Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet Access after removing Virus


  • Please log in to reply
22 replies to this topic

#1 subby6

subby6

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 18 March 2014 - 04:31 AM

Hi, I've picked up this PC to fix after another tech didn't finish the job properly. From what owner said. The other tech removed a virus called PCProtect. But the customer cannot access the Internet, even thou network and  sharing center shows there is Internet access through the LAN.

 

I've ran a couple programs to try and fix this. RogueKiller, did a scan with that, fixed proxy and hosts. Full scan with malwarebytes antimalware, found no objects. Scan with Kasperskys TDSSKiller. RKill and Junkware Removal tool. Found some infections or malware there and removed them. But hasn't fixed the Internet.

 

I need some help here.



BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 18 March 2014 - 09:51 AM

Hello subby..
For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.


netsh interface ipv4 reset
netsh interface ipv6 reset
ipconfig /flushdns


WIN7.. Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 subby6

subby6
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 18 March 2014 - 06:32 PM

Proxy wasn't ticked in Internet Options.
 

reseting the winsock didn't work or the ipv4 and 6 interfaces. Well they worked, but still no internet.

 

I've installed Google Chrome and internet doesn't work on that too.

I've noticed this thou in event viewer below, Maybe it might share some light on whats happening.

 

Error 7023, Service Control Manager, The Windows Update Service terminated with the following error: %%-2147014790

Error 7024, Service Control Manager, The Background Intelligent Transfer Service terminated with service-specific error: %%2147014790

Event 16392, Bits-Client, The Bits service failed to start: Error 0x8007277A

Event 7023, Service Control Manager, The IPSec Policy Agent service terminated with the following error: The requested service provider could not be loaded or initialized.

Event 404, Task Scheduler, Task Scheduler service has encounted RPC initialization  error in "RpcServiceUseProtseq:ncacn_ip_tcp" Additional Data: Error Value 1721



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 18 March 2014 - 07:12 PM

Yep, some could be an issue.
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 subby6

subby6
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 18 March 2014 - 09:08 PM

Farbar Service Scanner Version: 25-02-2014
Ran by User (administrator) on 19-03-2014 at 12:06:28
Running from "E:\"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-10 07:33] - [2013-09-14 10:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913
 
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-10 07:33] - [2013-09-08 12:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3
 
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 20:11] - [2013-07-09 14:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9
 
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-10 21:20] - [2013-05-27 14:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47
 
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 19 March 2014 - 09:35 AM

Download the ESET ServicesRepair utility
you may have to click a RUN icon in a bar at the bottom of the screen.
Run it,restart the PC

Post the new FSS log
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 subby6

subby6
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 19 March 2014 - 05:24 PM

new FSS log after run Eset ServicesRepair Utility

 

Farbar Service Scanner Version: 25-02-2014
Ran by User (administrator) on 20-03-2014 at 08:22:50
Running from "E:\"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-10 07:33] - [2013-09-14 10:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913
 
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-10 07:33] - [2013-09-08 12:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3
 
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 20:11] - [2013-07-09 14:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9
 
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-10 21:20] - [2013-05-27 14:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47
 
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#8 subby6

subby6
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 19 March 2014 - 05:27 PM

oh and had cable unplugged too. With plugged in, still no internet access. seems like network configuration, have tried uninstalled network adapter and installed.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 19 March 2014 - 06:01 PM

Open an elevated command prompt
click Start, type  cmd in the Search box, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.

 

At the command prompt, type sfc /scannow   ( space between c and/ ) then press ENTER


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 subby6

subby6
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 19 March 2014 - 06:15 PM

Windows Resource Protection did not find any integrity violations.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 19 March 2014 - 07:52 PM

I am asking about this.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 subby6

subby6
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 19 March 2014 - 09:17 PM

I ran the scan as you said, and that's what it said when it finished

 

"Windows Resource Protection did not find any integrity violations."



#13 subby6

subby6
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 20 March 2014 - 12:00 AM

I think its a winsock problem, and something is denying windows access to it. When i try the command "netsh winsock reset catalog" I get Access os Denied. So tried to manually remove winsock2 from the registry and also received a error cannot delete.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 20 March 2014 - 09:26 AM

Ok, give this a go.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

>>>>

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
>>>>

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 subby6

subby6
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 20 March 2014 - 06:54 PM

Ran the Windows Repair (All in One) program.

 

Step 2. No Error found on the Drive.

Step 3. Windows Resource Protection did not find any integrity violations. Restarted Computer afterwards.

Step 4. Created Restore Point.

Start Repairs, left boxes ticked or unticked as default. Restarted Computer for changes to take effect.

Downloaded and ran Rkill

Downloaded and ran MiniToolBox.

Posting logs in next Post.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users