MSN is logging off after about 10 minutes of use

I have a customer that continues to get logged off, the Internet.  This is a big problem.  LOL, usually the experience is right in the middle of, as a matter of fact; usually they have to start all over again. The actual message is - YOU HAVE BEEN DISCONNECTED FROM THE INTERNET.  DO YOU WANT TO RECONNECT?  I have ran Nortons and Lavasoft with no results HELP

A second customer has this -  The Internet will be closing in about so many seconds then the user is logged off this particular system reboots continously.  I have ran Adware SE peraonal and Nortons no results
JuaritaMooreAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bacvainCommented:
Are they on Dial-up?

If they get disconect often, did you try to recreated the dial-up connection?
Did you try to reinstall modem drivers???
Did you try to reinstall MSN if the issue happens with MSN only???

For the second customer, did you try to repair the system files with the windows cd?
You said you scanned pc with norton? What norton version is it? 2002, 2003. 2004??? If its not 2004, you dont get updates for virus definitions anymore, so you are getting protected for ealry viruses only not the newer ones.
If thats the case, make online scan.

http://housecall.antivirus.com

Keep me updated!
0
Lobo042399Commented:
Hi Juarita,

If on dial-up; I would make sure that they don't have Call Waiting service, and if they do then add the prefix *70 to the dialer to disable call waiting while the machine is connected to the Net.

The second machine sounds more like a real virus or trojan situation if the user actually gets to connect to the Net for a few seconds. I would run a complete system scan with Norton plus one other antivirus afterwards for good measure. AVG or MacAffee is what I'd use. Although, a system rebooting itself could also be indication of a defective or old power supply in the machine. These are set to reset themselves if they reach certain critical temperature.

>>>If its not 2004, you dont get updates for virus definitions anymore

You can get updates even if you're running NAV2001 as long as your subscription service is renewed.

Good Vibes!

Lobo
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JuaritaMooreAuthor Commented:
Lobo... here you are again.  "LOL" you must be well rounded.  Yes Nortons is up to date, 2004 it is.  Think about this.  could i put in a routher or maybe a software preventing this customer kids from downloading anything and yet allow the adults to download? Their son play this game Diablo 11 expansion set version 1.07 which keep this kid online for hours.
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Lobo042399Commented:
Hi again Juarita,

Are you following me or what? *L*

What I would do is to put a password to the main account and create a separate one for the kids, with no password and with very limited rights. Having said that, in my W2K environment Diablo won't run if it's not from an acct with admin rights, so there may be some conflict there. Gimme a day to think of an alternate solution (lingo for "consult the magic 8 ball") and I'll get back to you.

Good Vibes!

Lobo
0
Lobo042399Commented:
Okay, here's what the magic 8 ball told me.  Check this site:

http://www.bardon.com/

This company makes several programs that restrict a user's ability to install software in a machine without your permission. It also monitors the time that a program is used and you can even setup timeouts (great for dealing with kids spending countless hours playing games). It also monitors and logs all websites visited (good to make sure kids are not visiting adult websites) and the Administrator can access all this data plus make changes easily.  There are several programs with different degrees of complexity this company makes, so browse around and see which one(s) would help your clients better. For small kids I like WinU but for older kids or adults you may want to run a more advanced one that preserves the Windows Desktop.

Good Vibes!

Lobo
0
JuaritaMooreAuthor Commented:
Lobo .. just starting up.  I have clients that are mostly home users.  at this time i support only 2 small companies. Would this product support a home user.  I did take a look at the web site briefly, and noticed that it mostly talks about businesses.  However, the price is right for a home user.  Your imput please
0
Lobo042399Commented:
Hi Juarita,

I think it does. I haven't tried it myself (haven't had the need to) but was reading at the specs for WinU and it seems perfect for a home computer with small kids. Since they offer a free trial version what I weould do is get it for your clients, run it for a month and if they like it and feel comfortable with it then purchase it.
0
JuaritaMooreAuthor Commented:
thanks Lobo
0
Lobo042399Commented:
No problemo.  Did you try the *70 thingie yet?
0
JuaritaMooreAuthor Commented:
Lobo ... this adware stuff is hitting home user big time inmy neighborhood ... that customer is only getting logged off ... I have three system down with adware,worms and stuff like that.  However, I will give her a call "actually tonight" and set an appointment. I will update you.  In addition, I am not reading all your stuff in full detail.  Yes I will wait for the Diablo II.  That particular system is down with much or stuff that i believe the son is downloading or being give as he shares his "whatever this stuff is that the software create with folks on line. According to Dad he has to restrict this kids two 4 hours. I really do appreciate you.  And I respect your pushy ness
0
JuaritaMooreAuthor Commented:
Lobo ... this system with the Diablo stuff is fighting ... I am trying to clean the system it has adware all over the place ... I try to run Nortons I get this error message NT Authority Security and it begins to give me a time frame then it shuts down ... Nortons has not been able to complete.  I am troubleshooting this system now after doing some research with you.  Now I am tring to do some of the stuff and I throught I would start with Nortons, then move to ad-ware removals then highjackthis -  after all that I thought the system would be safe then i could deal with this Diablo II stuff.  However, not letting me run Nortons.  HELP i will be trying other stuff until i hear from you
0
JuaritaMooreAuthor Commented:
Gosh ... This system is very unhappy
0
JuaritaMooreAuthor Commented:
and is running XP, Version 2002, SP1
0
JuaritaMooreAuthor Commented:
Lobo ... this system does not even have SP2 ... should i clean it up before installing SP 2 or should i give SP 2 a try.  
0
Lobo042399Commented:
I would not install SP2 just yet until the system is clean.

Run the standard tools on it, AdAware and Spybot to clean up as much as possible first. Then we're left with the real baddies.

If you could run ProcessExplorer to check all the processes that are running that would be great. Also running HijackThis! but not fixing anyting, just to see what it detects, that would be great. After running it post the generated Log to this URL:

http://www.hijackthis.de/index.php?langselect=english

and give us the resulting URL so that we can go in and look at your Log. I wish it was possible to do with Process Explorer logs, but since it's not... if you can upload its log to your own website or somewhere that we can go in and read it up that would be great.
0
JuaritaMooreAuthor Commented:
I do have a website. but uploading to it not sure how to do.  Email results? or could i copy and paste into this window hold on let me give it a try
0
JuaritaMooreAuthor Commented:
first let me run adware and spybot as you requested "suggested" whatever. give me a few
0
Lobo042399Commented:
okay, posting it here would do; we can ask the PE to remove it when we're finished with it. Email is a no-no at EE.
0
JuaritaMooreAuthor Commented:
Oppp's OK. I am back and will post in a few.  
0
JuaritaMooreAuthor Commented:
Logfile of HijackThis v1.98.2
Scan saved at 9:14:20 PM, on 11/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\America Online 9.0g\aoltray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis_198.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://twisted%20window/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [Task Loader] {rdprM@YVO^
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0g\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50099/QDow_AS2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/downloader.ocx
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

0
Lobo042399Commented:
Hi Juarita,

There's a few baddies in there, most of them toolbars or sarch hijackers. I'll prepare a full report for you in the morning.

Good Vibes!

Lobo
0
JuaritaMooreAuthor Commented:
A warm thanks
0
Lobo042399Commented:
Whew!!  okay, here's the digs:

C:\PROGRA~1\Toolbar\TBPSSvc.exe ------- This is part of the WebSearch Huntbar or Ibis.WinTools toolbar. Bad guy. Removable with Giant Antispyware.

C:\Program Files\Common Files\WinTools\WToolsS.exe ------  Same

C:\PROGRA~1\Toolbar\TBPS.exe ----- Same

C:\PROGRA~1\Toolbar\PIB.exe ------ same

C:\Program Files\AOL Companion\companion.exe -----  Not sure about this one. If your client installed this AOL Companion then leave it.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa ------------- part of the same toolbar hijacker as the previous ones.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa ----------------- same

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://twisted%20window/  ---------  not sure about this one. If your client doesn't know this URL then it should be removed (the URL redirects to the browser's default Search page)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0. ------- unless your client is using the browser's Proxy settings for IP masking this should not be there.

R3 - Default URLSearchHook is missing -----  should be fixed.

O2 - BHO: (no name) - SOFTWARE - (no file) ---- very suspicious. Should not be there.

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dl --------- This is a toolbar addon that pays you $$$ for viewing ads. If your client didn't install it then it should be removed.

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll -------  Also part of the WebSearch Huntbar or Ibis.WinTools toolbar. Bad guy.

O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe  ------  another toolbar hijacker. Removable with Giant Antispyware.

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe ----  Also part of the WebSearch Huntbar or Ibis.WinTools toolbar.

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe ----- same

O4 - HKLM\..\RunServices: [Task Loader] {rdprM@YVO^  -----  VERY suspicious. Should be removed.

O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe ------ Also part of the WebSearch Huntbar or Ibis.WinTools toolbar.

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029 ------  MyWebSearch hijacker. Baaaad.

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab -----  BAD guy. Not sure what the URL is but when I loaded it in my browser it shrunk it to a 1x1 inch square and could not be resized up.

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50099/QDow_AS2.cab -----  MyWebSearch. Bad.

O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/downloader.ocx ----- SpyBouncer is a hoax. If your client installed it it should be removed. It reports false positives and makes you purchase the fixes.

-------------------

Okay, so a couple of those (Ibis and WinTools) can be removed easily using Giant Antispyware (http://www.giantcompany.com) free download. I believe MyWebSearch can be removed from Settings>ControlPanel>Add/Remove Software but it can also be removed using Giant.

This is what I'd do. Download Giant, run it in that machine and let it cleanup as much as it can. See if you can remove MyWebSearch from the Control Panel. After that is done, run HijackThis! again and let it clean the remaining baddies, specially the following:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O4 - HKLM\..\RunServices: [Task Loader] {rdprM@YVO^
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab

and that Twisted Window one which looks very suspicious.

Let's see how that goes.  Good Vibes!

Lobo
0
Lobo042399Commented:
Oh, and don't forget to uninstall SpyBouncer.
0
JuaritaMooreAuthor Commented:
K ... starting to work on this now
0
JuaritaMooreAuthor Commented:
Oh... thanks.  Will brb
0
JuaritaMooreAuthor Commented:
Was able to do much of the work... However, This system reboots after about 5 minutes of running Ad-Adware SE Personal.  Ad-Adware is finding stuff.  But because of the reboot I am unable to clean it further.  System is better but not stable.  Ran the Giant Anitvirus and Hijackthis now working with Lavasoft.  
0
Lobo042399Commented:
Hi Juarita,

 A reboot seems to indicate that a trojan is loaded and trying to prevent AdAware from doing its job. Suggestion:  Run it in Safe Mode.  If that doesn't work, let me know and I'll guide you though using Process Explorer or KillBox to stop the process that is rebooting the machine.

Good Vibes!

Lobo
0
JuaritaMooreAuthor Commented:
You are the best... OK
0
JuaritaMooreAuthor Commented:
Unable to run Lavasoft... actually, this system reboots a lot sooner in Safemode.  
0
Lobo042399Commented:
Okay. This may sound strange but....  disconnect the machine from the net and reboot. If that works then we have a smart Process that we can kill with ProcessExplorer and KillBox.
0
JuaritaMooreAuthor Commented:
Uh Hum... disconnect the machine from the net and reboot? If what works, what in the heck am i trying?
0
JuaritaMooreAuthor Commented:
am i trying to just disconnet the machine from the Network and then turn it off and back on
0
Lobo042399Commented:
*L* Sorry, the idea is to see if the machine stays running when it's not connected to the Net; I've seen trojans do that.
0
JuaritaMooreAuthor Commented:
Lobo after disconnecting the local system from the Wireless Network, 1. removing the 80211.B Netgear adapter and running Ad-Adware pro, the system reboots around the same folders.  I will have found about 29 critical files and then the counting starts 30, 31, 32 and so on until it reaches about 129 then it will reboot around the folders indicated as follows: c:\document and Settings\owner\desktop\username\00190-7492696.~ it s here that the system stays and finds many defective files. Reboots and here i am again.  I tried to run Ad-adware 4 times and this happens at the same location with the same amount of detected folders and so on.
0
JuaritaMooreAuthor Commented:
also... durng cleanup i did have to remove folders on the C:\ dirive that did not look normal to me the folers were had very long names and they consist of numbers also on this same c:\ drive I had to remove duplicate folders name Windows with funny sysmbols after them... These folders were Windows, Program files it was about three of each in addition to the actual Windows file and Program files folders these folders I deleted were empty.  This system is a mess can those software you mentioned earlier do the trick
0
JuaritaMooreAuthor Commented:
In otherwords this system had made duplicate Windows folders and Program file folders with weird names that were empty
0
JuaritaMooreAuthor Commented:
Gosh after all this work should i re-install or what?  I was hoping to resolve the issue saving folders
0
JuaritaMooreAuthor Commented:
Is ProcessExplorer a software and what is KillBox a software as well?
0
JuaritaMooreAuthor Commented:
I took a look at the link you sent me to the your tools and now I see what processExplorer is and killbox is.  LOL. Had the information all the time.  However, i will wait for you to assist me
0
Lobo042399Commented:
sometimes temporary folders that are created during a program installation are not properly deleted. These folder usually have long names and it's up to the program installer to cleanup after itself when it;s done. Some installers don't do a good cleanup job and leave behind those temporary folders with pieces of the installation process, sometimes empty, sometimes packed with stuff you no longer need. Removing them generally has no effect in a machine's performance since they are "leftovers".

About the c:\document and Settings\owner\desktop\username\00190-7492696.~ folders. I would first try renaming them by adding the word OLD to the beginning of the name...  i.e. "00190-7492696.~" becomes "OLD00190-7492696.~" and so.  This just to see if they are actually doing something to Windows itself. I would also take a look inside these folders with good old Windows Explorer. See if anything inside looks suspicious.

Let me know when you're ready to start the Process Explorer task.
0
JuaritaMooreAuthor Commented:
Lobo, I am ready to start this process/procedure
0
JuaritaMooreAuthor Commented:
I am ready to start this process explorer task.  I will be working from another system so give me a little time after you give me this first step/s
0
Lobo042399Commented:
okay, one more before we get any deeper.....  There is a chance that we can clean most of the stuff reported by HJT using Giant Spyware. Would you mind downloading it and giving it a shot? the URL is:

http://www.giantcompany.com/(g1eevyn0do3kzo45v5ar41jp)/download.aspx?prodID=70
0
JuaritaMooreAuthor Commented:
I have already used this AntiVirus on this system it no longer finds anything.  However, I ran it again with no results
0
JuaritaMooreAuthor Commented:
In addition, this system will not re-boot while running this software.
0
JuaritaMooreAuthor Commented:
Hold on, it is finding some stuff... I will let it finish and then try to clean and then run Ad-adware again
0
Lobo042399Commented:
okay
0
JuaritaMooreAuthor Commented:
Lobo... Giant has been scanning the desktop for about 10 minutes now at the same file location 8369 should i continue to let it scan or should we stop it and try ProcessExplorer
0
Lobo042399Commented:
please write down the location of that file, the full path....  we'll see if Process Explorer finds anything in the same folder. I'd say leave Giant run for another 5 and then terminate it.
0
JuaritaMooreAuthor Commented:
it was at this location that ad-adware se would re-boot.
0
JuaritaMooreAuthor Commented:
I was able to clean out some files with Giant - however, adware se still not happy.  I consider myself ready
0
JuaritaMooreAuthor Commented:
LETS GO
0
Lobo042399Commented:
okay. First make sure machine is disconnected from the Net (unplug modem or network cable) and System Restore is disabled. Run Process Explorer (no need to install it). You will see a window displaying all the Processes currently running in the machine. Look for anything suspicious there. you can double-click on any Process for detailed info on each one. Go to File>Save and save a log. It'll save a TXT file in the same folder where Process Explorer is. Please copy-and-paste the contents of that log here.
0
JuaritaMooreAuthor Commented:
File name: Ad-Adware Se = c:\DocumentsandSettings\Owner\Desktop\Username\00190-7492696.~  Giants = C:\DocumentsandSettings|Owner|Desktop\Username
0
Lobo042399Commented:
cool, looks like we have a winner
0
JuaritaMooreAuthor Commented:
I have an idea ... l back up this file and delete if from the desktop. Hold on
0
Lobo042399Commented:
k
0
JuaritaMooreAuthor Commented:
I will take a time out and talk to my client.  Will get back tomorrow.  Good night
0
Lobo042399Commented:
okay. Have a good night.
0
JuaritaMooreAuthor Commented:
Lobo I am ready to do the ProcessExplorer
0
JuaritaMooreAuthor Commented:
see question ProcessExplorer this one has to much stuff
0
JuaritaMooreAuthor Commented:
Hello...
0
Lobo042399Commented:
okay, sorry... had guests at home.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.