Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 can't connect to the internet anymore


  • Please log in to reply
4 replies to this topic

#1 yongwang87

yongwang87

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 10 September 2014 - 12:17 AM

Please help! 

 

I've recently installed Win7 on my Macbook Pro, and everything seemed to be running fine... until I finally got around to browsing the internet on the "PC side". At first, I could load some pages on internet explorer, but shortly after I installed Chrome, and updated IE nothing would load anymore. I suspect it is some sort of internet malware, since all my browsers have "www-search.net/?s=E8Myobryu02482,e390-4b8d-b67d-1f41a741228,&pi=2&vp=bp" as the home page address.

 

Some notes: 

  • I've installed and run Spywareblaster, Malwarebytes, and 360 Total security... and nothing has been detected.
  • Windows updates still download and have been installed. 
  • The Wifi says connected, and I can definitely browse on the "Mac side" 
  • Chrome notes that the problem is Error code: DNS_PROBE_FINISHED_NO_INTERNET, if that gives any clues to what's going on. 

I really appreciate the help and advice, thanks!

 

 



BC AdBot (Login to Remove)

 


m

#2 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 10 September 2014 - 05:06 AM

Hello, 

 

Start with the following, and let me know how you get on.

 

STEP 1
BY4dvz9.png.pagespeed.ce.cpqHQmQDB6.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
xE3feWj5.png.pagespeed.ic.JE3sJIzHrn.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Internet Flush

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    echo Flushing Internet. Please wait... >"%userprofile%\desktop\flushresults.txt"
    ipconfig /release >>"%userprofile%\desktop\flushresults.txt" 2>&1
    ipconfig /renew >>"%userprofile%\desktop\flushresults.txt" 2>&1
    ipconfig /flushdns >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh winsock reset all >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh int ipv4 reset >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh int ipv6 reset >>"%userprofile%\desktop\flushresults.txt" 2>&1
    echo. >>"%userprofile%\desktop\flushresults.txt"
    echo Finished. Your computer will reboot. >>"%userprofile%\desktop\flushresults.txt"
    shutdown -r -t 1
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file flush.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate flush.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
  • Your computer will reboot. If not, please manually reboot. 
  • After the reboot, a log (results.txt) will be on your DesktopCopy the contents of the log and paste in your next reply.
     

======================================================

STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • JRT.txt
  • flushresults.txt

Posted Image

#3 yongwang87

yongwang87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 10 September 2014 - 11:55 AM

Thanks for the help Liquid Tension!

 

After running everything, it seems that my internet is working correctly! See below, logs generated: 

 

 

  • AdwCleaner[S0]:

 

# AdwCleaner v3.309 - Report created 10/09/2014 at 11:45:59
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : MIDASTRON - KONSTRUCTOBOT
# Running from : C:\Users\MIDASTRON\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : SMUpd
Service Deleted : SMUpdd
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
Folder Deleted : C:\Program Files (x86)\Browsersafeguard
Folder Deleted : C:\Program Files (x86)\YouTube Accelerator
Folder Deleted : C:\Users\MIDASTRON\AppData\Local\Local_Weather_LLC
Folder Deleted : C:\Users\MIDASTRON\AppData\Local\WeatherAlerts
Folder Deleted : C:\Users\MIDASTRON\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\MIDASTRON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
File Deleted : C:\Users\MIDASTRON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
File Deleted : C:\Users\UpdatusUser\Desktop\YouTube Accelerator.lnk
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : BrowserSafeguard Update Task
Task Deleted : YTAUpdate_logon
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\MIDASTRON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\MIDASTRON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\MIDASTRON\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\MIDASTRON\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserSafeguard]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\BrowserSafeguardInstalled
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKLM\SOFTWARE\BrowserSafeGuard
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserSafeGuard
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\MIDASTRON\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : hxxp://www-search.net/?s=E8Myobryu02482,e391d09d-e390-4b8d-b67d-1f41a741228a,
Deleted [Homepage] : hxxp://www-search.net/?s=E8Myobryu02482,e391d09d-e390-4b8d-b67d-1f41a741228a,
 
*************************
 
AdwCleaner[R0].txt - [4455 octets] - [10/09/2014 11:43:32]
AdwCleaner[S0].txt - [3735 octets] - [10/09/2014 11:45:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3795 octets] ##########
 
 
  • JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by MIDASTRON on Wed 09/10/2014 at 11:56:15.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/10/2014 at 12:03:46.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
  • flushresults:

 

Flushing Internet. Please wait... 
 
Windows IP Configuration
 
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d56d:ea11:b9ef:880f%13
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:181b:3536:b80e:62ba
   Link-local IPv6 Address . . . . . : fe80::181b:3536:b80e:62ba%14
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Windows IP Configuration
 
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : home
   Link-local IPv6 Address . . . . . : fe80::d56d:ea11:b9ef:880f%13
   IPv4 Address. . . . . . . . . . . : 192.168.1.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:181b:3536:b80e:62ba
   Link-local IPv6 Address . . . . . : fe80::181b:3536:b80e:62ba%14
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
Finished. Your computer will reboot. 


#4 yongwang87

yongwang87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 10 September 2014 - 12:00 PM

Let me know if there's anything I should continue to do, but initial use suggests that everything is clean and functioning great! Again, thanks for the help, and I appreciate any additional comments/advice!

 

-YW



#5 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 10 September 2014 - 03:18 PM

Hello, 
 

After running everything, it seems that my internet is working correctly! 

Very good. 
 
Please work your way through the following steps to confirm there are no malware remnants
 
STEP 1
iAdP9bf.png.pagespeed.ce.8g8Nr7tAKx.png Malwarebytes Anti-Rootkit (MBAR)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Double-click MBAR.exe to run the installer.
  • Select a convenient location to extract the contents and click OK. Navigate to the location you selected.
  • Right-Click MBAR.exe and select Run as administrator to run the programme.
  • Follow the prompts to update the programme and scan your computer. 
  • Upon completion, click Cleanup and reboot your computer. 
  • After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more. 
  • Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder
     

STEP 2
xGfiJrQ9.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png.pagespeed.ce.SLxxSJVib_.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click List of found threats.... If no threats were found, skip the next two bullet points. 
  • Click Export to text file... and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to Uninstall Application on Close and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 4
rzqZvBe.png.pagespeed.ce.PBqTwa5eBH.png MiniToolBox

  • Please download MiniToolBox and save the file to your Desktop.
  • Close any open windows.
  • Right-Click MiniToolBox.exe and select Run as administrator to run the programme.
  • Check the following items:
    • xnjvAG80.png.pagespeed.ic.gZ68caRLlk.png
    • x6N6QY9z.png.pagespeed.ic.RZLy3aMroe.png
    • xzmWTIXg.png.pagespeed.ic.jk5F8RLnO0.png
    • xVAFn5gg.png.pagespeed.ic.5odCA8V0sB.png
    • xAtULTyM.png.pagespeed.ic.DLOr6jzxBm.png
    • x4roTXa5.png.pagespeed.ic.YRGpo_xJAR.png
    • xkLju9nY.png.pagespeed.ic.vNxMEjiYIj.png
    • xchxHkm0.png.pagespeed.ic.PM6HDRTaQH.png
    • x6KiAnDw.png.pagespeed.ic.p9_-awFSHr.png
    • xbKYHfhP.png.pagespeed.ic.La9FPmBOhl.png
    • xrO2mCup.png.pagespeed.ic.D0lIj8O5zz.png & xIi0HSu5.png.pagespeed.ic.XpaRxlE4dr.png
    • xfd89mAB.png.pagespeed.ic.erhJ8_tz4r.png
    • xvz7b54X.png.pagespeed.ic.MtNqlsmi0q.png
  • Click GO.
  • A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

STEP 5
xgxJsKn9.png.pagespeed.ic.M4hykS4GUJ.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select Run as administrator to run the programme.
  • Ensure there is a checkmark next to each item.
  • Click Scan.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • mbar-log.txt
  • system-log.txt
  • MBAM log
  • ESET log
  • Result.txt
  • FSS.txt

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users