Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suddenly my genuine Windows is showing up as NOT Genuine


  • Please log in to reply
32 replies to this topic

#1 Scott E.

Scott E.

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 15 December 2012 - 10:58 PM

Hello and thanks in advance to whoever can help me.

A couple of days ago I was downloading some video files and since I wasn't paying attention I clicked an .exe instead of a video file. I know this makes me the idiot, but I have beaten myself up over it for a while and cannot fix this myself so I am now humbly coming forward with my idiocy to get my Toshiba Qosmio back up and health. So here's the deal:

I got the popup that I wasn't running a genuine copy of Windows 7 64 bit Pro (which I am...came from the factory). Tried to resolve it online and the only answer I got was to buy another copy of Windows, which I don't really want to do. Then I tried to run Windows Update and I get random error codes as to why I can't. I tried a system restore and got a message that there is an error on my hard drive, to run chkdsk. Tried that, nothing. Even when Windows rebooted it wouldn't let me. So then I boot towards the safe mode menu and see an option for Windows Repair, choose that and click on system restore. I pick a restore point a week or so ago and try to restore. Negative. Got a message that not only could it not restore but now that restore point was damaged (hooray). Tried rebooting to that screen and all I get is black: pointer works with touch pad but not mouse. Tried booting into safe mode and I couldn't get explorer.exe to run and had no icons. Then rebooted to Last Known Good Configuration which is where I am now.

Another thing...every time I start IE (I have to use it for school) or Firefox I get a popup message at the bottom of my screen saying that the temp log file is corrupt and to run chkdsk (see above for how that goes). It may or may not be related to this issue as well.

Ran Malwarebytes but all it came up with was a false positive (I have the log ready to send anyway).

I don't know if my problems are related to my stupid pro-click of what was obviously a malicious file or not, but it seems that everything started going to bleep around that point.

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:43 PM

Posted 16 December 2012 - 05:19 AM

From Microsoft .............

Check your validation status by going to http://www.microsoft.com/genuine/validate

If that fails, go to the diagnostics page at http://www.microsoft.com/genuine/diag and see what it has to say.

#3 Scott E.

Scott E.
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 16 December 2012 - 08:51 AM

From Microsoft .............

Check your validation status by going to http://www.microsoft.com/genuine/validate

If that fails, go to the diagnostics page at http://www.microsoft.com/genuine/diag and see what it has to say.


The Validation page came back with "Files that Windows needs to work properly have been modified, removed, or disabled. To resolve, you need to install genuine Windows. Not to worry, we can help you with that."

The diagnostics page said all the tests passed.

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:43 PM

Posted 16 December 2012 - 02:52 PM

To resolve, you need to install genuine Windows. Not to worry, we can help you with that."

Hi -
I am not 100% sure what that means, but were you offered options to resolve the situation ??

Personally I would start with a sfc /scannow check to see if it replaces any corrupted files -
Go - Start > Programs > Accessories> Find Command Prompt and Right click on it > Select Run as Admin > Type sfc /scannow and press Enter -
Note the space between C and / this is important - You may be able to find and replace any missing files that way -
This should only take about 15 minutes to complete, and should tell you of any problem files -

Thank You -
P.S. I ran the same scans first prior to posting them to you, but mine passed both areas -

#5 Scott E.

Scott E.
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 16 December 2012 - 03:19 PM

To resolve, you need to install genuine Windows. Not to worry, we can help you with that."

Hi -
I am not 100% sure what that means, but were you offered options to resolve the situation ??


Yes...to purchase a new copy of Windows from Microsoft. Seriously, that was their "help" with the situation.

Personally I would start with a sfc /scannow check to see if it replaces any corrupted files -
Go - Start > Programs > Accessories> Find Command Prompt and Right click on it > Select Run as Admin > Type sfc /scannow and press Enter -
Note the space between C and / this is important - You may be able to find and replace any missing files that way -
This should only take about 15 minutes to complete, and should tell you of any problem files -

Thank You -
P.S. I ran the same scans first prior to posting them to you, but mine passed both areas -


Got "Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log"

I can post the log if you want...not sure if I'm supposed to post any logs here without being told to first.

#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:43 PM

Posted 16 December 2012 - 03:33 PM

Those logs are OK, and so are any that are asked for here -
It is just several others that are not allowed, and I would not direct you to run those scans (I would be "told off" or worse :whistle: )

Thanks -
EDIT - Please post the MBAM log also -
""Ran Malwarebytes but all it came up with was a false positive (I have the log ready to send anyway).""

Edited by noknojon, 16 December 2012 - 03:40 PM.


#7 Scott E.

Scott E.
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 16 December 2012 - 11:50 PM

MBAM log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Scott :: VLAD2 [administrator]

12/15/2012 8:08:45 PM
mbam-log-2012-12-15 (21-57-38).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 582184
Time elapsed: 1 hour(s), 48 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 17
C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files\Adobe\Adobe Encore CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files\Adobe\Adobe Media Encoder CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files\Adobe\Adobe Premiere Pro CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files\Adobe\Adobe SpeedGrade CS6\bin\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Adobe\Adobe Audition CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Adobe\Adobe Bridge CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Adobe\Adobe Fireworks CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Adobe\Adobe Flash CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Adobe\Adobe InDesign CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Adobe\Adobe Prelude CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

(end)

#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:43 PM

Posted 17 December 2012 - 12:38 AM

Hi -
The PUP.RiskwareTool.CK is a notice that you usually have Potentially Unwanted Programs installed -

Did you confirm with Malwarebytes Forum that these were not Infections, and just Suspected infections ??

Please run another Full scan to see if these still remain, then post the log back to Malwarebytes Forum for checking -

That would be my choice of action -

#9 Scott E.

Scott E.
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 17 December 2012 - 12:53 AM

Yes I already checked, it is a false positive related to a keygen. Thanks for your help...does anyone else have any ideas or tips/pointers?

#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:43 PM

Posted 17 December 2012 - 01:43 AM

This tool can find if there are missing files, and what area they are in -

Please download Farbar Service Scanner and run it on the computer with the issue.
•Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
•Press "Scan".
•It will create a log (FSS.txt) in the same directory the tool is run.
•Please copy and paste the log to your reply.

#11 Scott E.

Scott E.
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 17 December 2012 - 01:58 AM

Farbar Service Scanner Version: 10-12-2012
Ran by Scott (administrator) on 17-12-2012 at 00:55:30
Running from "C:\Users\Scott\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:43 PM

Posted 17 December 2012 - 05:04 AM

Can you run this tool also -

Download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

#13 Scott E.

Scott E.
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 17 December 2012 - 10:29 AM

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ZoneAlarm Antivirus
Lavasoft Ad-Aware
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 6 Update 31
Java™ 7 Update 5
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader XI
Mozilla Firefox (17.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````

#14 Allan

Allan

  • BC Advisor
  • 8,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:43 AM

Posted 17 December 2012 - 04:42 PM

1) You ran a scan with MalwareBytes. Did you also run a full scan with your AV (ZA)? If not, please do so.

2) Have you run sfc /scannow? If not, please do so (http://support.microsoft.com/kb/929833)

3) What specific Norton software is installed?

4) You said there was an indication of a problem on the hd and you ran checkdisk and it didn't find any issues, but you didn't say how you ran it. Here's the correct method in case you did it some other way:

To run checkdisk, right-click on a command prompt icon and open as administrator. In the command prompt window type: chkdsk /r (then press ENTER). You'll be told the disk is in use and asked if you want to run checkdisk on the next boot. Say yes, exit the command prompt window, and reboot.

5) If still no joy, let's try a selective startup:

Open msconfig and on the General tab choose "selective startup" (uncheck all three items) and reboot. Does the problem still occur? If not, start adding items back to msconfig one or two at a time, rebooting after each change, until the problem reappears and you'll have identified the offending process. This is clearly a time consuming procedure, but it is the best way to determine if some process loading with the system is the cause of your problem.
After you've isolated the cause, do not use msconfig to permanently disable the process. Instead, if it is a service go to START - RUN and type: services.msc (then press enter) and disable the service OR, if it a program, you can download & run a simple app such as Mike Lin's Startup Control Panel (http://www.mlin.net/StartupCPL.shtml) to enable, disable, or otherwise manage startup programs.
Let's see where all this takes us.

#15 Scott E.

Scott E.
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 17 December 2012 - 06:48 PM

I would love to let you know where this takes me, however right now my computer won't even start up. I cannot enter Safe Mode I cannot enter last known good configuration I can't get the computer to start up at all. when I try to start up in safe mode it gets down to Windows files loaded scholars.sys and hangs there. when I let it try to load normally or try to load last known good configuration, it gets to the windows loading screen and that's as far as it goes. I'm not posting on the forum from my phone so I apologize if I have typos or other errors.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users