Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 - Can connect but can't browse


  • Please log in to reply
43 replies to this topic

#1 unimpressed

unimpressed

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 19 August 2016 - 11:17 AM

Sometimes it connects and sometimes it's limited. However, when it does connect, none of my web browsers work. Chrome says "dns_probe_finished_nxdomain" and IE just says, "this page cannot be displayed". 
So I'm trying to make it stay connected and also trying to make the browsers work while it is connected.

I've been searching and searching and I've tried:
1) netsh winsock reset catalog
2) netsh int ip reset reset.log hit
3)ipconfig /release
4) ipconfig /renew
5) ipconfig /flushdns
6) checking adapter settings and changing dns to 8.8.8.8, 4.2.2.2, and a few more
7) when ^ didn't work, changing it back to automatic
8) uninstalling and reinstalling my 2 drivers in "Network Adapters" in Device manager: realtek pcie fe family controller and Atheros wireless network adapter
I may have tried a few more but these are the ones @ the top of my head
I read that these solutions work for a lot of people...
none of the above work for me

 

:mellow:

Any help would be appreciated...

:bowdown:  :bowdown:

BTW, I have a Windows 7 home premium and I'm not sure if this is related, but a few days ago I accidently deleted path in environment variables but now I have it fixed (I think). However, I can't open up Kaspersky Total Security. It will come up and load for like a second and close. 



BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:43 PM

Posted 19 August 2016 - 12:02 PM

Hi :welcome: to BleepingComputer

 

Can you download MiniToolBox and save the file to the Desktop?
Close the browser and run the tool, check the following options:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices (select Only Problems)
  • List Users, Partitions and Memory size
  • List Restore Points

Click on Go.

Post the resulting log in your next reply.
 

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 unimpressed

unimpressed
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 19 August 2016 - 12:48 PM

Hi. this is the log, right?

 

Sorry. Not too tech savvy.

Attached Files

  • Attached File  MTB.txt   34.11KB   7 downloads


#4 unimpressed

unimpressed
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 19 August 2016 - 12:54 PM

Update.

 

Now it says "connected" but "no internet access"



#5 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:03:43 PM

Posted 19 August 2016 - 01:27 PM

Does Kaspersky add redirect to host files? I thought they could just encrypt them. Either way, 15463 entries seems a tad much. Also I see several DNS errors in the logs. Also, I notice Cheat Engine 6.5 which comes which installs with some malware/PUPs. All that makes me think your internet issue is a possible malware infection. Any obvious signs of malware? Popups? Errors on reboot? If so, this thread may be better served in "Am I infected".



#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:43 PM

Posted 19 August 2016 - 01:32 PM

Hi,

 

First make sure that you have a backup of any critical data you may have in your computer just in case because the report show some disk errors that we need to fix.

 

» Check the Disk for Errors

  • open the Command Prompt as Administrator (Tutorial)
  • type the command:
    chkdsk /f /x C:
    Note: When it ask if you want to checked the volume next time the system restarts answer Yes
  • Restart the Computer and let the check run during boot.

Next,


  • download ListChkdskResult
  • execute the file and accept all the windows prompts to authorize the program to run
  • Notepad will open with a report showing the chkdsk result
  • copy & paste the log to your reply

 

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 unimpressed

unimpressed
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 19 August 2016 - 01:40 PM

No popups or errors on reboot.

 

Will try chkdsk



#8 unimpressed

unimpressed
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 19 August 2016 - 01:43 PM

Cannot lock currwent drive.

 

Chkdsk cannot run because the volume is in use by another process would you like to schedule this volume to be checked the next time the system restarts?



#9 unimpressed

unimpressed
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 19 August 2016 - 02:17 PM

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 8/19/2016 3:06:57 PM >------
Category: 0
Computer Name: 
Event Code: 1001
Record Number: 2286
Source Name: Microsoft-Windows-Wininit
Time Written: 08-19-2016 @ 19:01:46
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.
 
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1eb34 for possibly 0x8 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x258f is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 9615.
Attribute record of type 0x80 and instance tag 0x1 is cross linked
starting at 0xd4f68 for possibly 0x8 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x1
in file 0x7985 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 31109.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xdabd2 for possibly 0x5 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x87aa is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 34730.
  312576 file records processed.                                         File verification completed.
  855 large file records processed.                                     0 bad file records processed.                      
 
                 0 EA records processed.                                             79 reparse records processed.         
 
                             CHKDSK is verifying indexes (stage 2 of 3)...
Unable to locate the file name attribute of index entry MSS.log
of index $I30 with parent 0x1a9 in file 0x3cce.
Deleting index entry MSS.log in index $I30 of file 425.
Unable to locate the file name attribute of index entry MSS00048.log
of index $I30 with parent 0x1a9 in file 0x3bcf.
Deleting index entry MSS00048.log in index $I30 of file 425.
Unable to locate the file name attribute of index entry MSStmp.log
of index $I30 with parent 0x1a9 in file 0x3b21.
Deleting index entry MSStmp.log in index $I30 of file 425.
The index bitmap $I30 in file 0xc6ed is incorrect.
Correcting error in index $I30 for file 50925.
The two index entries of length 0xf0 and 0xd0 are either identical
or appear in the wrong order.
b3 3a 00 00 00 00 c5 00 f0 00 de 00 00 00 00 00  .:..............
ed c6 00 00 00 00 01 00 84 9a 25 41 b4 f8 d1 01  ..........%A....
84 9a 25 41 b4 f8 d1 01 84 9a 25 41 b4 f8 d1 01  ..%A......%A....
84 9a 25 41 b4 f8 d1 01 00 60 00 00 00 00 00 00  ..%A.....`......
d8 5f 00 00 00 00 00 00 20 00 00 00 00 00 00 00  ._...... .......
4e 01 36 00 33 00 37 00 36 00 31 00 65 00 34 00  N.6.3.7.6.1.e.4.
31 00 62 00 34 00 66 00 38 00 64 00 31 00 30 00  1.b.4.f.8.d.1.0.
31 00 37 00 36 00 30 00 37 00 30 00 30 00 30 00  1.7.6.0.7.0.0.0.
30 00 61 00 34 00 30 00 31 00 35 00 34 00 30 00  0.a.4.0.1.5.4.0.
32 00 2e 00 24 00 24 00 5f 00 68 00 65 00 6c 00  2...$.$._.h.e.l.
70 00 5f 00 77 00 69 00 6e 00 64 00 6f 00 77 00  p._.w.i.n.d.o.w.
73 00 5f 00 65 00 6e 00 2d 00 75 00 73 00 5f 00  s._.e.n.-.u.s._.
62 00 35 00 39 00 34 00 39 00 32 00 39 00 65 00  b.5.9.4.9.2.9.e.
37 00 33 00 36 00 36 00 39 00 63 00 35 00 65 00  7.3.6.6.9.c.5.e.
2e 00 63 00 64 00 66 00 2d 00 6d 00 73 00 00 00  ..c.d.f.-.m.s...
66 00 2d 00 6d 00 73 00 2e 00 63 00 64 00 66 00  f.-.m.s...c.d.f.
----------------------------------------------------------------------
d8 5b 00 00 00 00 15 00 d0 00 b4 00 01 00 00 00  .[..............
ed c6 00 00 00 00 01 00 c3 13 d1 6d 61 f9 d1 01  ...........ma...
82 51 50 6f 61 f9 d1 01 82 51 50 6f 61 f9 d1 01  .QPoa....QPoa...
c3 13 d1 6d 61 f9 d1 01 00 10 00 00 00 00 00 00  ...ma...........
2c 02 00 00 00 00 00 00 20 00 00 00 00 00 00 00  ,....... .......
39 01 36 00 32 00 62 00 32 00 63 00 65 00 36 00  9.6.2.b.2.c.e.6.
64 00 36 00 31 00 66 00 39 00 64 00 31 00 30 00  d.6.1.f.9.d.1.0.
31 00 64 00 32 00 30 00 63 00 30 00 30 00 30 00  1.d.2.0.c.0.0.0.
30 00 36 00 30 00 30 00 36 00 39 00 30 00 30 00  0.6.0.0.6.9.0.0.
32 00 2e 00 5f 00 30 00 30 00 30 00 30 00 30 00  2..._.0.0.0.0.0.
30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00  0.0.0.0.0.0.0.0.
30 00 30 00 30 00 2e 00 63 00 64 00 66 00 2d 00  0.0.0...c.d.f.-.
6d 00 73 00 66 00 30 00 81 00 00 00 00 00 00 00  m.s.f.0.........
b3 3a 00 00 00 00 c5 00 78 00 5a 00 01 00 00 00  .:......x.Z.....
Sorting index $I30 in file 50925.
  398690 index entries processed.                                        Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file MSS00047.log (15137) into directory file 425.
Recovering orphaned file MSS.log (15311) into directory file 425.
Recovering orphaned file MSStmp.log (15566) into directory file 425.
Recovering orphaned file 69E682~1.CDF (23429) into directory file 50925.
Recovering orphaned file 69e6826961f9d101610c000060069002.$$_ehome_en-us_1a0f218933093e9c.cdf-ms (23429) into directory 
 
file 50925.
Recovering orphaned file 75DE1A~1.CDF (25926) into directory file 50925.
Recovering orphaned file 75de1a6e61f9d101f60c000060069002.$$_system_4c3aa2308f9f8f41.cdf-ms (25926) into directory file 
 
50925.
Recovering orphaned file FC6E37~1.CDF (25978) into directory file 50925.
Recovering orphaned file fc6e376e61f9d101fa0c000060069002.$$_system32_inetsrv_e6240a381854fe3d.cdf-ms (25978) into 
 
directory file 50925.
Recovering orphaned file FC6E37~2.CDF (26007) into directory file 50925.
Recovering orphaned file fc6e376e61f9d101fb0c000060069002.$$_system32_setup_5d3758a05cf4a445.cdf-ms (26007) into directory 
 
file 50925.
Recovering orphaned file AE8B7D~1.CDF (26656) into directory file 50925.
Recovering orphaned file ae8b7d6f61f9d101140d000060069002.$$_system32_en-us_429cd25484dc6f94.cdf-ms (26656) into directory 
 
file 50925.
Recovering orphaned file 6F4E82~1.CDF (26657) into directory file 50925.
Recovering orphaned file 6f4e826f61f9d101150d000060069002.$$_system32_en-us_licenses_205e682c4ad0fe50.cdf-ms (26657) into 
 
directory file 50925.
  10 unindexed files scanned.                                        Recovering orphaned file B29690~1.CDF (26697) into 
 
directory file 50925.
Recovering orphaned file b296906f61f9d101190d000060069002.$$_system32_mui_dispspec_d93de566344a36d0.cdf-ms (26697) into 
 
directory file 50925.
  0 unindexed files recovered.                                      CHKDSK is verifying security descriptors (stage 3 of 
 
3)...
  312576 file SDs/SIDs processed.                                        Cleaning up 3991 unused index entries from index 
 
$SII of file 0x9.
Cleaning up 3991 unused index entries from index $SDH of file 0x9.
Cleaning up 3991 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Inserting data attribute into file 9615.
Inserting data attribute into file 31109.
Inserting data attribute into file 34730.
  43061 data files processed.                                           CHKDSK is verifying Usn Journal...
The USN value 0x9e666000 of USN Journal entry at offset 0xa2f14000
in file 0x183fe is incorrect.
The USN value 0x9e667000 of USN Journal entry at offset 0xa2f15000
in file 0x183fe is incorrect.
The USN value 0x9e668000 of USN Journal entry at offset 0xa2f16000
in file 0x183fe is incorrect.
The USN value 0x9e66d000 of USN Journal entry at offset 0xa2f1b000
in file 0x183fe is incorrect.
The USN value 0x9e66e000 of USN Journal entry at offset 0xa2f1c000
in file 0x183fe is incorrect.
The USN value 0x9e66f000 of USN Journal entry at offset 0xa2f1d000
in file 0x183fe is incorrect.
The USN value 0x9e670000 of USN Journal entry at offset 0xa2f1e000
in file 0x183fe is incorrect.
The USN value 0x9e671000 of USN Journal entry at offset 0xa2f1f000
in file 0x183fe is incorrect.
Repairing Usn Journal file record segment.
  36081240 USN bytes processed.                                            Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
 965648352 KB total disk space.
  64567340 KB in 187448 files.
    112548 KB in 43061 indexes.
         8 KB in bad sectors.
    444176 KB in use by the system.
     65536 KB occupied by the log file.
 900524280 KB available on disk.
 
      4096 bytes in each allocation unit.
 241412088 total allocation units on disk.
 225131070 allocation units available on disk.
 
Internal Info:
00 c5 04 00 79 84 03 00 dc 53 06 00 00 00 00 00  ....y....S......
c2 06 00 00 4f 00 00 00 00 00 00 00 00 00 00 00  ....O...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
-----------------------------------------------------------------------


#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:43 PM

Posted 19 August 2016 - 03:51 PM

Ok, now run Minitoolbox again, close the browser and run the tool, check the following options:
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
Click on Go.

Post the resulting log in your next reply.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 unimpressed

unimpressed
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 19 August 2016 - 04:12 PM

Thanks for your reply

Attached Files

  • Attached File  MTB.txt   33.3KB   1 downloads


#12 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:43 PM

Posted 20 August 2016 - 09:23 AM

Hi,

Thanks for your reply


I need to see the complete log please don't remove the headers and check only the options I listed above.

From the initial log you are connected at the same time to the same network using wireless and LAN (Ethernet) make sure you disconnect one of the connections, LAN is better for diagnostic purposes.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#13 unimpressed

unimpressed
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 20 August 2016 - 10:10 AM

Sorry I deleted the headers by accident.

 

and i wasnt reading carefully, sorry.

 

 

Attached Files

  • Attached File  MTB.txt   15.59KB   2 downloads


#14 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:03:43 PM

Posted 20 August 2016 - 10:22 AM

This is looking more and more like a host file hijack. Notice Google is redirected but not Yahoo. 



#15 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:43 PM

Posted 20 August 2016 - 10:39 AM

Sorry I deleted the headers by accident.
 
and i wasnt reading carefully, sorry.

 

Thanks for the new log. I would like to confirm if you have installed Proxmate on Firefox?

 

  • Download NetAdapter Repair All In One
  • Execute the program by right clicking the file NetAdapterRepair1.2 and selecting Run as administrator
  • Click the button Advanced Repair and accept the prompt
  • The program should Restart the Computer if not do it manually

 

After the restart run Minitoolbox with the same options as before and post the new log.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users