Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win Def Offline - no access to results, no log created

13 Nov 2015   #51
UberGoober

Windows 7 Pro 64 bit
 
 

Back to purple.
Quote   Quote: Originally Posted by UsernameIssues View Post
Thank you for taking the time to write that out again. I somehow missed your post #28 on page 3 where you give similar details. I have never used DBAN. My cure for persistent infections is buying a new hard drive. Because folks give me "broken" computers in exchange for wiping the drives, I have used 7 SATA drives I knew to be clean.

I need to try the BIOS password clearer you linked to. I have the HP BIOS downloaded on a clean computer to a new flash drive. However, I've run across PowerShell XML scripts that appear to force reboot as soon as you attempt to flash BIOS with a shocking error message screen right before it restarts. They simply rewrite the BIOS to their stored settings, as shown in this screen shot..

Win Def Offline - no access to results, no log created-wmibios_inf.png

It is odd that you have to log into this forum multiple times to make a post. It is a redirection in an attempt to key-log my password. So far my copy post, sign out, close Firefox, open Firefox, sign in, paste post strategy has worked.

re: post #28:
The "DO" in the URL is normal.


I'm not sure what the "X:\V::" could be or where the XP OS is coming from. Let's see if Jacee or other forum members know of tools that might wipe the drive better. That would be wonderful! In the meantime, I need to work on clearing out the substitute BIOS and my cable modem (no router). I'm working through your posts as I have time.
REALLY, REALLY appreciate your help, UNI! UG




My System SpecsSystem Spec
.
14 Nov 2015   #52
UberGoober

Windows 7 Pro 64 bit
 
 

Adding to my post #51

UNI, I tried clearing the BIOS/CMOS using Method 2 here as you recommended in your post#46. I've tried the other 2 ways numerous times without success.

Failing to enter the Setup Password 3 times did not give me the code I needed (surprise,surprise - NOT!). The PC simply proceeded to boot successfully (for the baddies, I guess).

Could we take the info in that "WMIBIOS.inf" Notepad document and do anything with it to clear BIOS? I notice an entry for "hpqBIOSPasswordValue" and "HPBIOSUser". What about that security code at the end?

Thanks, UNI, for any insight you might have.

My System SpecsSystem Spec
14 Nov 2015   #53
UsernameIssues

W7 Pro SP1 64bit
 
 

Maybe I'm not understanding what you are saying:
You mentioned running across PowerShell XML scripts and then you show a WMIBIOS.inf file opened in notepad. The contents of that INF file are not in the XML format* and the contents do not form a PowerShell script**. The INF file might be used by a PowerShell script, but the file itself is not a script. Think of that file as an answer file. Something that is used to tell a generic app info that it needs to do a specific series of tasks.


*Scroll down a bit for the sample XML file.
https://technet.microsoft.com/en-us/...=sql.105).aspx

** Scan this website for sample PowerShell scripts:
https://technet.microsoft.com/en-us/.../hh551144.aspx


The WMIBIOS.inf file seems to be for a 32bit app. Maybe that is not a problem or maybe you need a WMIBIOS.inf file that has the answers for a 64bit BIOS update app. I'm just guessing at this point - since the BIOS update app just reboots the computer without updating BIOS. I would not know how to make use of any of the info in that WMIBIOS.inf file - other than to use if with the app that it was written for.


If you cannot get a Windows based app to update BIOS, can you find a BIOS update app/tool on the HP website that works with Linux? If so, then maybe you could boot to a Linux CD and update BIOS from there.
My System SpecsSystem Spec
.

15 Nov 2015   #54
UberGoober

Windows 7 Pro 64 bit
 
 

Thanks for more good info, UNI.

Quote   Quote: Originally Posted by UsernameIssues View Post
Maybe I'm not understanding what you are saying:
You mentioned running across PowerShell XML scripts and then you show a WMIBIOS.inf file opened in notepad. I might be using the nomenclature incorrectly. Also, XMLs try to open in IE and thee page remains blank. For some reason I was able to right click the file and "Open with" Notepad - better than nothing. I'll try to reinstall PowerShell under my user account and see if I can show you some of the XMLs. The contents of that INF file are not in the XML format* and the contents do not form a PowerShell script**. The INF file might be used by a PowerShell script, but the file itself is not a script. Think of that file as an answer file. Something that is used to tell a generic app info that it needs to do a specific series of tasks. That makes sense to me despite my ignorance of any kind of coding/scripting/command line syntax (I can copy & paste!), etc.

Looking closely at the 3rd line of WMIBIOS.inf, who do you suppose our friend Minh might be?


*Scroll down a bit for the sample XML file.
https://technet.microsoft.com/en-us/...=sql.105).aspx

** Scan this website for sample PowerShell scripts:
https://technet.microsoft.com/en-us/.../hh551144.aspx


The WMIBIOS.inf file seems to be for a 32bit app. Wouldn't that make sense if SYSTEM is really within the XP installation on the virtual drive? Maybe that is not a problem or maybe you need a WMIBIOS.inf file that has the answers for a 64bit BIOS update app. I'm just guessing at this point - since the BIOS update app just reboots the computer without updating BIOS. I would not know how to make use of any of the info in that WMIBIOS.inf file - other than to use if with the app that it was written for. Am I right that those long alphanumerics in {} are registry keys? I don't mind fooling around in the registry since this has become a junk PC anyhow, it appears.


If you cannot get a Windows based app to update BIOS, can you find a BIOS update app/tool on the HP website that works with Linux? If so, then maybe you could boot to a Linux CD and update BIOS from there. I have tried booting from Ubuntu 14 CD. The W7 install screen comes up !
Going to do some tasks - back when I've got the info.

Thanks again,UNI
My System SpecsSystem Spec
15 Nov 2015   #55
UsernameIssues

W7 Pro SP1 64bit
 
 

You can manually open notepad...
...set it to wrap text (Format > Word Wrap)
...drag/drop any file that you want into notepad.

If you happen to drag/drop an EXE or DLL file into notepad, ignore the gibberish and scroll thru to read any plain text that there might be. I've found command line switches by doing that. If the file won't open because it is in use by another process, opening a copy of the file of interest sometimes helps (e.g. C:\Windows\Logs\CBS\CBS.log). If the file is too big for notepad, Wordpad might be able to handle it. I've opened 1GB+ text CBS log files in WordPad.


Minh works for HP in some capacity. That line is a changelog.


The alphanumeric items within those brackets are WmiClassGUID. You can read about them in this MS Word doc:
download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/wmi_security.doc Skip to pages 7 and 8.

You mentioned the registry. I think that you were thinking of a Class-GUID. The WmiClassGUID that you see in that INF file are longer than a Class-GUID. You can read about Class-GUIDs here: https://technet.microsoft.com/en-us/.../cc957340.aspx


If you can run a 64bit app, then you are on a 64bit OS. XP can be 64bit too.


To boot to a Linux CD, bring up the boot options menu. For HP, you repeatedly tap F9 during a reboot or force the menu by incorrectly powering down the computer.
My System SpecsSystem Spec
15 Nov 2015   #56
UberGoober

Windows 7 Pro 64 bit
 
 

BEEPASQUILLRAOOOOOBEEP! ALARM! SYNAPSE OVERLOAD! SHUT DOWN UBERGOOBER'S BRAIN IMMEDIATELY TO PREVENT FATAL ERROR!

I'm going to explore what you provided over the next 2 or 3 days, UNI.


Quote   Quote: Originally Posted by UsernameIssues View Post
You can manually open notepad...
...set it to wrap text (Format > Word Wrap)
...drag/drop any file that you want into notepad.

If you happen to drag/drop an EXE or DLL file into notepad (Didn't know you could do that!), ignore the gibberish and scroll thru to read any plain text that there might be. I've found command line switches by doing that (if I do, might you be willing to help me interpret them?). If the file won't open because it is in use by another process, opening a copy of the file of interest sometimes helps (e.g. C:\Windows\Logs\CBS\CBS.log). If the file is too big for notepad, Wordpad might be able to handle it. I've opened 1GB+ text CBS log files in WordPad.


Minh works for HP in some capacity. That line is a changelog.


The alphanumeric items within those brackets are WmiClassGUID. You can read about them in this MS Word doc:
download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/wmi_security.doc Skip to pages 7 and 8.

You mentioned the registry. I think that you were thinking of a Class-GUID. The WmiClassGUID that you see in that INF file are longer than a Class-GUID. You can read about Class-GUIDs here: https://technet.microsoft.com/en-us/.../cc957340.aspx


If you can run a 64bit app, then you are on a 64bit OS. XP can be 64bit too.


To boot to a Linux CD, bring up the boot options menu. Ubuntu CD asked for "any key to boot from CD", which I did. F9 still works, too. I have CD/USB/HDD order just in hopes I'll always be able to boot from something. I'm talking about the problem mentioned in posts 28 and 49 where W2000, XPHome & Vista install CD's just trigger loading of the malware's version Of W7. Did it to Ubuntu, too. For HP, you repeatedly tap F9 during a reboot or force the menu by incorrectly powering down the computer.
Gonna get some brain food! Thanks again, UNI. UG
My System SpecsSystem Spec
24 Nov 2015   #57
UberGoober

Windows 7 Pro 64 bit
 
 

So sorry to have left this hanging, UNI. Had a health problem.

Wanted to provide these attachments for folks who might be figuring out whether they have this malware or not. If you have the time and inclination, please look them over and let us know of any ideas they spark.

Again, I thank you very much for all the time and effort you put in to helping me. UG

usbinfcopy.txt

Win Def Offline - no access to results, no log created-remoteserverbitsini.png

Win Def Offline - no access to results, no log created-badrootcert.png

Win Def Offline - no access to results, no log created-badcert.png

Win Def Offline - no access to results, no log created-forbiddenschema.png

Win Def Offline - no access to results, no log created-schema.png

Win Def Offline - no access to results, no log created-schema2.png

Win Def Offline - no access to results, no log created-schema3.png


My System SpecsSystem Spec
24 Nov 2015   #58
UsernameIssues

W7 Pro SP1 64bit
 
 

I see nothing wrong with the usbinfcopy text file that you attached and the file that you show via Notepad is normal. The remote server being talked about there is a Windows Update server. A server that sends you OS patches.

I'm not sure what you are attempting to convey with the other screenshots. You will need to provide some context of how you got the them.
My System SpecsSystem Spec
24 Nov 2015   #59
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

ixquick is a 'proxy' search page ... https://en.wikipedia.org/wiki/Ixquick

Quote:
Ixquick.com is not safe to use. As a matter of fact, it is a malicious website that pretends to be a real search website but actually it aims to promote advertisements and its associate websites by redirecting users to where they want. Apart from that, this website may also collect some sensitive data while you are using it.
More here: How to Remove Ixquick.com Redirect (Ixquick.com Search Hijacking Removal Guide)- AnviSoft
Don't install anything. Follow manual instructions
My System SpecsSystem Spec
Reply

 Win Def Offline - no access to results, no log created




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
failed to sync offline file - access denied
Hi, seems like my case is quite different..offline status = offline (need to sync), i try to sync again but getting error = "access is denied"
Network & Sharing
Created Partition on Hard Drive but now cannot access rest of HDD
Hello all, I have a WD 750GB GB 2.5-INCH 5400 RPM SATA II HDD that I recently installed on my computer. When I attempted to do a clean install of windows, the windows setup could not find any drives. I formatted the HDD and created a primary partition. I admit I was rushing, and I clicked the...
Hardware & Devices
Cannot access Win 7 OS asking for P/W that I never created!
On my dual boot system while trying to get into SAFE MODE in 7-64 I made the mistake of hitting F-8 repeatedly. Now I get a screen with my name on it in the center and it's asking for a P/W. When I built the machine I never entered one because I am the only user. I have tried all the P/W that I...
General Discussion
Results of Windows Defender Offline Full Scan
Results of the Windows Defender Offline Full Scan: Trojan:Win32/Dynamer!dtc Severe Active Remove Exploit:Java/CVE-2012-1723.AQT Severe Active Remove Trojan:Win32/Alureon Severe Active Remove Providing the above per gregrocker in the...
System Security
Windows defender offline scan results problem
While using Windows Defender Offline (WDO) scans show that it detects some sort of virus. The problem is at the end of scan it doesn't allow me to review or remove the virus. I need Help.
System Security
Unable to access desktop a new one is created
Today when I loaded windows 7 I clicked on my account and after a slight delay a message appeared "preparing your desktop". When it appeared it was a new desktop and a message on the task bar stated "you can not access you files and folders". I have followed a few steps about unlocking locked...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:41.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App