Bewildered September 3, 2008 Share Bewildered Member September 3, 2008 (edited) So, my wife's computer is acting up. Windows XP, SP3. Occasionally, when shes idle for a period of time, the machine reboots. Also it appears to hang during shutdown (also occasionally). In the system event viewer, I find the following appears consistent with reboot/hang on shutdown times. The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout. For the hang on shutdown this message appears every hour. Any smart ideas? Edited September 3, 2008 by Bewildered Link to comment Share on other sites More sharing options...
ZeroDamage September 3, 2008 Share ZeroDamage Member September 3, 2008 Download Hijackthis from here, run it and copy+paste the log in a post. http://www.trendsecure.com/portal/en-US/to...ools/hijackthis Link to comment Share on other sites More sharing options...
ZesteR September 3, 2008 Share ZesteR Member September 3, 2008 (edited) Well I was gonna put my 2 cents in, but then u had to go and say this: Any smart ideas? +1 for Hijackthis Edited September 3, 2008 by ZesteR Link to comment Share on other sites More sharing options...
Bewildered September 3, 2008 Author Share Bewildered Member September 3, 2008 Download Hijackthis from here, run it and copy+paste the log in a post. http://www.trendsecure.com/portal/en-US/to...ools/hijackthis See attached. hijackthis.txt Link to comment Share on other sites More sharing options...
ZeroDamage September 3, 2008 Share ZeroDamage Member September 3, 2008 This is a classic spyware infection. Remove these items via Hijackthis first. Spyware Related: R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021YYUS O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe Stuff that isn't really needed and is obviously not advising your wife very well. O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Remove and will reinstall if legit and needed later. O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v47/...GamesLoader.cab O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v45/solit...litairerush.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.25/uploader2.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tba...pointsSetup.exe O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179532521265 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179532578281 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab Start with these things and especially the virus stuff. Another post coming with a few more things to do. Link to comment Share on other sites More sharing options...
ZeroDamage September 3, 2008 Share ZeroDamage Member September 3, 2008 Ok, there is seriously so much junk running on the computer at start up that are probably not being used that it is over the top. First and foremost though is to get rid of that spyware. Close all of your other programs. Disable the antivirus (McAfee is crap anyway. I wouldn't renew and I would actually probably remove it and install something lighter weight and that actually works). Close all of your programs and then download this to your desktop and run it from your desktop. Let it do it's thing and do not interrupt it or run any other apps while it is doing the cleaning. It will get rid of all traces of the mywebsearch junk. Then copy and paste the log of what it did in a post here. http://download.bleepingcomputer.com/sUBs/ComboFix.exe Link to comment Share on other sites More sharing options...
Bewildered September 3, 2008 Author Share Bewildered Member September 3, 2008 Thanks so much ... I'll do this tonight, and report back. P.S. ... what should we use instead of McAfee? I wanted something that would keep itself up-to-date and be maintenance free (for me). Symantec? Link to comment Share on other sites More sharing options...
ZeroDamage September 3, 2008 Share ZeroDamage Member September 3, 2008 After you run the ComboFix.exe and post the log here, restart the computer and install Spybot. Completely update spybot. You will have to right-click on the screen for what you want to update and select all. Then run a complete scan on your computer so it will get anything left behind or that combofix isn't meant to clean off of your wife's PC. Do not install the TeaTimer program as it is more of a headache than anything. Can be useful though if you are having a hard time getting something removed. http://fileforum.betanews.com/detail/Spybo...oy/1043809773/1 If your wife doesn't use firefox, get it installed and show her how to use it. Also explain that "SmileyCentral" is spyware and not to install it, no matter how cool the smilies look. I would seriously consider doing away with McAfee and getting the free AVG or Cujo's pick NOD32 which is a much better anti-virus than anything else out there, it is cheap, and it is easy on the resources. McAfee is as bad as Symantec/Norton now when it comes to how badly it hogs the system. And it is obviously not working too well. After installing Spybot, I would download these tasks and put them in your C:\Windows\Tasks\ Folder. Open each one up and make sure you set your wife's password for each one so that they run. The one titled Spybot Update.Job will run Spybot in the background when your wife logs on and it will update all of the definitions, it will update the immunization database, and then it will all close and she will not see it work. http://dl.getdropbox.com/u/71249/spybot/Spybot%20Update.job This one will actualy run the same thing as above but it will also do a scheduled scan of the system, it will automatically clean the infections, and it will then close all in the background so your wife cannot see it. It can slow the machine down some so it is best to modify it on the Settings tab to run if the machine has only been idle for like 10 minutes and to cease if the machine stop being idle. You can also set it to keep retrying to run if the machine is not busy at the designated scan time. If your wife leaves it on all night normally, then set it to run at like 4 am or something. Otherwise, set it for when she is home and the PC is normally on but you are eating dinner or something. How you want to set it is up to you but know this, it works like a charm. I have this set up on all of my users at work to run at night or during their lunch and the idle settings keep them from being burdened with a slow machine if they happen to work through lunch that day. In two years, there hasn't been a single major virus/spyware outbreak on my 100~ or so users and they all have admin rights (not my decision but in place when I came to the department). This is one of my "secret computer ninja" techniques. Give it a try. http://dl.getdropbox.com/u/71249/spybot/Sp...and%20Clean.job Link to comment Share on other sites More sharing options...
ZeroDamage September 3, 2008 Share ZeroDamage Member September 3, 2008 Thanks so much ... I'll do this tonight, and report back. P.S. ... what should we use instead of McAfee? I wanted something that would keep itself up-to-date and be maintenance free (for me). Symantec? If you do the spybot thing that I have above with the scheduled scans and the automatic immunizations, you will basically have the malware thing taken care of. To compliment that, install the new AVG 8.0 Free and in the program, set a scheduled task to do scans at night if your wife leaves the PC on. Or have her leave it on Friday and Saturday nights for example and schedule the virus scans on those nights. I cannot use AVG on the work machines due to licensing issues but it works great on my wife's machine and my Dad's machine and etc. Works great in combination with the Spybot setup. Just do not schedule them to run at the same time as that can really slow the machine down. http://free.avg.com/ww.download?prd=afe Link to comment Share on other sites More sharing options...
Bewildered September 3, 2008 Author Share Bewildered Member September 3, 2008 Then copy and paste the log of what it did in a post here log.txt Link to comment Share on other sites More sharing options...
Shazz September 3, 2008 Share Shazz Member September 3, 2008 +1 for this thread. Great info ZD. Link to comment Share on other sites More sharing options...
ZeroDamage September 4, 2008 Share ZeroDamage Member September 4, 2008 She had that thing awfully infected. It should run a lot better now. The next steps are to download and run CCleaner. Do the registry one too but just make sure you make a backup and dump it to your my docs or better yet, an external drive like a thumb drive. Then do a full defrag over night. Link to comment Share on other sites More sharing options...
ZeroDamage September 4, 2008 Share ZeroDamage Member September 4, 2008 One more thing you can do is install this which puts an icon in your control panel (works for Vista as well). http://www.mlin.net/StartupCPL.shtml This will let you disable apps from starting with the PC. No need for Steam to start when the PC starts. That includes most of that other crap that I saw on the Hijackthis log. If you install AVG, do not disable those nor the Nvidia items but much of that crap could be disabled such as Instant Messagers and the like. Link to comment Share on other sites More sharing options...
Cujo September 4, 2008 Share Cujo Member September 4, 2008 i for sure recommend nod32. as for all this new junk being released i find malware bytes does a solid job getting rid of it. a quick scan is much quicker than spybot and 95% of the time it gets rid of everything. make sure you disable system restore before you start and then enable it again once you're clean. Link to comment Share on other sites More sharing options...
Bewildered September 4, 2008 Author Share Bewildered Member September 4, 2008 I'm done up through the AVG install. Will run ccleaner tonight then. Link to comment Share on other sites More sharing options...
ZeroDamage September 4, 2008 Share ZeroDamage Member September 4, 2008 i for sure recommend nod32. as for all this new junk being released i find malware bytes does a solid job getting rid of it. a quick scan is much quicker than spybot and 95% of the time it gets rid of everything. make sure you disable system restore before you start and then enable it again once you're clean. Yeah, I use malware bytes as well when the infection is pretty bad and a reinstall isn't an option. In the case of the mywebsearch junk, spybot gets most of it but often leaves a few files behind (at least it used to, probably doesn't now) and combofix gets rid of it for sure. Link to comment Share on other sites More sharing options...
ZeroDamage September 12, 2008 Share ZeroDamage Member September 12, 2008 Did this work out? Link to comment Share on other sites More sharing options...
Bewildered September 12, 2008 Author Share Bewildered Member September 12, 2008 Yep! Link to comment Share on other sites More sharing options...
dragonfly September 12, 2008 Share dragonfly Member September 12, 2008 I made the brand new imac crash yesterday at school using GSP... am I a hero? Link to comment Share on other sites More sharing options...
ZeroDamage September 29, 2008 Share ZeroDamage Member September 29, 2008 To finish up this thread (which should probably be stickied in an organized way because it could be referenced to multiple people). Smart Defrag which will defrag and optimize (which is the setting you should use). http://www.majorgeeks.com/download.php?det=5318 Set up a schedule too so it will do it for you once a week or so and leave the automated thing on so it will do it when your system is idle. Best defrag app I've seen for Windows yet. Link to comment Share on other sites More sharing options...
anonymo September 29, 2008 Share anonymo Member September 29, 2008 I made the brand new imac crash yesterday at school using GSP... am I a hero? Nope, typical user experience. Working as intended...etc. Link to comment Share on other sites More sharing options...
dragonfly September 29, 2008 Share dragonfly Member September 29, 2008 I made the brand new imac crash yesterday at school using GSP... am I a hero? Nope, typical user experience. Working as intended...etc. And last Thursday it's still not working! <3 Link to comment Share on other sites More sharing options...
NorgmaN September 29, 2008 Share NorgmaN Member September 29, 2008 I vote Kaspersky Antivirus, Ad-Aware 2008, CCleaner and Registry Mechanic. I use all 4 every Sunday to make sure my computer is clean. The only programs that I actually NEED to run is CCleaner and RegMech, because Kaspersky blocks just about anything that tries to load onto your computer, and Mozilla Firefox + AdBlock Plus does an amazing job with malware/spyware. Just my 2 pennies. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now