Windows is not Genuine Virus--Need help

About a week ago I logged onto my computer and encountered a black screen and pop up saying my Windows 7 is not genuine with the options: Get genuine now and Ask me later. Below those options in the right-hand corner is a cancel button and I clicked that. So it logs me on but my wallpaper is black with Windows 7, Build 7601, This copy of windows is not genuine in the right-hand corner. The entire theme on my computer is windows classic except for my icons. This is an Asus G73jh serie laptop running windows 7 64-bit. I had this laptop for 3 years and have never encountered this problem. I am also positive my OS is not a counterfeit because of how long I had it without getting this pop-up and the fact that I bought it from Bestbuy. I will also like to add that when I check for my product ID for the windows activation in my Computer it says it is not available, but when I used a program that checks for product ID’s and key’s it lists it. I am guessing this is a virus because since this has happened I’ve been getting pop ups with every link I click on and have trouble loading antivirus programs such as Avast. Is there anyone who can help me with this problem?

follow guide here and attach logs (not copy and paste). http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

run in the order listed… when done a removal expert will help you

This is another option:

  1. Create a system restore point before doing any changes
  2. Start / My Computer
  3. Click on C drive / WINDOWS folder / system32 folder ( C:\WINDOWS\system32 )
  4. Locate : WgaTray
  5. Right mouse click on it and select Rename
  6. Type : WgaTray-Globehex.exe
  7. Click Ok and make sure its renamed
  8. Now locate WgaLogon.dll
  9. Right mouse click on it and select Rename
  10. Type : WgaLogon-Globehex.dll
  11. Click Ok and make sure its renamed
  12. Close everything
  13. Press Ctrl + Alt + Delete to open Task Manager
  14. Go under Processes tab and locate WgaTray.exe
  15. Right mouse click on it and select : End Process
  16. Click Yes
  17. Exit Task Manager
  18. Restart your computer

polonus

Pondus

Here are the logs

Had you just updated to SP1 prior to this error ?

When you boot and the validation pops up then click validate online

The only update that was preformed was a Definition Update for Windows Defender on July 2nd. There is no option that specifically says validate online, only Get Genuine Now and Ask me later. I clicked on Get Genuine Now and got an error with the code: 0x80070005. I also try running slui and I get the same error message. I also just noticed that even though I have perfect internet connection, my signal icon has a red X over it, indicating I have no internet connection(but I do). Would that be a reason why I cannot validate?

Hmm it is a problem with I believe the trusted installer, run this OTL fix, reboot and try to validate again

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]

"Flags"=dword:0000000c
 "State"=dword:00000000
 "RefCount"=dword:00000001
 "Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
 "ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
   00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
   5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
   00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
 "ProfileImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
   00,73,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,72,00,6f,00,\
   66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,\
   00,72,00,76,00,69,00,63,00,65,00,00,00
 "Flags"=dword:00000000
 "State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
 "ProfileImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
   00,73,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,72,00,6f,00,\
   66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,\
   00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
 "Flags"=dword:00000000
 "State"=dword:00000000

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Pasted the code and got the error:

‘0000000c"State"=dword:00000000"RefCount"=dword:00000001"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00’ is not a valid integer value.

then it stopped responding

OK I will recheck the coding … Although it should work as I got it from technet

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Got the error :

You cannot rename ComboFix as 218239~1

Please use another name, preferably made up of alphanumeric characters

Did you try to rename combofix ? If not then could you try to run from safe mode

I received the same error when I was in safe mode. I did not rename anything or had the chance to rename combofix.

Could you download and run WGA from here please http://www.microsoft.com/en-gb/download/details.aspx?id=20888

Got the error:
Windows Genuine Advantage Notifications requires Microsoft Windows XP to install.

Could you follow the steps here please, I was trying a shortcut :-[
http://windows.microsoft.com/en-GB/windows7/activate-windows-7-on-this-computer

I do not have the option to activate for some reason:

http://i1266.photobucket.com/albums/jj525/EGSolonos/CompProp.jpg

Could you go here and click Validate now (top right ) http://windows.microsoft.com/en-GB/windows/help/genuine/what-is-validation