Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can't connect to internet in normal boot [Solved]


  • This topic is locked This topic is locked
55 replies to this topic

#16 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 06:34 AM

Good job!  Please boot to Safe Mode with Networking and then download and run the tool found here.  This should help you with removing Microsoft Security Essentials.  Let me know how it works for you.  :)


Posted Image
 
 

    Advertisements

Register to Remove


#17 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 26 December 2013 - 10:43 AM

I was able to download Microsoft Fix It.

 

However, when I run it in Safe Mode, I get the following error:

 

The Windows Installer service is not accessible in Safe Mode.  Please try again when your computer is not in safe mode.

 

Now that Microsoft Fix It is on the laptop, should I reboot to normal mode and try and run it?

 

 

 

As a side note that I have not mentioned, during my reboots I have noticed this machine gives a choice of selecting a "Windows 7" boot or a "Windows 7 Loader XE" boot.  I have no idea what the latter is and if it is just another symptom of a sick machine.



#18 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 11:09 AM

ywca7TI.jpg Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

----------


Posted Image
 
 

#19 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 26 December 2013 - 11:24 AM

Here is the FSS log run from Safe Mode with Networking

 

================================================================

 

Farbar Service Scanner Version: 05-12-2013
Ran by Busa (administrator) on 26-12-2013 at 12:21:48
Running from "C:\Users\Busa\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-10 15:41] - [2013-09-13 19:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-10 15:41] - [2013-09-07 21:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 09:22] - [2013-07-08 23:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 14:35] - [2013-05-26 23:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#20 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 11:26 AM

n1eMMmT.jpg  Download  Windows Repair (all in one)  from this site

Install and then run the program.

On the Start Repairs tab click Start
DwysfIW.jpg


When the Repair Options screen populates, be sure to select all items and also check Restart System When Finished.

Now press Start
----------

 

Once complete....run Farbar Service Scanner again and post that log.  Also check and see if you can get online.


Posted Image
 
 

#21 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 26 December 2013 - 02:52 PM

I have run the Windows Repair program.

 

It finished working, reconfigured windows and proceeded to the shut down screen.

 

It has been hung at the "Shutting Down" screen for a long time now.

 

I asked my nephew and he said he has not been able to cleanly shut down for a while and has to use the power button.

 

I will not do that yet until I hear back from you on how to proceed from this state.



#22 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 07:48 PM

Go ahead and let me know if you can boot to Normal Mode at all?


Posted Image
 
 

#23 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 26 December 2013 - 09:18 PM

Here are my observations after a hard power down.

 

1) The computer starts to boot and then gives a choice between booting Windows 7 or Windows 7 XE Loader

 

2) After choosing windows 7, the computer proceeds to boot and then starts to beep about 20 short beeps in a row

 

3) During the boot cycle there was a warning claiming that the windows 7 was a counterfeit copy

 

4) The computer boots finally to normal mode

 

5) It can access the internet

 

6) The background on the desktop is completely black

 

7) I get random pop ups stating "You may be the victim of software counterfeiting"

 

8) The latest FSS Run is below (this was run from normal mode)

 

Farbar Service Scanner Version: 05-12-2013
Ran by Busa (administrator) on 26-12-2013 at 22:15:47
Running from "C:\Users\Busa\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-10 15:41] - [2013-09-13 19:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-10 15:41] - [2013-09-07 21:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 09:22] - [2013-07-08 23:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 14:35] - [2013-05-26 23:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#24 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 07:09 AM

Ok thank you!!  :)
 
n3uobiT.jpg  Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

----------


Posted Image
 
 

#25 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 27 December 2013 - 08:31 AM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\windows.old\users\busa\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
scanner sequence 3.NA.11.DPAPCZ
 ----- EOF -----
 


    Advertisements

Register to Remove


#26 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 09:05 AM

Ok....try to run Windows Update and let me know what happens.  :)


Posted Image
 
 

#27 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 27 December 2013 - 09:19 AM

I will be away from my computer for a few hours so I won't get to this task until later today.

 

Could you let me know how to perform that step?  Do I start that process from the Control Panel?



#28 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 11:31 AM

No problem....just let me know how things go when you get to it.
 
Go to Start >> All Programs >> Windows Update:)


Posted Image
 
 

#29 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 27 December 2013 - 02:32 PM

No problem....just let me know how things go when you get to it.
 
Go to Start >> All Programs >> Windows Update:)

 

when I perform this step, I get the same error message I saw before (I will type is out as it looks on my screen below)

 

 

 

"You may be the victim of software counterfeiting"

 

"To use all Microsoft Windows features, such as all updates from Windows Update; get the latest updates; and receive product support, your copy of Microsoft Windows must be validated as genuine"



#30 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 09:16 AM

Please visit the page here >> http://www.microsoft...validation.aspx and follow the instructions.  Let me know the results.  :)


Posted Image
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users