Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

MSN is logging off after about 10 minutes of use

Posted on 2004-11-05
64
Medium Priority
?
333 Views
Last Modified: 2013-12-04
I have a customer that continues to get logged off, the Internet.  This is a big problem.  LOL, usually the experience is right in the middle of, as a matter of fact; usually they have to start all over again. The actual message is - YOU HAVE BEEN DISCONNECTED FROM THE INTERNET.  DO YOU WANT TO RECONNECT?  I have ran Nortons and Lavasoft with no results HELP

A second customer has this -  The Internet will be closing in about so many seconds then the user is logged off this particular system reboots continously.  I have ran Adware SE peraonal and Nortons no results
0
Comment
Question by:JuaritaMoore
  • 41
  • 22
64 Comments
 
LVL 2

Assisted Solution

by:bacvain
bacvain earned 400 total points
ID: 12511664
Are they on Dial-up?

If they get disconect often, did you try to recreated the dial-up connection?
Did you try to reinstall modem drivers???
Did you try to reinstall MSN if the issue happens with MSN only???

For the second customer, did you try to repair the system files with the windows cd?
You said you scanned pc with norton? What norton version is it? 2002, 2003. 2004??? If its not 2004, you dont get updates for virus definitions anymore, so you are getting protected for ealry viruses only not the newer ones.
If thats the case, make online scan.

http://housecall.antivirus.com

Keep me updated!
0
 
LVL 17

Accepted Solution

by:
Lobo042399 earned 1600 total points
ID: 12511797
Hi Juarita,

If on dial-up; I would make sure that they don't have Call Waiting service, and if they do then add the prefix *70 to the dialer to disable call waiting while the machine is connected to the Net.

The second machine sounds more like a real virus or trojan situation if the user actually gets to connect to the Net for a few seconds. I would run a complete system scan with Norton plus one other antivirus afterwards for good measure. AVG or MacAffee is what I'd use. Although, a system rebooting itself could also be indication of a defective or old power supply in the machine. These are set to reset themselves if they reach certain critical temperature.

>>>If its not 2004, you dont get updates for virus definitions anymore

You can get updates even if you're running NAV2001 as long as your subscription service is renewed.

Good Vibes!

Lobo
0
 

Author Comment

by:JuaritaMoore
ID: 12524835
Lobo... here you are again.  "LOL" you must be well rounded.  Yes Nortons is up to date, 2004 it is.  Think about this.  could i put in a routher or maybe a software preventing this customer kids from downloading anything and yet allow the adults to download? Their son play this game Diablo 11 expansion set version 1.07 which keep this kid online for hours.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 17

Expert Comment

by:Lobo042399
ID: 12526316
Hi again Juarita,

Are you following me or what? *L*

What I would do is to put a password to the main account and create a separate one for the kids, with no password and with very limited rights. Having said that, in my W2K environment Diablo won't run if it's not from an acct with admin rights, so there may be some conflict there. Gimme a day to think of an alternate solution (lingo for "consult the magic 8 ball") and I'll get back to you.

Good Vibes!

Lobo
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12527079
Okay, here's what the magic 8 ball told me.  Check this site:

http://www.bardon.com/

This company makes several programs that restrict a user's ability to install software in a machine without your permission. It also monitors the time that a program is used and you can even setup timeouts (great for dealing with kids spending countless hours playing games). It also monitors and logs all websites visited (good to make sure kids are not visiting adult websites) and the Administrator can access all this data plus make changes easily.  There are several programs with different degrees of complexity this company makes, so browse around and see which one(s) would help your clients better. For small kids I like WinU but for older kids or adults you may want to run a more advanced one that preserves the Windows Desktop.

Good Vibes!

Lobo
0
 

Author Comment

by:JuaritaMoore
ID: 12527416
Lobo .. just starting up.  I have clients that are mostly home users.  at this time i support only 2 small companies. Would this product support a home user.  I did take a look at the web site briefly, and noticed that it mostly talks about businesses.  However, the price is right for a home user.  Your imput please
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12527508
Hi Juarita,

I think it does. I haven't tried it myself (haven't had the need to) but was reading at the specs for WinU and it seems perfect for a home computer with small kids. Since they offer a free trial version what I weould do is get it for your clients, run it for a month and if they like it and feel comfortable with it then purchase it.
0
 

Author Comment

by:JuaritaMoore
ID: 12527712
thanks Lobo
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12527853
No problemo.  Did you try the *70 thingie yet?
0
 

Author Comment

by:JuaritaMoore
ID: 12528140
Lobo ... this adware stuff is hitting home user big time inmy neighborhood ... that customer is only getting logged off ... I have three system down with adware,worms and stuff like that.  However, I will give her a call "actually tonight" and set an appointment. I will update you.  In addition, I am not reading all your stuff in full detail.  Yes I will wait for the Diablo II.  That particular system is down with much or stuff that i believe the son is downloading or being give as he shares his "whatever this stuff is that the software create with folks on line. According to Dad he has to restrict this kids two 4 hours. I really do appreciate you.  And I respect your pushy ness
0
 

Author Comment

by:JuaritaMoore
ID: 12528216
Lobo ... this system with the Diablo stuff is fighting ... I am trying to clean the system it has adware all over the place ... I try to run Nortons I get this error message NT Authority Security and it begins to give me a time frame then it shuts down ... Nortons has not been able to complete.  I am troubleshooting this system now after doing some research with you.  Now I am tring to do some of the stuff and I throught I would start with Nortons, then move to ad-ware removals then highjackthis -  after all that I thought the system would be safe then i could deal with this Diablo II stuff.  However, not letting me run Nortons.  HELP i will be trying other stuff until i hear from you
0
 

Author Comment

by:JuaritaMoore
ID: 12528245
Gosh ... This system is very unhappy
0
 

Author Comment

by:JuaritaMoore
ID: 12528274
and is running XP, Version 2002, SP1
0
 

Author Comment

by:JuaritaMoore
ID: 12528284
Lobo ... this system does not even have SP2 ... should i clean it up before installing SP 2 or should i give SP 2 a try.  
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12528430
I would not install SP2 just yet until the system is clean.

Run the standard tools on it, AdAware and Spybot to clean up as much as possible first. Then we're left with the real baddies.

If you could run ProcessExplorer to check all the processes that are running that would be great. Also running HijackThis! but not fixing anyting, just to see what it detects, that would be great. After running it post the generated Log to this URL:

http://www.hijackthis.de/index.php?langselect=english

and give us the resulting URL so that we can go in and look at your Log. I wish it was possible to do with Process Explorer logs, but since it's not... if you can upload its log to your own website or somewhere that we can go in and read it up that would be great.
0
 

Author Comment

by:JuaritaMoore
ID: 12528732
I do have a website. but uploading to it not sure how to do.  Email results? or could i copy and paste into this window hold on let me give it a try
0
 

Author Comment

by:JuaritaMoore
ID: 12528778
first let me run adware and spybot as you requested "suggested" whatever. give me a few
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12528886
okay, posting it here would do; we can ask the PE to remove it when we're finished with it. Email is a no-no at EE.
0
 

Author Comment

by:JuaritaMoore
ID: 12530262
Oppp's OK. I am back and will post in a few.  
0
 

Author Comment

by:JuaritaMoore
ID: 12530327
Logfile of HijackThis v1.98.2
Scan saved at 9:14:20 PM, on 11/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\America Online 9.0g\aoltray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis_198.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://twisted%20window/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [Task Loader] {rdprM@YVO^
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0g\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50099/QDow_AS2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/downloader.ocx
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12530541
Hi Juarita,

There's a few baddies in there, most of them toolbars or sarch hijackers. I'll prepare a full report for you in the morning.

Good Vibes!

Lobo
0
 

Author Comment

by:JuaritaMoore
ID: 12532322
A warm thanks
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12536673
Whew!!  okay, here's the digs:

C:\PROGRA~1\Toolbar\TBPSSvc.exe ------- This is part of the WebSearch Huntbar or Ibis.WinTools toolbar. Bad guy. Removable with Giant Antispyware.

C:\Program Files\Common Files\WinTools\WToolsS.exe ------  Same

C:\PROGRA~1\Toolbar\TBPS.exe ----- Same

C:\PROGRA~1\Toolbar\PIB.exe ------ same

C:\Program Files\AOL Companion\companion.exe -----  Not sure about this one. If your client installed this AOL Companion then leave it.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa ------------- part of the same toolbar hijacker as the previous ones.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa ----------------- same

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://twisted%20window/  ---------  not sure about this one. If your client doesn't know this URL then it should be removed (the URL redirects to the browser's default Search page)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0. ------- unless your client is using the browser's Proxy settings for IP masking this should not be there.

R3 - Default URLSearchHook is missing -----  should be fixed.

O2 - BHO: (no name) - SOFTWARE - (no file) ---- very suspicious. Should not be there.

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dl --------- This is a toolbar addon that pays you $$$ for viewing ads. If your client didn't install it then it should be removed.

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll -------  Also part of the WebSearch Huntbar or Ibis.WinTools toolbar. Bad guy.

O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe  ------  another toolbar hijacker. Removable with Giant Antispyware.

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe ----  Also part of the WebSearch Huntbar or Ibis.WinTools toolbar.

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe ----- same

O4 - HKLM\..\RunServices: [Task Loader] {rdprM@YVO^  -----  VERY suspicious. Should be removed.

O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe ------ Also part of the WebSearch Huntbar or Ibis.WinTools toolbar.

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029 ------  MyWebSearch hijacker. Baaaad.

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab -----  BAD guy. Not sure what the URL is but when I loaded it in my browser it shrunk it to a 1x1 inch square and could not be resized up.

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50099/QDow_AS2.cab -----  MyWebSearch. Bad.

O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/downloader.ocx ----- SpyBouncer is a hoax. If your client installed it it should be removed. It reports false positives and makes you purchase the fixes.

-------------------

Okay, so a couple of those (Ibis and WinTools) can be removed easily using Giant Antispyware (http://www.giantcompany.com) free download. I believe MyWebSearch can be removed from Settings>ControlPanel>Add/Remove Software but it can also be removed using Giant.

This is what I'd do. Download Giant, run it in that machine and let it cleanup as much as it can. See if you can remove MyWebSearch from the Control Panel. After that is done, run HijackThis! again and let it clean the remaining baddies, specially the following:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O4 - HKLM\..\RunServices: [Task Loader] {rdprM@YVO^
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab

and that Twisted Window one which looks very suspicious.

Let's see how that goes.  Good Vibes!

Lobo
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12536678
Oh, and don't forget to uninstall SpyBouncer.
0
 

Author Comment

by:JuaritaMoore
ID: 12540984
K ... starting to work on this now
0
 

Author Comment

by:JuaritaMoore
ID: 12540988
Oh... thanks.  Will brb
0
 

Author Comment

by:JuaritaMoore
ID: 12543746
Was able to do much of the work... However, This system reboots after about 5 minutes of running Ad-Adware SE Personal.  Ad-Adware is finding stuff.  But because of the reboot I am unable to clean it further.  System is better but not stable.  Ran the Giant Anitvirus and Hijackthis now working with Lavasoft.  
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12547145
Hi Juarita,

 A reboot seems to indicate that a trojan is loaded and trying to prevent AdAware from doing its job. Suggestion:  Run it in Safe Mode.  If that doesn't work, let me know and I'll guide you though using Process Explorer or KillBox to stop the process that is rebooting the machine.

Good Vibes!

Lobo
0
 

Author Comment

by:JuaritaMoore
ID: 12549122
You are the best... OK
0
 

Author Comment

by:JuaritaMoore
ID: 12549221
Unable to run Lavasoft... actually, this system reboots a lot sooner in Safemode.  
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12549267
Okay. This may sound strange but....  disconnect the machine from the net and reboot. If that works then we have a smart Process that we can kill with ProcessExplorer and KillBox.
0
 

Author Comment

by:JuaritaMoore
ID: 12550446
Uh Hum... disconnect the machine from the net and reboot? If what works, what in the heck am i trying?
0
 

Author Comment

by:JuaritaMoore
ID: 12550481
am i trying to just disconnet the machine from the Network and then turn it off and back on
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12550627
*L* Sorry, the idea is to see if the machine stays running when it's not connected to the Net; I've seen trojans do that.
0
 

Author Comment

by:JuaritaMoore
ID: 12550948
Lobo after disconnecting the local system from the Wireless Network, 1. removing the 80211.B Netgear adapter and running Ad-Adware pro, the system reboots around the same folders.  I will have found about 29 critical files and then the counting starts 30, 31, 32 and so on until it reaches about 129 then it will reboot around the folders indicated as follows: c:\document and Settings\owner\desktop\username\00190-7492696.~ it s here that the system stays and finds many defective files. Reboots and here i am again.  I tried to run Ad-adware 4 times and this happens at the same location with the same amount of detected folders and so on.
0
 

Author Comment

by:JuaritaMoore
ID: 12550967
also... durng cleanup i did have to remove folders on the C:\ dirive that did not look normal to me the folers were had very long names and they consist of numbers also on this same c:\ drive I had to remove duplicate folders name Windows with funny sysmbols after them... These folders were Windows, Program files it was about three of each in addition to the actual Windows file and Program files folders these folders I deleted were empty.  This system is a mess can those software you mentioned earlier do the trick
0
 

Author Comment

by:JuaritaMoore
ID: 12550977
In otherwords this system had made duplicate Windows folders and Program file folders with weird names that were empty
0
 

Author Comment

by:JuaritaMoore
ID: 12550982
Gosh after all this work should i re-install or what?  I was hoping to resolve the issue saving folders
0
 

Author Comment

by:JuaritaMoore
ID: 12551000
Is ProcessExplorer a software and what is KillBox a software as well?
0
 

Author Comment

by:JuaritaMoore
ID: 12551041
I took a look at the link you sent me to the your tools and now I see what processExplorer is and killbox is.  LOL. Had the information all the time.  However, i will wait for you to assist me
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12551077
sometimes temporary folders that are created during a program installation are not properly deleted. These folder usually have long names and it's up to the program installer to cleanup after itself when it;s done. Some installers don't do a good cleanup job and leave behind those temporary folders with pieces of the installation process, sometimes empty, sometimes packed with stuff you no longer need. Removing them generally has no effect in a machine's performance since they are "leftovers".

About the c:\document and Settings\owner\desktop\username\00190-7492696.~ folders. I would first try renaming them by adding the word OLD to the beginning of the name...  i.e. "00190-7492696.~" becomes "OLD00190-7492696.~" and so.  This just to see if they are actually doing something to Windows itself. I would also take a look inside these folders with good old Windows Explorer. See if anything inside looks suspicious.

Let me know when you're ready to start the Process Explorer task.
0
 

Author Comment

by:JuaritaMoore
ID: 12551229
Lobo, I am ready to start this process/procedure
0
 

Author Comment

by:JuaritaMoore
ID: 12551266
I am ready to start this process explorer task.  I will be working from another system so give me a little time after you give me this first step/s
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12551289
okay, one more before we get any deeper.....  There is a chance that we can clean most of the stuff reported by HJT using Giant Spyware. Would you mind downloading it and giving it a shot? the URL is:

http://www.giantcompany.com/(g1eevyn0do3kzo45v5ar41jp)/download.aspx?prodID=70
0
 

Author Comment

by:JuaritaMoore
ID: 12551353
I have already used this AntiVirus on this system it no longer finds anything.  However, I ran it again with no results
0
 

Author Comment

by:JuaritaMoore
ID: 12551366
In addition, this system will not re-boot while running this software.
0
 

Author Comment

by:JuaritaMoore
ID: 12551390
Hold on, it is finding some stuff... I will let it finish and then try to clean and then run Ad-adware again
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12551444
okay
0
 

Author Comment

by:JuaritaMoore
ID: 12551651
Lobo... Giant has been scanning the desktop for about 10 minutes now at the same file location 8369 should i continue to let it scan or should we stop it and try ProcessExplorer
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12551664
please write down the location of that file, the full path....  we'll see if Process Explorer finds anything in the same folder. I'd say leave Giant run for another 5 and then terminate it.
0
 

Author Comment

by:JuaritaMoore
ID: 12551665
it was at this location that ad-adware se would re-boot.
0
 

Author Comment

by:JuaritaMoore
ID: 12551695
I was able to clean out some files with Giant - however, adware se still not happy.  I consider myself ready
0
 

Author Comment

by:JuaritaMoore
ID: 12551700
LETS GO
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12551801
okay. First make sure machine is disconnected from the Net (unplug modem or network cable) and System Restore is disabled. Run Process Explorer (no need to install it). You will see a window displaying all the Processes currently running in the machine. Look for anything suspicious there. you can double-click on any Process for detailed info on each one. Go to File>Save and save a log. It'll save a TXT file in the same folder where Process Explorer is. Please copy-and-paste the contents of that log here.
0
 

Author Comment

by:JuaritaMoore
ID: 12551805
File name: Ad-Adware Se = c:\DocumentsandSettings\Owner\Desktop\Username\00190-7492696.~  Giants = C:\DocumentsandSettings|Owner|Desktop\Username
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12551845
cool, looks like we have a winner
0
 

Author Comment

by:JuaritaMoore
ID: 12551850
I have an idea ... l back up this file and delete if from the desktop. Hold on
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12551874
k
0
 

Author Comment

by:JuaritaMoore
ID: 12552032
I will take a time out and talk to my client.  Will get back tomorrow.  Good night
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12552080
okay. Have a good night.
0
 

Author Comment

by:JuaritaMoore
ID: 12561395
Lobo I am ready to do the ProcessExplorer
0
 

Author Comment

by:JuaritaMoore
ID: 12561400
see question ProcessExplorer this one has to much stuff
0
 

Author Comment

by:JuaritaMoore
ID: 12561402
Hello...
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12562132
okay, sorry... had guests at home.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month10 days, 13 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question