system
March 24, 2015, 7:25am
1
On Wed night the above occured, then between 9am & 10am the next day, the internet connection was lost / disappeared.
Could the virus, which the Avast dashboard can not display on the dell win8pro 64bit 16gb ram notebook, have caused a delayed stoppage of internet access? (IP configuration reset passes all tests except the PING STATUS test)
Could Avast have shut down internet access to our wifi router for this notebook? I’m using my wifes notebook to type this. We have 3 other devices continuing to work properly with our wifi (this notebook, Epson printer, Kindle HD8.9 tablet).
Thank you
jaykay
Pondus
March 24, 2015, 7:37am
2
to find out, follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs
if you dont have internet connection on that computer, use a USB stick to move program / Logs
to avoid any infection from one computer to another, install MCShield (you may install it on all computers you have)
see here https://forum.avast.com/index.php?topic=53253.0 and scroll down to SPECIFIC INFECTIONS LOGS and download MCShield
it is a install and forget program and will auto scan any removable device when plugged in
Essexboy will then assist you when he is online later today
system
March 24, 2015, 8:58am
3
Hi
Since the core issue is ZERO internet connection, I really cannot go online and download directly into the notebook. More and more downloads send a stub, then link back online to either complete the download, or complete the install.
I will download and try to install what I can on this notebook, copy it to a usb stick and attempt proper install on the Dell notebook with zero internet access.
Plenty of screenshots btw.
FYI
Already on the Dell notebook are Avast, Kaspersky ZDKiller, and Malewarebytes Anti-malware. All 3 found ZERO malicious entities to date.
jaykay
Pondus
March 24, 2015, 9:53am
4
The important logs are the two diagnostic logs from Farbar Recovery Scan Tool … frst.txt and additional.txt
system
March 24, 2015, 10:57am
5
Thanks Pondus & yongsua.
MalewareAM installed nicely. This 2nd round of scanning found 1 unwanted file. It was quarantined and then removed. See screenshots attached.
Tried to open the internet (Firefox v36.0.3) and no improvement (Server Not Found message).
Will move to the next app now.
system
March 24, 2015, 11:42am
6
Step2 Farbar Recovery Scan Tool is completed. Logs attached.
Moving to step 3 now.
system
March 24, 2015, 12:13pm
7
The aswMBR.exe log is attached. Thanks for your support. It is now officially way over my head.
Cheers
After this reboot let me know if the net works
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
FF Homepage: https://www.flickr.com/groups/abctvweather/pool/?rb=1|https://www.flickr.com/groups/yourkew/pool/|https://www.flickr.com/photos/52541858@N04/|https://www.flickr.com/groups/2657102@N21/pool/?rb=1|hxxp://www.friendsofgtmg.com/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
S4 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S4 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
C:\Program Files (x86)\globalUpdate
C:\Users\Jaykay\Convert.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
system
March 24, 2015, 8:31pm
9
Hi Essexboy!
Ran FRST64, rebooted and got something new on the internet open attempt.
Windows Firewall has blocked Firefox. Screenshot attached.
Still no internet.
Place a tick in private networks, apply and then try again. Can IE access the net ?
system
March 25, 2015, 1:33am
11
Unfortunately, no.
I restarted after seeing the attached resulting screens, hoping it would clear and work normally.
Incremental progress though, as the Firefox page appeared - but it leads to nowhere. 2nd screenshot shows the problematic Server Not Found page.
Please download MiniToolBox , save it to your desktop and run it.
https://dl.dropbox.com/u/73555776/minitoolbox.JPG
Checkmark the following checkboxes:
[]Flush DNS
[ ]Report IE Proxy Settings
[]Reset IE Proxy Settings
[ ]Report FF Proxy Settings
[]Reset FF Proxy Settings
[ ]List content of Hosts
[]List IP configuration
[ ]List Winsock Entries
[]List last 10 Event Viewer log
[ ]List Installed Programs
[]List Devices
[ ]List Users, Partitions and Memory size.
[*]List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using “Reset FF Proxy Settings” option Firefox should be closed.
system
March 25, 2015, 8:27pm
13
Morning
Here are the Results.
Hmm I can see an error that needs checking out. Let me know the result of this
To determine whether your computer’s name is correct, at the command prompt, type nbtstat -n , and then press ENTER.
If the computer name is correct, no further user action is required.
If the name is incorrect, try resetting the network adapter.
To verify that the WMI Performance Adapter service is enabled
1.In Control Panel, double-click Network Connections.
2.Double-click WMI Performance Adapter.In Control Panel, double-click Network Connections.
3.On the shortcut menu, click Disable.
4.Right-click the network adapter again, an then click Enable.
system
March 26, 2015, 1:04am
15
Nothing worked.
Screenshot1 is incorrect. I typed nbtstat -n incorrectly.
system
March 26, 2015, 1:11am
16
Here is the Wifi connection to Netgear76 listed at right of screenshot4.
system
March 26, 2015, 1:35am
17
3rd attempt to post this reply…
This screenshot shows full bar connection to our network , yet zero access (Server Not Found).
system
March 26, 2015, 7:18am
18
The correctly spelled nbtstat -n had the attached result (no names).
OK you will need to uninstall and then re-install the network adapter
system
March 27, 2015, 10:46am
20
Hey Essexboy
Completed the uninstall & install but no improvement achieved. Still the Server Not Found error message.
Short of that, all looks correct.???