# Can only access the internet in safe mode!



## Lehnerbunch (Aug 30, 2005)

Hi, I have desktop computer running windows xp with cable as my internet service provider. Whenever I try to sign onto the internet with either netscape or internet explorer I get a blank screen with "done" on the bottom. I can, however, get on in safe mode. I have tried everything I can possibly think of to fix it, mcafee virus scan, sybot search & destroy, adaware, reinstalling the comcast software, nothing works. I've also tried to restore my computer to an earlier date but it won't. Funny thing is my daughter has a laptop that has a wireless router and she has no problem getting online, so I'm pretty sure I'm infected with something. The only thing mcafee comes up with is the very lince trojan, but it said I had that before this problem and I was still able to get online.It also says it has cleaned that virus and to restart my computer but it keeps coming back. If anyone can think of something to help to get me back online, I'd greatly appreciate it.


----------



## Removed (May 14, 2005)

Did you add *any* new hardware or software to your system before you noticed this problem? 

When you startup in regular mode, right-click on My Computer, go to Properties, go to the Hardware tab, and click on the Device Manager button. Scroll down to the Network Adapters section, click on the plus sign on the left side of it, and look for a red X or an exclamation point next to the network card.

Open up My Network Places, on the left side of the window click on "view network connections". Under the Local Area Connection icon, what is the status? Connected? Disconnected? Disabled? Aquiring Network Address?


----------



## JamesO (Mar 30, 2005)

I would be interested to see if you can ping IP addresses when you are not in safe mode. Also what Windows Service Pack are you on? When was your last Windows update before your problem started?

Start, Run, type "cmd", type "ping 70.168.47.91" see if you get a response.

Then type "ping www.cox.net" and see if you get a response.

Report results back.

JamesO


----------



## Removed (May 14, 2005)

If you can't ping either of those destinations, try pinging your router, likely located at 192.168.1.1 or 192.168.0.1.

Try either:

_ping 192.168.1.1_ 
or
_ping 192.168.0.1_


----------



## Lehnerbunch (Aug 30, 2005)

Okay, I tried Sceptre's advice first. No red x's next to the connections. I have three listed. 1394 Net Adapter, Intel(R)Pro/100VE Network Connection, and Mac Bridge Miniport. I also checked my local area connections and it said
connected, speed 100.0mbps. I'm gonna go back into regular mode and try what JamesO said to do. I'll let you know how that goes. Oh, and now McAfee is saying I have the downloader_LG.dll trojan, file path: c:\\windows\system32 and that it cannot be cleaned,deleted or quarantined and that I should restart my computer and use a rescue disk to clean infection. I don't have a rescue disk. Am I in trouble???


----------



## JamesO (Mar 30, 2005)

Which XP service pack are you operating, 1 or 2. If 2, was your machine upgraded from SP1 to SP2 just before you lost network connections?

Also note is is best out virus/malware/spyware in Safe Mode on XP.

Housecall from TrendMicro is also a very useful online scanner and clean up tool:

http://housecall.trendmicro.com/

I would also like to know the answer to my earlier question about pinging by IP and site name. This will give a bit more insight into what is happening.

JamesO


----------



## Removed (May 14, 2005)

Here's a simple idea: In the device manager, right-click on the network card, and select uninstall. Restart the computer, and Windows XP should automatically detect and install it again. If it doesn't automatically detect and install it, just run the Add/Remove Hardware wizard from the control panel. :sayyes:


----------



## Guest (Sep 2, 2005)

Try running *this fix *


----------



## Lehnerbunch (Aug 30, 2005)

Sorry I didn't answer you sooner James. I'm running service pack 2, and I'm pretty sure it updated itself not too long before this all happened. I did the "ping" with 70.168.47.91 and got the following:
Pinging 70.168.47.91 with 32 bytes of date:
reply from 70.168.47.91 : bytes= 32 time= 35ms TTL=242
reply from 70.168.47.91 : bytes= 32 time= 45ms TTL=242
reply from 70.168.47.91 : bytes= 32 time= 44ms TTL=242
reply from 70.168.47.91 : bytes= 32 time= 40ms TTL=242

Ping statistics for 70.168.47.91 :
Packets: sent =4, received=4, in mili-seconds:
Minium= 35ms, Maximum= 45ms, Average= 41ms


When I tried the www.cox.net it said "ping request could not find host www.cox.net please check the name and try again. When I try either
192.168.1.1 or 192.168.0.1 it says "request timed out" . I don't know what any of that means, but I hope one of you do. Oh, and I did all of this in regular mode. Also, I havent installed any new hardware or software. But I've downloaded just about every virus scanner and cleaner you can think of since then, all in safe mode. I will try the trendmicro. Have to switch from laptop to desktop in safemode now, thanks so much for taking the time to look at this, hopefully you guys will find something that will work. I'll check back in when I'm finished with the trendmicro. If that doesn't help I'll try uninstalling the network card like Sceptre said.


----------



## Lehnerbunch (Aug 30, 2005)

okay, I'm really frustrated now! When I try to scan my computer with trendmicro I have to do it in safe mode and the screen is too big for me to click on the button to scan, and there is no arrows to scroll up or down, I can't resize the page enough to get to it. So I tried what Sceptre said and I have a dumb question, there's three different things in the network section, which do I uninstall? Sorry for so many questions.
Thanks,
Lisa


----------



## JamesO (Mar 30, 2005)

Sounds like you have the exact same problem as I do on a machine I am trying to sort.

Try this to see if we can compare notes.

In Safe Mode: Start, Run, type "cmd", type "ipconfig /flushdns". You should get a response like "Sucessfully flushed the DNS resolver cache".

In Normal mode, try the same command. See if you get a response like "cannot locate DNS cache".

The other thing I noticed, when I boot in normal mode. I immediately open the command prompt (Start, Run, type "cmd") then ping www.cox.net. I can ping up until the machine boots the last 2 processes. I am trying to find what is stopping the DNS from working.

I did the Trend Online scan, Adaware, Spybot, Ewido, RegCleaner. A few items were found, however, was not able to fix anything yet. 

Also tried under Network Connections to Repair, process stopped with unable to flush DNS!!

I would be interested to see how your machine responds to the flushdns command. It sounds like you may have the exact same issue that the machine I am trying to sort.

JamesO


----------



## Lehnerbunch (Aug 30, 2005)

okay, I tried the "ipconfig /flushdns" in both safe mode and reg mode and got the same response "Sucessfully flushed the DNS resolver cache".
I went to my network connections and tried to repair my local connection but I got a window that said: Windows could not finish repairing the problem because the following action cannot be completed: TCP/IP is not enabled for this connection. Cannot proceed.
It cant be that simple can it? How do I fix that? When I try to repair the network bridge Mac Bridge Miniport I get the response that it is renewing my IP address and then I get "Windows could not finish repairing the problem because the following action cannot be completed: Renewing your IP address
For assistance, contact the person who manages your network. Sadly, I manage my network :sad: Okay what now?


----------



## JamesO (Mar 30, 2005)

Sounds like you are probably in better shape then the machine I am fighting with at the moment. Maybe TCP/IP is not currently enabled on your machine?

Go to Network and Dial Up Connections, select your local Ethernet interface, right click and select Properties, scroll down and hopefully you will see Internet Protocol (TCP/IP), make sure it is checked. If it is not check, this may be your problem. If it is checked, not exactly sure where to go, you may need to perform the Winsock2 repair??

http://support.microsoft.com/default.aspx?scid=kb;en-us;811259

JamesO


----------



## Lehnerbunch (Aug 30, 2005)

Thanks James,
Hope you have some luck with the one your working on. I'll have to try the winsock fix since the tcp/ip box is checked. Keep your fingers crossed for me.


----------



## JamesO (Mar 30, 2005)

Here are some good suggestions I was given by someone else which I will be trying on my problem machine as well:

Check the Event Log after a normal boot and look for messages about
system services. 

Disable all non-Microsoft programs and services in Msconfig and
reboot. One-by-one, enable those programs and services and reboot.
Keep doing it until one causes DNS resolution to fail. Then, you've
found the problem.

I may also try system restore, however, I really want to get to the bottom of this problem.

JamesO


----------



## Lehnerbunch (Aug 30, 2005)

Sounded good, but it didn't do anything for me. The other night I was playing around (which I can only do small doses or my computer would be flying out the window) and I tried to reinstall my microsoft broadband cd and for about 2 minutes I had it working in regular mode. Don't know what I did but that fast it went down again. The microsoft broadband networking website has a lot of things you can do to troubleshoot. I've tried a couple but haven't found it yet. I'm pretty sure it has something to do with the tcp/ip connection. Let me ask you something, on the microsoft website they say to uninstall the tcp/ip and then restart your computer and reinstall it. They say to log on as an administrator (that's the only thing I have on my computer) go into control panel double click networks and click the protocol tab and click uninstall tcp/ip. My problem is in control panel I only have network connections and I can't find a protocol tab, am I not looking in the right place?


----------



## mrmagenta (Sep 9, 2005)

*similarities - this may be of help*

My nephew asked me to look at his PC as there was no Internet access - seems there are similarities so I thought I'd let you know the details:

He has an XP Home SP2 PC, broadband on a cable modem, McAfee Security centre 2005, uses IE and Firefox. But also uses some peer-to-peer stuff. :4-thatsba 

He said that the Internet was working, then it stopped. Tried IPCONFIG /ALL, there was no valid IP address.

To resolve part of the problem (XP states that the network connection is unplugged when it WAS plugged in), cutting a long story short, I swapped from USB to ethernet cable modem connection and installed a new ethernet card.

Still no Internet connection although IPCONFIG /ALL stated that all was ok (ie there was a valid IP address etc.).

So I tried pinging for an IP address - 

In 'normal' XP Home mode, I tried pinging "bbc.co.uk" - this didn't resolve. 
I then tried the (bbc.co.uk) IP address - and this resolved.
Tried both in IE and Firefox and neither resolved.

So I went into safe mode and could ping and surf using IE to both bbc.co.uk and the IP address.

In "normal" XP home mode I tried to use StartUpControlPanel (think it's called that - a Mike Lin tool) to remove everything from starting up - and there was some real junk trying to load. One the I couldn't was NewDotNet - so I guess that is the (main) culprit - It seems that the Winsock has been damaged by NewDotNet.

I've found a forum with some suggestions for removing it (http://forums.spywareinfo.com/index.php?showtopic=52833).

I haven't implemented this all yet, but I hope this posting helps.

MrM


----------



## JamesO (Mar 30, 2005)

Mr. M,

Thanks for the post. It sounds like you have a very similiar problem as the machine I am working on. I have seen quite a few similiar posts on other boards, so this does not appear to be an isolated issue. Problem is, it is not machine, so I cannot get my hands on it on a regular basis. I will hopefully be back to visit with it next week.

Anyway, my problem is DNS. Everything works fine in Safe Mode. Cannot resolve names in Normal mode once it is fully booted, however, I can resolve by name until the last few items load. Once the machine is fully booted, I cannot resolve by name, I cannot flush the DNS, comes back with an error indicating it cannot located the DNS cache. I cannot perform a network repair, as the the routine stops at a DNS function.

I guess I could try a system restore, however, I really want to find the culprit and resolve the problem correctly. It seems the problem happened very shortly after XP SP2 was installed and some spyware was removed by someone else. 

I tried killing active processes, however, there was no luck. I think I will have to go down the msconfig road to stop processes one by one from starting up. I will need to compare Safe Mode process vs. Normal Mode as everything is working in Safe Mode. I will probalby need to go over about 25 processes to find the bad one. We will see how lucky I am finding the bad process in the pool of good processes!

JamesO


----------



## littshepkid02 (Sep 13, 2005)

*xp*

i think the reson i cannot get on the internet is because i was trying stuff and i unistalled sp2 cause i was trying to uninstall xp cause it was messed up and i fixed it but this mite help i used these Adware,spybot searh and destroy, cw shredder,avg anti-virus


----------



## maxwellfir (Sep 30, 2005)

*vsmon.exe*

vsmon.exe was the culprit for me. It was leftover from the Zone Labs uninstall. It was in the /windows/sys32/ZoneLabs/ folder.

Started in safe mode and deleted (necessary because I was getting a permissions error in normal mode).

It worked for me - good luck.


----------



## WoodyMatt2001 (Jul 3, 2007)

James, 

Please tell me you found a solution to the problem you were having after SP2 upgrade. I am having the same problem!


----------



## JamesO (Mar 30, 2005)

It was a long time ago that I had to deal with the problem machine I was referring to in this post, but I think??? the problem was with Norton Internet Security and Parental Controls???

As I recall, something strange happened when XP was upgraded from SP1 to SP2 and all I had to do was toggle the Parental Controls off, then back on to get Internet access. 

It was some form of DNS blocking that NIS was doing.

JamesO


----------



## WoodyMatt2001 (Jul 3, 2007)

Hmm, but I dont have any Norton / Symantec products on this machine.


----------



## WoodyMatt2001 (Jul 3, 2007)

> vsmon.exe was the culprit for me. It was leftover from the Zone Labs uninstall. It was in the /windows/sys32/ZoneLabs/ folder.
> 
> Started in safe mode and deleted (necessary because I was getting a permissions error in normal mode).
> 
> It worked for me - good luck.



Maxwellfir, That did it for me as well. YOURE AWESOME!


----------



## drmee (Oct 30, 2008)

Are you running AVG antivirus software? If so, remove it!


----------



## Done_Fishin (Oct 10, 2006)

This thread started back in August 2005 .. then got resurrected in April 2007 .. well 3rd time lucky .. I found it so I will close it before it gets the record for "zombie zone" :laugh:

Thanks for posting and don't feel too bad .. I have done it myself .. I try to watch the dates now .. almost got caught myself again here .. :grin:


----------

