Booted off Internet After 5-10 Minutes

Discussion in 'Computer Support' started by jbones76, Mar 23, 2006.

  1. jbones76

    jbones76 Guest

    I'm posting this trying to help out my sister. She's running XP and
    using IE6 connecting to the net via cable modem. At first, she
    continuously got a pop-up stating "WinAntivirus Pro 2006", but was able
    to stop it by using Ad-Aware and Spybot to remove a couple programs.
    Norton scans clean. Since then she gets booted off the net every 5-10
    minutes or so. A copy of the HijackThis log follows:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:58:09 PM, on 3/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\Microsoft Location Finder\LocationFinder.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\SHERI&~1\LOCALS~1\Temp\Temporary Directory 8 for
    hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    \blank.htm
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch
    Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch
    Jukebox\mimboot.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO
    Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program
    Files\PCPitstop\Erase\PCPitStopErase.exe /remindme
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
    Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
    Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
    Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program
    Files\Microsoft Location Finder\LocationFinder.exe"
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
    Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word -
    res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program
    Files\Google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page -
    res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program
    Files\Google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English -
    res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
    - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
    http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
    http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl
    Class) -
    http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
    Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
    http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader
    Class) -
    http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer
    ActiveX Control) - http://download.toontown.com/sv1.0.15.38/ttinst.cab
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer
    Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4650/mcfscan.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: DefWatch - Symantec Corporation -
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common
    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
    Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) -
    Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Any help is appreciated. Thanks.

    -JB
     
    jbones76, Mar 23, 2006
    #1
    1. Advertisements

  2. jbones76

    Jimchip Guest

    [snip]
    I'm not going to try to decipher the log file, simply because I don't know
    enough about XP processes, if one of those is the problem.

    My suggestion is based on the comment " Since then she gets booted off the net
    every 5-10 minutes or so"

    I know of a similar thing and it simply required running the network wizard to
    reset some parameters (whatever they are) after a cleanup similar to what you
    describe.
     
    Jimchip, Mar 23, 2006
    #2
    1. Advertisements

  3. jbones76

    samuel Guest

    wrote in

    check it out here
    http://hijackthis.de/index.php?langselect=english
     
    samuel, Mar 23, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.