

 

Yeah, I use malware bytes as well when the infection is pretty bad and a reinstall isn't an option. In the case of the mywebsearch junk, spybot gets most of it but often leaves a few files behind (at least it used to, probably doesn't now) and combofix gets rid of it for sure.

[ZeroDamage]

Did this work out?

[Bewildered]

Yep!

[dragonfly]

I made the brand new imac crash yesterday at school using GSP... am I a hero?

[ZeroDamage]

To finish up this thread (which should probably be stickied in an organized way because it could be referenced to multiple people). Smart Defrag which will defrag and optimize (which is the setting you should use). http://www.majorgeeks.com/download.php?det=5318

 

Set up a schedule too so it will do it for you once a week or so and leave the automated thing on so it will do it when your system is idle. Best defrag app I've seen for Windows yet.

[anonymo]

I made the brand new imac crash yesterday at school using GSP... am I a hero?

Nope, typical user experience. Working as intended...etc.

[dragonfly]

I made the brand new imac crash yesterday at school using GSP... am I a hero?

Nope, typical user experience. Working as intended...etc.

 

And last Thursday it's still not working! <3

[NorgmaN]

I vote Kaspersky Antivirus, Ad-Aware 2008, CCleaner and Registry Mechanic.

 

I use all 4 every Sunday to make sure my computer is clean. The only programs that I actually NEED to run is CCleaner and RegMech, because Kaspersky blocks just about anything that tries to load onto your computer, and Mozilla Firefox + AdBlock Plus does an amazing job with malware/spyware.

 

Just my 2 pennies.