Author Topic: Windows is not genuine!  (Read 8244 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: Windows is not genuine!
« Reply #15 on: September 28, 2015, 05:59:55 AM »
Hiya!

I have attached the results of the scans. Thank you again for trying to help!

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Windows is not genuine!
« Reply #16 on: September 28, 2015, 12:36:00 PM »
Hi,

I'll give a remover a shout for you.

VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not genuine!
« Reply #17 on: September 28, 2015, 03:43:46 PM »
Avast left some junk behind, did you set the proxy ?

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
ProxyEnable: [S-1-5-21-4206126674-2380382371-3022288802-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-4206126674-2380382371-3022288802-1000] => http=127.0.0.1:16110;https=127.0.0.1:16110
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4206126674-2380382371-3022288802-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=04120016448CB1CC&affID=119557&tsp=5031","hxxp://www.google/newtab.com","hxxp://www.bing.com/?pc=U156","hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
2015-09-26 12:20 - 2015-08-09 15:31 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3077.tmp
2015-09-26 12:20 - 2015-08-09 15:31 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\asw35F8.tmp
2015-09-26 12:20 - 2015-08-09 15:31 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3676.tmp
2015-09-26 12:20 - 2015-08-09 15:31 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\asw38F7.tmp
2015-09-26 12:20 - 2015-08-09 15:31 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\asw349F.tmp
2015-09-26 12:20 - 2015-08-09 15:31 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\asw39D2.tmp
2015-09-26 12:20 - 2015-08-09 15:31 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\asw31C0.tmp
2015-09-26 12:20 - 2015-08-09 15:31 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\asw350D.tmp
2015-09-26 12:20 - 2015-08-09 15:31 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2E45.tmp
2015-09-26 12:20 - 2015-08-09 15:31 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw328C.tmp
2015-09-26 12:19 - 2015-08-09 15:31 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvFBFD.tmp
2015-09-26 12:19 - 2015-08-09 15:30 - 00256160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF9BB.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw17EC.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1C16.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1C65.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1D31.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngv13D5.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1ADC.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1D8F.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1915.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1B69.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw16A3.tmp
2015-09-26 12:08 - 2015-08-09 15:31 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw19A3.tmp
2015-09-26 12:08 - 2015-08-09 15:30 - 00256160 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1173.tmp
CustomCLSID: HKU\S-1-5-21-4206126674-2380382371-3022288802-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Flower\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4206126674-2380382371-3022288802-1000_Classes\CLSID\{10395C51-CF54-4038-8D9A-C9DC0DF8C11D}\localserver32 -> "C:\Users\Flower\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllp (the data entry has 55 more characters).
CustomCLSID: HKU\S-1-5-21-4206126674-2380382371-3022288802-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Flower\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4206126674-2380382371-3022288802-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Flower\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4206126674-2380382371-3022288802-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-4206126674-2380382371-3022288802-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Flower\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4206126674-2380382371-3022288802-1000_Classes\CLSID\{D6CA4E02-9C21-410F-90EF-40C2647B73D6}\localserver32 -> "C:\Users\Flower\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllp (the data entry has 55 more characters).
CustomCLSID: HKU\S-1-5-21-4206126674-2380382371-3022288802-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Flower\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4206126674-2380382371-3022288802-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Flower\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
Task: {F64477B1-8689-401A-AB25-3BF75B975A85} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

REDACTED

  • Guest
Re: Windows is not genuine!
« Reply #18 on: September 29, 2015, 02:53:48 AM »
When I uninstalled Avast and turned my computer back on, I received a message about the proxy. I have not a clue how to fix that little alone how to change it. I can fix minor things, when it stumps me, I come here to the forum and beg for help.

Attached are the results of the fix scan .

Please keep in mind, I have not reinstalled Avast yet. I wanted to try to fix this mess before I try it again.

Thanks!

PS! Thank you Michael.
« Last Edit: September 29, 2015, 02:55:44 AM by flowerr »

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Windows is not genuine!
« Reply #19 on: September 29, 2015, 12:17:58 PM »
PS! Thank you Michael.

You are welcome. Wait for Essexboy's return, he'll have more instructions shortly I'm sure.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not genuine!
« Reply #20 on: September 29, 2015, 04:00:08 PM »
OK the junk has gone along with the proxy

Is windows reporting as genuine now ?

Retry Avast

Download the correct version of Avast 
Avast Free
Avast Pro
Avast Internet Security
Avast Premier


REDACTED

  • Guest
Re: Windows is not genuine!
« Reply #21 on: September 30, 2015, 05:52:58 PM »
I have installed Avast IS.
And this window showed up after I pressed done, to allow quick scan to run.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not genuine!
« Reply #22 on: September 30, 2015, 06:07:35 PM »
Weird that a file should be missing after a fresh install   

Could you try a repair

REDACTED

  • Guest
Re: Windows is not genuine!
« Reply #23 on: October 01, 2015, 04:15:48 AM »
I know. Its all strange with me. I did repair Avast. Things seem to be working okay. A few posts, you asked if Windows was Genuine again. After I used the code from the bottom of my computer, it seems to allow me back on.
Though my computer seems to be lagging a lot after this. Im having to wait for a few seconds for a window or Even Avast to open.
Not sure what all happened when the New Avast update when through but it sure did a job on my computer.

Thank you Essexboy and all the rest for your Amazing help.

I will use my computer for the next few days, more than usual to see how it behaves.

REDACTED

  • Guest
Re: Windows is not genuine!
« Reply #24 on: October 01, 2015, 05:30:35 AM »
Okay, now I want to scream. I ran Avast IS, it did fine.
I have now run Avast optimization,  it requires a shut down after the scan, it is taking over an hour to shut down.
 I know  it should not  be taking this long. 
Lost!!!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not genuine!
« Reply #25 on: October 01, 2015, 03:52:52 PM »
Reboot the system and do not use the optimisation function as any work needed was done when you ran the FRST fix

REDACTED

  • Guest
Re: Windows is not genuine!
« Reply #26 on: October 01, 2015, 05:54:50 PM »
dont claim to be half as good as the above helpers but, and this prob wont help.
save work and send comp back to factory settings should resolve the issue, only problem is i done it a few months ago with an old laptop and the new updates from vista till now fill up all the available disc space.
i havent had time to try it yet but im thinking "piggybacking" a small potable drive should help.
good luck, hope all works out well.

REDACTED

  • Guest
Re: Windows is not genuine!
« Reply #27 on: October 01, 2015, 10:04:17 PM »
Essexboy, I am so sorry if I messed things up. I let my computer run all night to see if it would shut down. No luck, I had to manually. I've been using it today , putting it to sleep and logging back in. Now that I am ready to shut it down, it sits on the 'shutting down' part with the circle spinning... thinking.
Any thoughts?
It did this when I uninstalled Avast the first time. When it started with all the issues.   

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not genuine!
« Reply #28 on: October 01, 2015, 10:37:18 PM »
OK force shutdown the system and tomorrow when you have the chance try the new Beta on the system ... https://forum.avast.com/index.php?topic=177126.0 I am try it out on my system and it appears to be running very smoothly

REDACTED

  • Guest
Re: Windows is not genuine!
« Reply #29 on: October 06, 2015, 08:27:21 PM »
Essexboy,

Thanks! I have been super busy. I will try today.