# Connected but can't browse



## Xizzaar (Dec 16, 2014)

I am writing this on behalf of my friend.

Basically my friend's computer just came back from repairs but for some reason his internet doesn't work at all on his PC.

He has a connection and i'm speaking to him on skype this very second but he is unable to browse the web and programs like steam and dropbox have no connection.

When he tries to use Chrome he get's this message:
DNS_PROBE_FINISHED_NXDOMAIN

He has tried:
1. going into cmd and typing "netsh int ip reset resetlog.txt"
2. doing a full factory reset to his router
3. using 8.8.8.8 and 8.8.4.4 as DNS server
4. disabling proxy server
and rebooting the computer after every one of them

And this only seems to happen with his PC, which worked before it got sent to repairs(for GPU problems). He can browse on his phone just fine.

Any other solutions would be greatly appreciated.


----------



## johnb35 (Dec 16, 2014)

Using wireless or Ethernet cable?  Have him reinstall the driver for whatever he is using.  Use device manager, right click on the device and click on uninstall, reboot pc and let windows reinstall.  Also check tcp/ip settings for automatically get IP and dns servers are checked.


----------



## Xizzaar (Dec 17, 2014)

johnb35 said:


> Using wireless or Ethernet cable?  Have him reinstall the driver for whatever he is using.  Use device manager, right click on the device and click on uninstall, reboot pc and let windows reinstall.  Also check tcp/ip settings for automatically get IP and dns servers are checked.



He's using a cable and has tried different slots on the router. I'll have him try those things tomorrow and leave an update with the progress.


----------



## Xizzaar (Dec 17, 2014)

So he reinstalled the drivers but the problems remain.


----------



## Okedokey (Dec 17, 2014)

flush the domain name system cache


----------



## Geoff (Dec 17, 2014)

Open up Command Prompt and ping www.google.com, what do you get for a reply?  Then ping 8.8.8.8 and let us know what you get.


----------



## Xizzaar (Dec 17, 2014)

Okedokey said:


> flush the domain name system cache



He's done it several times.


----------



## Xizzaar (Dec 17, 2014)

Geoff said:


> Open up Command Prompt and ping www.google.com, what do you get for a reply?  Then ping 8.8.8.8 and let us know what you get.



After pinging www.google.com (roughly translated from portuguese):
ping request not located in host www. Google.com, check the name and try again

After pinging 8.8.8.8:
Sent: 4
Received: 4
Lost: 0
Time: minimum: 13ms maximum: 17ms average: 14ms

EDIT: From all 4 sent the TTL in each is 57


----------



## Geoff (Dec 17, 2014)

Xizzaar said:


> After pinging www.google.com (roughly translated from portuguese):
> ping request not located in host www. Google.com, check the name and try again
> 
> After pinging 8.8.8.8:
> ...


I just wanted to confirm it was a DNS issue and not a browser issue.

Is there any way for him to test using a different router and internet connection?  Either with a public hotspot nearby or using your phone as a hotspot?


----------



## Xizzaar (Dec 17, 2014)

Geoff said:


> Is there any way for him to test using a different router and internet connection?  Either with a public hotspot nearby or using your phone as a hotspot?



Unfortunately not :/


----------



## Okedokey (Dec 17, 2014)

Open Network and Sharing Center.
Click “Change Adapter Settings”.
Find Network Connection that is used to connect to internet (either “Local
Area Connection” or “Wireless Connection”), right-click on it and click
Properties.
Now in new windows select “Internet Protocol 4 (TCP/IPv4)” and click
Properties button.
In the new window click the checkbox for “Use the following DNS server
addresses:”
Type in 8.8.8.8 and 8.8.4.4
Click Ok and close the rest of the windows.


----------



## beers (Dec 18, 2014)

y u no read OP


----------



## Okedokey (Dec 18, 2014)

Don't see where he confirmed he ensured the right adaptor was checked, nor clearing the DNS.


----------



## Agent Smith (Dec 18, 2014)

Try this exactly as it says. http://www.windows-secrets.co.uk/2013/08/repair-the-windows-87vista-tcpip-stack/

netsh int ip reset resetlog.txt is only one command.

Is there an anti-virus or software based firewall installed?

Try another browser like Firefox or Cyberfox. Scan the computer with ADwcleaner just to rule PUPs out. I would even try malwarebytes.

You can try windows repair all in one out which has many useful features. http://www.tweaking.com/content/page/windows_repair_all_in_one.html

If all else fails you can try a repair install with windows. What OS are you using?


----------



## Xizzaar (Dec 18, 2014)

Okedokey said:


> Open Network and Sharing Center.
> Click “Change Adapter Settings”.
> Find Network Connection that is used to connect to internet (either “Local
> Area Connection” or “Wireless Connection”), right-click on it and click
> ...



As i mentioned, he's already tried this.


----------



## Xizzaar (Dec 18, 2014)

Agent Smith said:


> Try this exactly as it says. http://www.windows-secrets.co.uk/2013/08/repair-the-windows-87vista-tcpip-stack/
> 
> netsh int ip reset resetlog.txt is only one command.
> 
> ...



He's tried a number of different commands like that one.
He scanned the computer yesterday and found nothing.
I doubt another browser would work as programs that require updates like steam won't even work for him.

I'll tell him to try windows repair, he's not online atm so i can't ask him but i think he's got Win 7 64bit.


----------



## Geoff (Dec 18, 2014)

A new browser won't work, as we identified by trying to ping using a hostname and IP.  The IP works, the hostname does not.  It's a DNS problem, not a browser problem.

Just humor us, have him go to Network Connections > Right click on his network card > Properties, and tell us what it says for DNS.


----------



## Xizzaar (Dec 18, 2014)

Geoff said:


> Just humor us, have him go to Network Connections > Right click on his network card > Properties, and tell us what it says for DNS.



Forgive my ignorance but where do i find the DNS-part of this?
I'm assuming it's in the IPv4 properties?


----------



## Geoff (Dec 18, 2014)

Xizzaar said:


> Forgive my ignorance but where do i find the DNS-part of this?
> I'm assuming it's in the IPv4 properties?








Click on details when on this screen


----------



## johnb35 (Dec 18, 2014)

The system still could be infected.  There are some infections out there that can cause this sort of issue.  Zero access comes to mind.  What virus/malware programs  have you used to scan your system?


----------



## Xizzaar (Dec 18, 2014)

johnb35 said:


> The system still could be infected.  There are some infections out there that can cause this sort of issue.  Zero access comes to mind.  What virus/malware programs  have you used to scan your system?



He's used whatever program comes with windows as well as ADwcleaner and he's going to try Malwarebytes in a few minutes but so far nothing bad has popped up.


----------



## Xizzaar (Dec 18, 2014)

Geoff said:


> Click on details when on this screen



I would tell him to print screen it for you but only problem is, his computer is in portuguese and he doesn't have the english language pack installed.


----------



## Geoff (Dec 18, 2014)

Xizzaar said:


> I would tell him to print screen it for you but only problem is, his computer is in portuguese and he doesn't have the english language pack installed.


That's fine, the information would be an IP address so language doesn't matter.


----------



## johnb35 (Dec 18, 2014)

I would suggest he create an account here so I can help him run some specific programs and he can post the logs.  If Zero Access is involved then he would have to run TDSSkiller and Combofix and other programs.  Sometimes the only way to really get rid of Zero Access is to format and reinstall windows.  There is about a 50/50 chance to actually get it removed totally.


----------



## Xizzaar (Dec 18, 2014)

Geoff said:


> Just humor us, have him go to Network Connections > Right click on his network card > Properties, and tell us what it says for DNS.



I'm assuming this is the info you wanted:

DNS IPv4-address: 192.168.1.254
DNS IPv6-address: blank
(roughly translated)Connection Specific DNS Suffix: LAN



johnb35 said:


> I would suggest he create an account here so I can help him run some specific programs and he can post the logs.  If Zero Access is involved then he would have to run TDSSkiller and Combofix and other programs.  Sometimes the only way to really get rid of Zero Access is to format and reinstall windows.  There is about a 50/50 chance to actually get it removed totally.



I told him to make an account and he said he'll try tomorrow(he can only do it from his phone).


----------



## Geoff (Dec 19, 2014)

Xizzaar said:


> I'm assuming this is the info you wanted:
> 
> DNS IPv4-address: 192.168.1.254
> DNS IPv6-address: blank
> ...


Earlier you told us he set the DNS to 8.8.8.8, clearly he didn't.  Have him try that and let us know.  Is 192.168.1.254 his router?  If not, what device is that?



Xizzaar said:


> As i mentioned, he's already tried this.


----------



## johnb35 (Dec 19, 2014)

Geoff said:


> Is 192.168.1.254 his router?  If not, what device is that?



That is usually ATT's modem/router internal IP address.


----------



## Xizzaar (Dec 19, 2014)

Geoff said:


> Earlier you told us he set the DNS to 8.8.8.8, clearly he didn't.  Have him try that and let us know.  Is 192.168.1.254 his router?  If not, what device is that?



I'm pretty sure that's his router's IP but after he changed it to 8.8.8.8 like i mentioned earlier and it didn't work he changed back to the default setting.


----------



## johnb35 (Dec 19, 2014)

Have him download and run these 2 programs and get me the logs somehow.

1.

Please download and run TDSSkiller

When the program opens, Click on change parameters.  Put a check next to detect tdlfs file system, click ok.


click on the start scan button.






TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.






Please reboot the system if asked to do so. 

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example,  C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt  

Please open the log and copy and paste it back here.

2.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.




We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  


If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine. 


In your next reply please post:

The TDSSkiller log
The ComboFix log


----------



## Xizzaar (Dec 19, 2014)

I actually sent those programs to him earlier today, along with some other programs and a step-by-step tutorial on how to work them all so he'll probably do all that tomorrow.

I'll tell you what happens.


----------



## Xizzaar (Dec 20, 2014)

Here are the logs.

TDSSKiller Log

ComboFix Log

And none of them found anything.


----------



## voyagerfan99 (Dec 20, 2014)

If they're too long, post them in chunks.


----------



## johnb35 (Dec 20, 2014)

There is a bad driver running.  Please do the following.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box


```
Driver::

X6va012
```


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Also run an OTL scan and post the log. 

Download *OTL* to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.  Just post the OTL.txt file in your reply.


----------



## Xizzaar (Dec 20, 2014)

ComboFix Log

OTD Log


----------



## johnb35 (Dec 22, 2014)

Try using Internet Explorer and see if it works.  If it does then its a chrome issue.  Uninstall chrome and reinstall it should fix it.


----------



## Xizzaar (Dec 22, 2014)

johnb35 said:


> Try using Internet Explorer and see if it works.  If it does then its a chrome issue.  Uninstall chrome and reinstall it should fix it.



Well, he's already tried starting IE, but again, it affects things like steam or even minecraft as well.
Basically he can't connect to any server what so ever, it's a miracle he can even connect to skype.


----------



## johnb35 (Dec 22, 2014)

Looks like a reinstall of windows is in order.  You could do a test install on a blank hard drive if there is one laying around just to test.  It's either a pc issue or a router issue.  I've seen issues like this but it was a router issue with that particular pc.  Ended up replacing the router to fix.


----------



## C4C (Dec 22, 2014)

It could be your modem. I know that's my issue right now and I have to reset it weekly..


----------



## Agent Smith (Dec 23, 2014)

Before you do the complete nuke option I would use that Tweak program I mentioned  and rebuild the TCP/IP stack. If that still doesn't work and I would then try a Windows repair install. What OS is he using?


----------

