This topic is lockedGood job! Please boot to Safe Mode with Networking and then download and run the tool found here. This should help you with removing Microsoft Security Essentials. Let me know how it works for you. 
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Can't connect to internet in normal boot [Solved]
Started by
maldini
, Dec 20 2013 09:20 PM
55 replies to this topic
#16
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 26 December 2013 - 06:34 AM
Register to Remove
#17
maldini
-
- Authentic Member
-
- 214 posts
Authentic Member
Posted 26 December 2013 - 10:43 AM
I was able to download Microsoft Fix It.
However, when I run it in Safe Mode, I get the following error:
The Windows Installer service is not accessible in Safe Mode. Please try again when your computer is not in safe mode.
Now that Microsoft Fix It is on the laptop, should I reboot to normal mode and try and run it?
As a side note that I have not mentioned, during my reboots I have noticed this machine gives a choice of selecting a "Windows 7" boot or a "Windows 7 Loader XE" boot. I have no idea what the latter is and if it is just another symptom of a sick machine.
#18
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 26 December 2013 - 11:09 AM
Please download Farbar Service Scanner and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
----------
#19
maldini
-
- Authentic Member
-
- 214 posts
Authentic Member
Posted 26 December 2013 - 11:24 AM
Here is the FSS log run from Safe Mode with Networking
================================================================
Farbar Service Scanner Version: 05-12-2013
Ran by Busa (administrator) on 26-12-2013 at 12:21:48
Running from "C:\Users\Busa\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Network
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-10 15:41] - [2013-09-13 19:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-10 15:41] - [2013-09-07 21:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 09:22] - [2013-07-08 23:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 14:35] - [2013-05-26 23:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
#20
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 26 December 2013 - 11:26 AM
Download Windows Repair (all in one) from this site
Install and then run the program.
On the Start Repairs tab click Start 
When the Repair Options screen populates, be sure to select all items and also check Restart System When Finished.
Now press Start
----------
Once complete....run Farbar Service Scanner again and post that log. Also check and see if you can get online.
#21
maldini
-
- Authentic Member
-
- 214 posts
Authentic Member
Posted 26 December 2013 - 02:52 PM
I have run the Windows Repair program.
It finished working, reconfigured windows and proceeded to the shut down screen.
It has been hung at the "Shutting Down" screen for a long time now.
I asked my nephew and he said he has not been able to cleanly shut down for a while and has to use the power button.
I will not do that yet until I hear back from you on how to proceed from this state.
#22
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 26 December 2013 - 07:48 PM
Go ahead and let me know if you can boot to Normal Mode at all?
#23
maldini
-
- Authentic Member
-
- 214 posts
Authentic Member
Posted 26 December 2013 - 09:18 PM
Here are my observations after a hard power down.
1) The computer starts to boot and then gives a choice between booting Windows 7 or Windows 7 XE Loader
2) After choosing windows 7, the computer proceeds to boot and then starts to beep about 20 short beeps in a row
3) During the boot cycle there was a warning claiming that the windows 7 was a counterfeit copy
4) The computer boots finally to normal mode
5) It can access the internet
6) The background on the desktop is completely black
7) I get random pop ups stating "You may be the victim of software counterfeiting"
8) The latest FSS Run is below (this was run from normal mode)
Farbar Service Scanner Version: 05-12-2013
Ran by Busa (administrator) on 26-12-2013 at 22:15:47
Running from "C:\Users\Busa\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-10 15:41] - [2013-09-13 19:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-10 15:41] - [2013-09-07 21:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 09:22] - [2013-07-08 23:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 14:35] - [2013-05-26 23:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
#24
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 27 December 2013 - 07:09 AM
Ok thank you!!
Download CKScanner by askey127 from Here & save it to your Desktop.
- Right-click and Run as Administrator CKScanner.exe then click Search For Files
- When the cursor hourglass disappears, click Save List To File
- A message box will verify the file saved
- Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------
#25
maldini
-
- Authentic Member
-
- 214 posts
Authentic Member
Posted 27 December 2013 - 08:31 AM
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\windows.old\users\busa\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
scanner sequence 3.NA.11.DPAPCZ
----- EOF -----
Register to Remove
#26
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 27 December 2013 - 09:05 AM
Ok....try to run Windows Update and let me know what happens.
#27
maldini
-
- Authentic Member
-
- 214 posts
Authentic Member
Posted 27 December 2013 - 09:19 AM
I will be away from my computer for a few hours so I won't get to this task until later today.
Could you let me know how to perform that step? Do I start that process from the Control Panel?
#28
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 27 December 2013 - 11:31 AM
No problem....just let me know how things go when you get to it.
Go to Start >> All Programs >> Windows Update.
#29
maldini
-
- Authentic Member
-
- 214 posts
Authentic Member
Posted 27 December 2013 - 02:32 PM
No problem....just let me know how things go when you get to it.
Go to Start >> All Programs >> Windows Update.
when I perform this step, I get the same error message I saw before (I will type is out as it looks on my screen below)
"You may be the victim of software counterfeiting"
"To use all Microsoft Windows features, such as all updates from Windows Update; get the latest updates; and receive product support, your copy of Microsoft Windows must be validated as genuine"
#30
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 28 December 2013 - 09:16 AM
Please visit the page here >> http://www.microsoft...validation.aspx and follow the instructions. Let me know the results.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
