Access blocked?

Last week I set up a newer computer for my lady friend and her girls to get going with an internet connection. As they're newbies to this, and the girls ages go down to primary school, I set the system up fairly locked down, with We-Blocker and all the usual stuff.

Fine at first, but it's looking like it might have got a nasty that blocks the connection whenever you try to go to a security site. Had a quick look last night, you can surf to your hearts content, but hit update on AdAware etc and DUN just stops, no further data transfer. Disabling We-Blocker and firewall doesn't change it, so it's not a setting there, although I did manage to update AVG with We-Blocker shut down, but the scan didn't pick up anything. Neither do AdAware or a2 squared, both a week out of date.

I ran out of time to do anything more beyond a HijackThis sweep, so I'll post it below in case anyone spots something known, or can suggest something I might have missed. Anyone know if the no-name BHO is suspect? Meanwhile I'll install the most up-to-date Spybot 1.3 Beta on it, and if that doesn't find anything, I'll pull the drive and do an online scan on my system. Grrr...

TIA for any ideas.


Logfile of HijackThis v1.97.7
Scan saved at 8:05:11 PM, on 4/20/04
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST 1.0\OUTPOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SCM\ICONFIG.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SYSWB6.EXE
C:\PROGRAM FILES\MULTIKEYBOARD DRIVER\KBDDRV.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINKB6.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\UTIL\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:6711
O1 - Hosts: 204.244.184.143 SafeWeb.com
O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LEDTRAY] C:\PROGRA~1\COMMON~1\SCM\LEDTRAY.EXE
O4 - HKLM\..\Run: [ICONFIG] C:\PROGRA~1\COMMON~1\SCM\ICONFIG.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [SYSWB6] SYSWB6
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST 1.0\outpost.exe /service
O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Quick update. Progress I think. Had a short while to investigate tonight, and at least part of the problem may be due to installing We-Blocker after the security utilities. The new Spybot 1.3 installation pointed out that there is a 127.0.0.1 proxy set up, and updates will have to be set to use that proxy, not a direct connection.

The proxy is something We-Blocker does, and looks like appropriate settings should sort out the updating. I still don't see why the entire internet access should stop functioning though. We'll see.

The following link might be helpful to you. Seems others have had the same sort of problem with that software.

http://www.tweaknews.net/forum/viewt...&view=previous

l2l2