After running a scan that seemed to take all day, I now see a message in the bottom right hand corner of the screen that says:
Windows Vista ™
Build6002
This copy of Windows is not genuine
I have a Dell Studio 1750 running Vista. I am reading your “Logs to assist in cleaning malware” page and will run the recommended programs and post the logs here as directed.
Thanks in advance for any help with this issue.

Go here and let us know what it says: http://www.microsoft.com/genuine/validate/

Okay, thanks! I did follow the link and have been waiting quite a while for Windows to respond. Does it usually take a long time?

left empty

left empty

left empty

Eddy,
Can I hit the “Clean” button on the AdwCleaner?
I’m getting no response from Windows.

Yes hit the clean button, reboot after it and then follow the instructions show here: http://forum.avast.com/index.php?topic=53253.0
Do ATTACH the logs and NOT copy/paste.

Hi Eddy,
okay, well I went ahead and hit “clean” and after reboot the message is no longer there. yippee!!
following your instructions now, thanks! Oh! sorry about the copy and paste, I couldn’t understand what the attach meant, now I see it. Attaching now.
Lya

Okay, ran the mbam and have attached log.

Attached are the OTL logs

You had/have lots of crapware. I’ll fetch someone to assist you. It’ll most likely be Essexboy…

Hi,

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Then…

Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click Scan button and wait until the full scan is complete;
[*]Click Save … - save the report to the Desktop (named Gmer );

Attach here Gmer logreports.

Hi Eagle, will follow these instructions and attach log. I have attached log for aswMBR.

Here are the logs from FRST64.

Here is the Gmer log.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

SearchScopes: HKCU - {2F1B53FC-F3E1-4F55-8062-616E584692BC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN35076614952840810&UM=2
FF Extension: No Name - C:\Users\Lya\AppData\Roaming\Mozilla\Firefox\Profiles\955o2d7h.default\Extensions\nostmp
C:\Users\Lya\AppData\Roaming\Mozilla\Firefox\Profiles\955o2d7h.default\Extensions\nostmp
FF Extension: ptl - C:\Users\Lya\AppData\Roaming\Mozilla\Firefox\Profiles\955o2d7h.default\Extensions\ptl@ptl.com.xpi
C:\Users\Lya\AppData\Roaming\Mozilla\Firefox\Profiles\955o2d7h.default\Extensions\ptl@ptl.com.xpi
CHR DefaultSearchURL: (Conduit) - http://www.google.com
CHR DefaultSuggestURL: (Conduit) - http://www.google.com
C:\Users\Lya\AppData\Roaming\desktop.ini
C:\ProgramData\pswi_preloaded.exe
C:\Users\Lya\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Lya\AppData\Local\Temp\ose00000.exe
C:\Users\Lya\AppData\Local\Temp\Quarantine.exe
C:\Users\Lya\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lya\AppData\Local\Temp\tbSwee.dll
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
cmd: ipconfig /flushdns

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Okay, thanks! here is the log.

How are the things now?

The message about my copy of Windows not being genuine has been gone since I used the AdwCleaner and everything else seems fine. But everything seemed fine before as well, lol. Do the logs show that my system has less “crapware” on it?
I guess it does seem to be faster now when I’m typing at least, I used to type faster than the cursor could move, now that is not the case. :slight_smile:
Thanks so much for your help!