# Solved: Internet works only in safe mode



## kissoflif3 (May 19, 2007)

Hello everyone, 

I have a compaq laptop(windows xp prof sp2, 1 gb ram, intel solo core 1.86 GHz). One week back, I came to my brother's home. As he stays out for most of the day, I tried using my laptop wid the server configuration he uses on his desktop(the i.p, and all the dns server settings). It worked fine every other time I visited his place but this time some problem crept in. I am able to use the net only in the safe mode. In the normal mode, the LAN stays connected but the ping command isnt able to get any reply from the server. In the safe mode, the net seems to work without any flaw. I searched on the net about this problem but couldnt find any solution that cud fix it. And then, I decided to format the comp. and an hour back, finished formatting. To my surprise, the problem still persists and I have no idea how to get rid of it. Please help me wid this problem.

Thanks in advance...I'll be waiting for ur replies!!!


----------



## JohnWill (Oct 19, 2002)

In safe mode, then again in normal mode, do this.

Start, Run, CMD to open a command prompt:

Type the following command:

*IPCONFIG /ALL*

Right click in the command window and choose *Select All*, then hit *Enter*.
Paste the results in a message here.


----------



## kissoflif3 (May 19, 2007)

Thanks for the reply!!!

this is what i got in safe mode>>>>

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>IPCONFIG /ALL

Windows IP Configuration

Host Name . . . . . . . . . . . . : kissoflif3
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-16-D3-03-FB-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.35.55.39
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 172.35.0.1
DNS Servers . . . . . . . . . . . : 172.35.0.1
202.56.250.5

Ethernet adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Networ
k Connection
Physical Address. . . . . . . . . : 00-13-02-46-A8-F3

C:\Documents and Settings\Administrator>

and this in the normal mode>>>>>>>

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Ritesh>IPCONFIG /ALL

Windows IP Configuration

Host Name . . . . . . . . . . . . : kissoflif3
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-00-00-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.35.55.39
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 172.35.0.1
DNS Servers . . . . . . . . . . . : 172.35.0.1
202.56.250.5

Ethernet adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Networ
k Connection
Physical Address. . . . . . . . . : 00-00-00-00-00-00

C:\Documents and Settings\Ritesh>


----------



## invalidusername (Apr 29, 2007)

The mac addree of your adapter is messed up. Did you re install the driver for that adpater.


----------



## kissoflif3 (May 19, 2007)

Yes I did. I reinstalled every driver after I finished formatting.


----------



## invalidusername (Apr 29, 2007)

START-RUN then type CMD type OK

type: PING 127.0.01

What do you get?


----------



## kissoflif3 (May 19, 2007)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Ritesh>ping 127.0.0.1

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Ritesh>


----------



## invalidusername (Apr 29, 2007)

Get into your wireless card and activate DHCP, 

Start-connect to-show wireless connection
right click on your wireless adapter, click property
highlight internet protocl TCP/IP click properties

put a dot next to "obtain IP address automatically"

and put a dot next to "obtain DNS automatically"


----------



## kissoflif3 (May 19, 2007)

I did as u said...but I don't use wireless network for internet access. I use the LAN.


----------



## invalidusername (Apr 29, 2007)

ok, did you do all that for lan?

if so, please do another IPconfig for normal


----------



## kissoflif3 (May 19, 2007)

Nope, I did that for the wireless connection...The IPconfig for the lan is same as b4...


----------



## invalidusername (Apr 29, 2007)

ok, so now you have enabled the DHCP. One last thing I would like for you to do is to start in normal mode. See if the problem still exists. If so, then we have to wait for JohnWill to come back in maybe another 8 hours. So, please reboot in normal mode. If there is still problem, we have to wait for John.

The only problme that I saw was your DHCP was off. And also, the MAC address does not look correct.


----------



## kissoflif3 (May 19, 2007)

I don't think that DHCP wud be any problem because it's also disabled in the desktop at home and the net works fine there. I guess the problem is with the address which isn't the same as that shown when in safe mode. I'm not sure...I restarted the comp. in normal mode and the problem is still the same.


----------



## invalidusername (Apr 29, 2007)

John, 

What does it mean when the physical address is all zero? Does that pont to registry problem?


----------



## invalidusername (Apr 29, 2007)

If you disable your firewall, do you still have connection problem in normal mode?


----------



## kissoflif3 (May 19, 2007)

yea...even after switching off the firewall, the net doesnt get connected. I guess I need to fix the physical address thing. It shouldn't be zero. But I don't know how to fix it. Is it possible to change the address manually somewhere? or it can't be changed??


----------



## kama64 (Apr 23, 2007)

It seems like its some type of spyware..or something is interfering with the network card.

Someone might know how to do the whole Hijack This stuff, and help you post it here and troubleshoot it


----------



## invalidusername (Apr 29, 2007)

virus/spyware could be a possibility.

Do one more thing,

Star-connect to-show all connection

right click on network card- click properties

On the adapter, under connect using

click advance, under internet connection sharing,

disable both allow other users......, and allow other network....

see what happens.

Also, do you by any chance have Linksys router?


----------



## kissoflif3 (May 19, 2007)

I did as u mentioned but it didn't help. and how do I check if I have a router or not?


----------



## invalidusername (Apr 29, 2007)

If the router belongs to your brohter, I would NOT try to change anything in that without him knowing about it. Also, it might be a good time to involve him, because it might be some router setting. 

The info that you posted listst the address of the gateway as 172.35.0.1. 

Your mac address is all zero. However, the card seems to be ok.
There is a chance that some sort of VPN is set up and the mac address all zero might be associated with that.

I ask this question again from the more experienced guys on this Forum:

Do you any any idea why the mac address is all zeros? Could this has something to do with the router having setting for VPN?


----------



## TerryNet (Mar 23, 2005)

That was a good catch to notice the all zeroes MAC address, and I suspect that is a major clue to the problem. But I never before heard of that happening. Since it is OK in SAFE mode, then logic would say there is something running in normal mode to cause this. There are programs that change the MAC address. Or maybe there is some malware.

There is no router evident in this. The gateway address of 172.35.0.1 is public. I don't know much about VPNs, but there doesn't seem to be any evidence of one.

The static IP used was copied from the brother's working PC, and works in SAFE mode, so I would think that should be left alone.

Until JohnWill or somebody can suggest reasons for the zero MAC Address I suggest concentrating on what running process might be messin' with the physical address.


----------



## JohnWill (Oct 19, 2002)

Either the query for the MAC wasn't successful (not allowed to retrieve) or the driver cannot connect to the real device (wrong driver?). I must admit, the only times I've seen this have been bad drivers or broken NIC hardware.


----------



## kissoflif3 (May 19, 2007)

I don't know wat to do. Just in case if it helps, here is the hijackthis log both in safe mode and the normal mode.

In the safe mode, this is wat i got>>>>

Logfile of HijackThis v1.99.1
Scan saved at 5:57:23 PM, on 5/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
E:\Softwares\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179576081296
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A9D0DC2-1F49-4B49-9730-3FFC24021ABF}: NameServer = 172.35.0.1,202.56.250.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

And in normal mode, this is the log>>>

Logfile of HijackThis v1.99.1
Scan saved at 6:02:25 PM, on 5/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
E:\Softwares\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179576081296
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A9D0DC2-1F49-4B49-9730-3FFC24021ABF}: NameServer = 172.35.0.1,202.56.250.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


----------



## kissoflif3 (May 19, 2007)

If it's some hardware related problem then the net shouldn't be working in the safe mode also, right? I'm not sure what to call this. I'm waiting for your reply!!!


----------



## kama64 (Apr 23, 2007)

This program doesnt seem to be running when in Normal mode, when you cannot get a connect..only in safemode when you do

C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe

From googling it, it is some LAN software used in India for network connection

Maybe try uninstalling and re-installing it

Someone else may find something in the log that might be wrong


----------



## kissoflif3 (May 19, 2007)

Yea it's the client software that my brother uses to connect to the network. It doesnt figure in the normal mode hijackthis log 'coz I wasn't running it when I ran hijackthis. I've reinstalled it many times but that doesn't help. The MAC address being all zero is what worries me.


----------



## kissoflif3 (May 19, 2007)

Finally, it's over. Kaspersky anti virus was causing this problem. I uninstalled it and the problem is solved. I thank all of u for ur time and help.


----------



## kama64 (Apr 23, 2007)

Thats great news!!! Glad u figured it out...sure was a weird one


----------

