Connection Problem On Laptop

Hello,

I have a laptop running windows 7 64-bit. It was off the internet over the weekend when I replaced my modem. Now I can't get it to connect. My desktop on the same network connects correctly and so I took the laptop to a different wifi location and had the same connection problems. It also has the same problem when hardwire connected to the same router.

When I open firefox to google, I get a message,

Your connection is not secure

The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Under Advanced,

www.google.com uses an invalid security certificate

This certificate is only valid for the following names,
register.be.xfinity.com, register.xfinity.com

the error code is SSL_ERROR_BAD_CERT_DOMAIN

I think the issue is that the domain name and certificate name don't match. It's almost like it's looking for the google certificate and finding an xfinity certificate. I can post the certificate if that would help.

I have also had a strange situation where there is a popup over the network icon in the toolbar that says something like, "additional steps may be required to connect, click to open your browser". If I click, I am taken to what looks like an xfinity login page and says something like that I have to login to xfinity to connect to the internet. I have never seen anything like this before. This computer has operated on this local network for many years.

I have seen certificate issues like this when there was a problem with the clock, or something like that, but I checked the date, time, and timezone and they are correct.

I decided to run the malware scans and have attached the logs. There were a few things from the scanners. I did the cleaning for AdwCleaner and Malwarebytes as the instructions specify. This did not affect the connection problem. The RogueKiller log seemed to indicate an issue with the DNS server and listed something like 10.150.0.10 and 10.150.0.11 as the address for the DNS servers. I don't recognize those IPs as any DNS server I am familiar with. I could set the DNS servers manually but I decided to wait until I heard from you folks.

The attached .zip has the logs for,
AdwCleaner
Malwarebytes
RogueKiller
MGtools

HitManPro did not run. I think it needs internet access to work and I don't have that at the momnet. Please let me know if you need any additional information.

LMHmedchem

 

I removed the 4 DNS addresses and also the explorer show my games entries. Reboot took forever with the "Welcome" and spinning circle.

This does not fix the connection issue. I changed my home page from https://www.google.com to http://www.google.com to see if I could connect to a site that did not use a certificate. The results are odd, instead of going to www.google.com, I am taken to https://register.be.xfinity.com/activate, which appears to be a page to activate your xfinity equipment or something like that.

My xfinity equipment has been activated and is working. I am using the same local network now to make this post. Also, the same thing happened when I took the laptop to connect to a public wifi network near where I live. I am using a hardwired connection to the LAN for my testing to rule out wifi issues.

How/why would xfinity be hijacking my connection to google, or is something else happening?

In my firewall logs, I have blocked connection attempts from this laptop to,

Code:

68.87.34.82:1270 TCP
162.150.57.240:1270 TCP
96.114.156.242:1270 TCP
96.114.156.242:3554 UDP

These are all Comcast IP addresses. Port 1270 is for the Microsoft MOM agent, so I don't know why that would be making a connection to a Comcast IP and not a Microsoft IP. UDP port 3554 is listed as the Quest Notification Server, so I have no idea what that would be. I have used this computer on this network for many years with the rules I have in place, so I have no idea why I would need to add new rules to be able to connect. I always try to pay attention when a computer suddenly needs to work differently as I believe that to be a symptom of infection. If I add a rule to allow TCP connections to port 1270 that does not affect the issue.

LMHmedchem

 

Thanks,

Manually setting the DNS server to openDNS has fixed the connection issue.

I had to make this change for the LAN, for the wireless network, and also for the hardware network adapter. I am not completely sure that everything is fixed but it seems to be working for now. I have no idea why this was necessary after having used the equipment for a long time.

I did find some other posts on this issue,
https://www.dailykos.com/stories/2015/10/28/1441984/-Is-Xfinity-Wifi-signup-hijacking-your-browser
https://discussions.apple.com/thread/7079847

LMHmedchedm