# [SOLVED] Internet only works in Safe Mode



## Refresh06 (Jul 18, 2007)

Hello,

I am new here, and I'm having internet connectivity issues. I can only connect to the internet in safe mode. I seem to be okay in normal mode, I ran ipconfig /renew and it worked fine. I seem to be connected. If I disable my connect, and try to reenable, it tells me connection failed. I am running XP. I'm not sure what information I need to post to get this helped. Please help.

John


----------



## johnwill (Sep 26, 2002)

*Re: Internet only works in Safe Mode*

Sounds like some application that's running is causing the issue.

I'd start by disabling groups of startup applications using MSCONFIG until you see a change. If you get them all disabled and still have the problem, it'll probably be time for different measures.


----------



## Refresh06 (Jul 18, 2007)

*Re: Internet only works in Safe Mode*

I will try that when I get home. One more thing. If the computer is left on for a period of time, a blue screen (of death) pops up and says Windows has to close because of a corrupt file. Will the MSCONFIG take care of that? If the program is not running, will the corrupt file affect my OS? Thanks.


----------



## Refresh06 (Jul 18, 2007)

*Re: Internet only works in Safe Mode*

I disabled everything and it didn't work. Here is my log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:18 PM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\xqy.exe
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\SpamBlockerUtility\SBTV\SBTV.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1134315056\ee\AOLSoftware.exe
C:\WINDOWS\system32\dglabfndbwe.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Debug\secsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Loren\Desktop\HiJackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107D98AE75760EA83FA5EF80752B94E3D776547D44283BC3 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [xqy] C:\WINDOWS\system32\xqy.exe
O4 - HKLM\..\Run: [xgblxdxbcre] C:\WINDOWS\system32\xgblxdxbcre.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [vmuyg] C:\WINDOWS\system32\vmuyg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [rocgypmnpg] C:\WINDOWS\system32\rocgypmnpg.exe
O4 - HKLM\..\Run: [rguaagk] C:\WINDOWS\system32\rguaagk.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [rbuvaefqdo] C:\WINDOWS\system32\rbuvaefqdo.exe
O4 - HKLM\..\Run: [qspisusaajm] C:\WINDOWS\system32\qspisusaajm.exe
O4 - HKLM\..\Run: [qophveak] C:\WINDOWS\system32\qophveak.exe
O4 - HKLM\..\Run: [pphjkd] C:\WINDOWS\system32\pphjkd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [mtztuwgykei] C:\WINDOWS\system32\mtztuwgykei.exe
O4 - HKLM\..\Run: [lupdidtn] C:\WINDOWS\system32\xnmgiunp.exe
O4 - HKLM\..\Run: [kwm] C:\WINDOWS\system32\kwm.exe
O4 - HKLM\..\Run: [klvmlhu] C:\WINDOWS\system32\klvmlhu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [jgafrnm] C:\WINDOWS\system32\jgafrnm.exe
O4 - HKLM\..\Run: [jbgwujyq] C:\WINDOWS\system32\jbgwujyq.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134315056\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [g] C:\WINDOWS\system32\g.exe
O4 - HKLM\..\Run: [dlft] C:\WINDOWS\system32\dlft.exe
O4 - HKLM\..\Run: [dglabfndbwe] C:\WINDOWS\system32\dglabfndbwe.exe
O4 - HKLM\..\Run: [command] C:\WINDOWS\SYSTEM32\command.exe
O4 - HKLM\..\Run: [cmd64] C:\WINDOWS\SYSTEM32\cmd64.exe
O4 - HKLM\..\Run: [cmd32] C:\WINDOWS\SYSTEM32\cmd32.exe
O4 - HKLM\..\Run: [avydquy] C:\WINDOWS\system32\avydquy.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.13/ttinst.cab
O16 - DPF: {EF98AF7B-1F54-4079-91BC-3996DEABA45A} (Sinstaller Class) - http://www.cursorcafe.com/bin/cursorcafe.cab
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Print Spooler Service (axmm91aykegeou44) - Unknown owner - C:\WINDOWS\system32\rocgypmnpg.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Provides secure connections to internet and LAN computers. (Security Encryption Server) - Unknown owner - C:\WINDOWS\Debug\secsrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## johnwill (Sep 26, 2002)

*Re: Internet only works in Safe Mode*

*Holy Cow!*  You are loaded with malware! First step here is to do the following process, we need to get that cleaned up first. It's likely to solve the networking issue in the process.

Please follow this HJT Log 5 Step Process to post a HijackThis log in the HijackThis Log Help forum here.


----------



## Refresh06 (Jul 18, 2007)

*Re: Internet only works in Safe Mode*

I did what I could. DSS keeps crashing when I get to backing up Registry hives. The PandaScan froze. I will try again later. Removed what was suggested and installed SpyBlaster and the other item. Please see log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:20 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\klvmlhu.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\SpamBlockerUtility\SBTV\SBTV.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Debug\secsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Loren\Desktop\HiJackThis.exe
C:\WINDOWS\system32\control.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...L/64HiuWw7k0bD4wA/sxb82sR9ka9CypwFzp8UMlq+fEt
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107D98AE75760EA83FA5EF80752B9499803B2A2303766A - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [xgblxdxbcre] C:\WINDOWS\system32\xgblxdxbcre.exe
O4 - HKLM\..\Run: [vmuyg] C:\WINDOWS\system32\vmuyg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [rocgypmnpg] C:\WINDOWS\system32\rocgypmnpg.exe
O4 - HKLM\..\Run: [rguaagk] C:\WINDOWS\system32\rguaagk.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [rbuvaefqdo] C:\WINDOWS\system32\rbuvaefqdo.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [mtztuwgykei] C:\WINDOWS\system32\mtztuwgykei.exe
O4 - HKLM\..\Run: [lupdidtn] C:\WINDOWS\system32\xnmgiunp.exe
O4 - HKLM\..\Run: [klvmlhu] C:\WINDOWS\system32\klvmlhu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [jgafrnm] C:\WINDOWS\system32\jgafrnm.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [g] C:\WINDOWS\system32\g.exe
O4 - HKLM\..\Run: [dlft] C:\WINDOWS\system32\dlft.exe
O4 - HKLM\..\Run: [cmd64] C:\WINDOWS\SYSTEM32\cmd64.exe
O4 - HKLM\..\Run: [cmd32] C:\WINDOWS\SYSTEM32\cmd32.exe
O4 - HKLM\..\Run: [ott] C:\WINDOWS\system32\ott.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.13/ttinst.cab
O16 - DPF: {EF98AF7B-1F54-4079-91BC-3996DEABA45A} (Sinstaller Class) - http://www.cursorcafe.com/bin/cursorcafe.cab
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Print Spooler Service (axmm91aykegeou44) - Unknown owner - C:\WINDOWS\system32\xgblxdxbcre.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Provides secure connections to internet and LAN computers. (Security Encryption Server) - Unknown owner - C:\WINDOWS\Debug\secsrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
It seems that the internet works for a moment sometimes on Normal mode. Then it dies.


----------



## johnwill (Sep 26, 2002)

*Re: Internet only works in Safe Mode*

I'll repeat, please do what I suggested previously and let the security experts get rid of the malware on the computer. It's pointless to be trying to fix the networking with those still running.


----------



## SoundOfEmotion (May 6, 2009)

*Re: Internet only works in Safe Mode*

(for the solution, skip down to the bold text)

This forum came up relatively high on the list for the google search: "internet only works in safe mode" which is how I described an issue a friend of mine was having on his laptop.

His internet connection just "stopped working" one day and he wasn't sure what had changed since multiple people share that system. I tried everything I could think of, MalwareBytes, SmitfraudFix, Winsockfix... Nothing was working. Then by chance I happened to boot into safe mode and realized that whoa -- it's working!

Then doing a bit of searching online I found out that other people were able to resolve the issue by disabling IPSEC, or some other services. While in safe mode I sorted the services to show me all of the Autostart services that were currently not running (meaning they would be running in normal mode). I disabled any of the services that I suspected might in some way be impacting the network connection. Then I booted back into normal mode.

Nope... Same issue. The internet works in safe mode, but not in normal mode. So I took a closer look at the services and realized that Norton had been installed, but all of its related services were disabled. So I re-enabled all the Norton* services (there were 2) and the Symantec* services (I think there were like 6) and kind of suspected that right away I knew what was going on.

When I checked out the Norton Personal Firewall settings my suspicions were confirmed! *Norton's personal firewall was blocking svnchost.exe from communicating with the DNS server.*

So just to test it out, I disabled the personal firewall and opened a browser. Presto, magico -- internet restored! My guess is that at one time when Norton was running, a pop-up showed on the screen that said "svnchost.exe is trying to access the DNS server, do you want to allow this?" and they chose to deny access, permanently. Then they got fed up with Norton and decided to disable what services they were allowed access to, but now that Norton is no longer visible to the user, there was no way for them to get back!

If anyone in this thread is still alive and having this issue (and hasn't resorted to buying a new computer or formatting and starting clean) please try that out and see if you are able to resolve it that way.

Also hopefully there are some people out there who will find this site and this information is helpful for them.


----------



## misseccentric (Feb 14, 2012)

*Re: Internet only works in Safe Mode*

Thank you so much! This worked fantastically. I recommend trying this before the Winsock or any other command. You are wonderful Thanks again.


----------



## 2xg (Aug 5, 2009)

*Re: Internet only works in Safe Mode*

Thanks for the feedback. Glad to hear that this Thread has resolved your issue. :smile:


misseccentric said:


> Thank you so much! This worked fantastically. I recommend trying this before the Winsock or any other command. You are wonderful Thanks again.


----------

