Can Only Access Internet In Safe Mode

[BlackBike]

Hi Again,
I just tried to access the internet with the Wireless capability disabled and the ethernet cable pluged in. Everything was just the same.
I should mention again that in the normal mode, the computer does connect somewhat to the internet. I have a program called "CallWave" and once the connection is complete (both wireless and wired) the program opens and works. (CallWave is an online telephone answering service) Furthermore, at least once since this problem started I have recieved Microsoft updates via the automatic download. Finally, the internet access through a browser was working until one day it just didn't. Since this isn't my computer, I don't know what the kids did just before the problem happened, and they can't seem to remember.
It may not help, but I ran a connection diagnostic while the Firewall was disabled, the Wireless was disabled, and only the ethernet connection was working. Here is that report:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Last diagnostic run time: 03/03/09 17:55:35
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.
info Redirecting user to support call

DNS Client Diagnostic
DNS - Not a home user scenario

info Using Web Proxy: no
info Resolving name ok for (www.microsoft.com): yes
No DNS servers

DNS failure


Gateway Diagnostic
Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.104
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
info TCP port 80 on host 207.46.19.190 was successfully reached
info The Internet host www.microsoft.com was successfully reached
info The default gateway is OK

IP Layer Diagnostic
Corrupted IP routing table

info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries

action The ARP cache has been flushed

IP Configuration Diagnostic
Invalid IP address

info Valid IP address detected: 192.168.1.104

Wireless Diagnostic
Wireless - Service disabled

Wireless - User SSID

Wireless - First time setup

Wireless - Radio off

Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR


WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=VIA Compatable Fast Ethernet Adapter, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Wireless Network Connection, Device=Linksys Wireless-G PCI Network Adapter with SpeedBooster, MediaType=LAN, SubMediaType=WIRELESS
info Both Ethernet and Wireless connections available, prompting user for selection
action User input required: Select network connection
info Ethernet connection selected
Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.

[Blade81]

Hi

Please download and run Winsock xp fix. Tell me if that helped.

[BlackBike]

First Of All,
I want to thank you again for your help. Of course, with that type of beginning, you may be able to guess what I'm about to write next; The Winsock application didn't appear to work. I still am unable to access the internet through browsers while in Normal mode.
Is there something else I can try?

[Blade81]

Hi

Let's see if this finds anything.


Download GMER and save it your desktop:

• Extract it to your desktop and double-click GMER.exe
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log & a fresh dds.txt contents in your reply.

[BlackBike]

Thanks,

I have attached the results of the GMER, as well as the the DDS.txt file I ran afterwards. I look forward to your reply.

GMER 1.0.15.14833 - http://www.gmer.net
Rootkit scan 2009-03-07 13:14:22
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 82E10310 ZwConnectPort

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



DDS (Ver_09-02-01.01) - NTFSx86
Run by Dillon at 13:15:39.50 on Sat 03/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.144 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
G:\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {430DDB4F-38CC-4E91-AF33-4157334EC937} - No File
TB: {4E7BD74F-2B8D-469E-88A9-EB6DA381A928} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\dillon\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OUTLOOK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\callwave.lnk - c:\program files\callwave\IAM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://usfulfillment.puretracks.com/onager.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235612405750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
S3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [2006-5-27 17376]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2009-03-07 08:57 16,384 a------t c:\temp\Perflib_Perfdata_55c.dat
2009-03-05 18:07 16,384 a------t c:\temp\Perflib_Perfdata_7ec.dat
2009-03-03 17:48 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-03-03 17:48 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-03-03 17:48 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-03-03 17:48 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-03-03 17:48 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-03-03 17:48 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-03-01 13:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-01 13:43 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-01 13:23 35,262 a------- c:\windows\Administrator.acl
2009-02-28 17:28 161,792 a------- c:\windows\SWREG.exe
2009-02-28 17:28 98,816 a------- c:\windows\sed.exe
2009-02-25 19:31 8,074 a------- c:\windows\extend.dat
2009-02-25 19:29 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Avg8
2009-02-25 18:47 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-21 23:58 <DIR> --d----- c:\program files\Trend Micro
2009-02-21 23:52 <DIR> --d----- c:\program files\Innovative Solutions
2009-02-21 23:15 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-02-21 17:29 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-21 17:29 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-21 17:29 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-21 17:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 17:26 <DIR> --d----- c:\temp\WPDNSE
2009-02-21 16:59 <DIR> -cdsh--- c:\documents and settings\dillon\IECompatCache
2009-02-21 16:57 <DIR> -cdsh--- c:\documents and settings\dillon\PrivacIE
2009-02-21 16:57 <DIR> -cdsh--- c:\documents and settings\dillon\IETldCache
2009-02-21 16:50 <DIR> --d----- c:\windows\ie8updates
2009-02-21 16:45 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-21 13:26 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-21 13:26 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-21 13:26 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-21 13:26 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-21 13:26 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-21 13:26 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-21 13:26 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-20 22:31 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-20 20:10 <DIR> --d----- c:\program files\Mozilla Firefox(2)

==================== Find3M ====================

2009-01-05 21:39 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-01-02 11:38 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll
2007-09-11 21:33 5,471,581 ac------ c:\program files\acstudio.exe
2003-08-29 13:12 61,440 ac------ c:\windows\inf\i386\Viz7300.dll
2003-08-29 13:12 17,376 ac------ c:\windows\inf\i386\Gt680x.sys
2001-09-28 17:00 164,864 a------- c:\program files\UNWISE.EXE

============= FINISH: 13:15:56.60 ===============

[Blade81]

Hi

Nothing out of ordinary there. Your log shows signs of ZoneAlarm. Did you have it installed when this connection problem began to occur? Please see topic here.

[BlackBike]

Wow,

I thought I had deleted all parts of Zone Alarm months ago. Yes, I did have Zone Alarm Security Suite installed on my son's computer. However, several months ago it would not update on his computer. I spent several days trying to figure out why, but finally gave up and used AVG Free instead. I remember that it was kinda difficult to completely uninstall Zone Alarm, and thought that I had removed all parts of it. Obviously, from the info in the link you sent me, I had not.

All of this was done months before this problem of internt access occured. In fact, I think this current problem is tied more to a recent Windows security update. Before I started trying to fix this problem, I could go back to a previous system setting (using Restore) and the system would access the internet just fine (without the Windows update). But, because I read about how important that update was, I tried several ways to keep the update AND keep intenet access. Unfortunately, one of the first ways I tried wiped out my earlier system Restore points, so I can't go back to a time before the Windows system update.

Anyway, I think I have removed all parts of Zone Alarm now. I know you didn't request it, but I also re-ran the GMER and DDS applications again and posted the resulting log files. Hopefully, all traces of Zone Alarm are gone now. Still no internet access in the Normal mode, but in the Safe mode I can access the internet though a browser.

GMER 1.0.15.14833 - http://www.gmer.net
Rootkit scan 2009-03-08 16:31:35
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 82C97180 ZwConnectPort

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


DDS (Ver_09-02-01.01) - NTFSx86
Run by Dillon at 16:32:47.90 on Sun 03/08/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.203 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wscntfy.exe
G:\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {430DDB4F-38CC-4E91-AF33-4157334EC937} - No File
TB: {4E7BD74F-2B8D-469E-88A9-EB6DA381A928} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\dillon\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OUTLOOK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\callwave.lnk - c:\program files\callwave\IAM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://usfulfillment.puretracks.com/onager.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235612405750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
S3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [2006-5-27 17376]

=============== Created Last 30 ================

2009-03-08 13:11 16,384 a------t c:\temp\Perflib_Perfdata_558.dat
2009-03-08 13:10 16,384 a------t c:\temp\Perflib_Perfdata_670.dat
2009-03-08 13:05 16,384 a------t c:\temp\Perflib_Perfdata_a40.dat
2009-03-07 15:15 86,016 a------- c:\windows\unvise32qt.exe
2009-03-07 15:15 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-07 15:15 1,409 a------- c:\windows\QTFont.for
2009-03-07 15:15 <DIR> --d----- c:\windows\system32\QuickTime
2009-03-07 14:22 2,882,814 a------- c:\windows\eUninstall.exe
2009-03-07 13:47 <DIR> --d----- c:\program files\eKnowledge
2009-03-07 13:22 25 a------- c:\windows\testing123.dat
2009-03-05 18:07 16,384 a------t c:\temp\Perflib_Perfdata_7ec.dat
2009-03-03 17:48 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-03-03 17:48 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-03-03 17:48 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-03-03 17:48 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-03-03 17:48 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-03-03 17:48 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-03-01 13:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-01 13:43 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-01 13:23 35,262 a------- c:\windows\Administrator.acl
2009-02-28 17:28 161,792 a------- c:\windows\SWREG.exe
2009-02-28 17:28 98,816 a------- c:\windows\sed.exe
2009-02-25 19:31 8,074 a------- c:\windows\extend.dat
2009-02-25 19:29 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Avg8
2009-02-25 18:47 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-21 23:58 <DIR> --d----- c:\program files\Trend Micro
2009-02-21 23:52 <DIR> --d----- c:\program files\Innovative Solutions
2009-02-21 23:15 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-02-21 17:29 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-21 17:29 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-21 17:29 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-21 17:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 17:26 <DIR> --d----- c:\temp\WPDNSE
2009-02-21 16:59 <DIR> -cdsh--- c:\documents and settings\dillon\IECompatCache
2009-02-21 16:57 <DIR> -cdsh--- c:\documents and settings\dillon\PrivacIE
2009-02-21 16:57 <DIR> -cdsh--- c:\documents and settings\dillon\IETldCache
2009-02-21 16:50 <DIR> --d----- c:\windows\ie8updates
2009-02-21 16:45 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-21 13:26 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-21 13:26 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-21 13:26 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-21 13:26 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-21 13:26 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-21 13:26 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-21 13:26 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-20 22:31 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-20 20:10 <DIR> --d----- c:\program files\Mozilla Firefox(2)

==================== Find3M ====================

2009-01-02 11:38 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll
2007-09-11 21:33 5,471,581 ac------ c:\program files\acstudio.exe
2003-08-29 13:12 61,440 ac------ c:\windows\inf\i386\Viz7300.dll
2003-08-29 13:12 17,376 ac------ c:\windows\inf\i386\Gt680x.sys
2001-09-28 17:00 164,864 a------- c:\program files\UNWISE.EXE

============= FINISH: 16:33:04.14 ===============

[Blade81]

Hi

If you remove Windows update KB951748 and reboot the system does that restore the connection?

[BlackBike]

Nope,

I saw two instances of the KB951748 (one had a _0 at the end, I think), and I deleted them both. I know they are gone because the little yellow shield is now showing saying that I have two updates to install. However, I shut down the computer without installing the updates.

The computer still does not access the internet. Are there some other updates I should uninstall?

[Blade81]

Hi

Did you remove the update thru add/remove programs? I saw only one listed in your log:
Security Update for Windows XP (KB951748)