Error Message "May Be A Victim of Software Counterfeiting" - Windows Vista Home 64

Inactive
By kananesgi
Jun 25, 2011
Topic Status:
Not open for further replies.
  1. My brother has been receiving some errors like this for a couple weeks now. He said the first one came after an Avast! Antivirus program update. He believes Avast! told him to reboot the computer after the update. He told it not to do so, then forgot to reboot until about a day or so later. When he rebooted, Windows started with an error saying it was not a valid copy and that he needed to go online to validate. After doing that, it said something like it was unable to validate. After rebooting, the same thing happened. I then booted the computer into safe mode and everything was working. I tried to perform a virus scan which locked up at about 9%. I performed a hard shutdown, then rebooted after a minute or so and the computer booted without problem.

    The computer has done this three or four times since, but a simple reboot usually resolves it for a while.

    Just this morning, a new error popped up (the one in the title of this thread). This is the first time we have seen this popup. It's titled "Optional Update Delivery is not Working" and says "You May be a victim of software counterfeiting." It then mentions some stuff about Windows needing validated to use all features.

    I should also mention that Update has not worked on this computer in over a year. Maybe about 2 years, we're not certain. An error message is displayed when the computer tries to update, but it's been a long time since I saw it and I don't remember what the error said.

    Here are the logs from the initial 5-step process. The GMER log does not contain anything. Don't know why that is.

    ===============================================================

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6948

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    6/25/2011 11:12:03 AM
    mbam-log-2011-06-25 (11-12-03).txt

    Scan type: Quick scan
    Objects scanned: 177307
    Time elapsed: 4 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Khirubed (Trojan.Agent.U) -> Value: Khirubed -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ==============================================================

    DDS.txt
    Edit: This log is missing. You pasted the Attach.txt logs. twice. I am deleting the duplicate.

    ==============================================================
    Edit: This is the Attach.txt log.

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/10/2008 7:14:16 AM
    System Uptime: 6/20/2011 7:18:51 PM (112 hours ago)
    .
    Motherboard: ECS | | Nettle3
    Processor: AMD Phenom(tm) 9150e Quad-Core Processor | Socket AM2 | 900/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 453 GiB total, 159.203 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.785 GiB free.
    E: is CDROM (UDF)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP764: 5/31/2011 12:00:01 AM - Scheduled Checkpoint
    RP765: 6/1/2011 1:49:41 AM - Windows Update
    RP766: 6/2/2011 12:00:12 AM - Scheduled Checkpoint
    RP767: 6/3/2011 1:49:42 AM - Windows Update
    RP768: 6/4/2011 12:46:15 PM - Scheduled Checkpoint
    RP769: 6/6/2011 12:00:01 AM - Scheduled Checkpoint
    RP770: 6/6/2011 1:04:22 PM - Scheduled Checkpoint
    RP771: 6/7/2011 2:11:35 AM - Windows Update
    RP772: 6/8/2011 10:53:39 AM - Scheduled Checkpoint
    RP773: 6/9/2011 12:00:01 AM - Scheduled Checkpoint
    RP774: 6/9/2011 9:56:11 PM - Scheduled Checkpoint
    RP775: 6/10/2011 1:58:47 AM - Windows Update
    RP776: 6/11/2011 2:54:43 PM - Scheduled Checkpoint
    RP777: 6/12/2011 11:30:36 AM - Scheduled Checkpoint
    RP778: 6/13/2011 1:19:40 AM - Scheduled Checkpoint
    RP779: 6/14/2011 1:55:43 AM - Windows Update
    RP780: 6/17/2011 1:38:40 AM - Windows Update
    RP781: 6/20/2011 8:39:46 PM - Scheduled Checkpoint
    RP782: 6/21/2011 2:14:50 AM - Windows Update
    RP783: 6/23/2011 7:33:22 PM - Scheduled Checkpoint
    RP784: 6/24/2011 10:15:36 AM - Scheduled Checkpoint
    RP785: 6/25/2011 12:00:09 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    3DMark Vantage
    3dsmax ancillary install
    4500_G510af_Help_Web
    4500G510af_Software_Min
    4500G510af_web
    AAC Decoder
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Reader 8.1.5
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AH F9F Panther for Fs2004
    Akamai NetSession Interface
    Amazon Kindle For PC v1.1
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Software Update
    AudibleManager
    Autodesk 3ds Max 9 32-bit
    Autodesk DWF Viewer 7
    AutoUpdate
    avast! Free Antivirus
    Backburner
    Bamboo
    BitTorrent
    BufferChm
    Bz Enhanced 1.11
    Citrix XenApp Web Plugin
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Connect
    Copy
    CyberLink DVD Suite Deluxe
    dcmsvc 1.0
    DCS Black Shark
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    DJ_AIO_03_F4200_ProductContext
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    DNA
    DocProc
    DocProcQFolder
    Enhanced Multimedia Keyboard Solution
    eSupportQFolder
    EVE-ONLINE (remove only)
    F4200
    F4200_Help
    FBX Plugin 2006.08 for Max 9.0
    Flight Simulator X
    Flight Simulator X Service Pack 1
    Fokker Dr I 1.0
    Freecorder Toolbar
    FS Design Studio V3.5.1
    FS Economy client for FSX
    FS Repaint Twin Otter for FSX
    FSRepaint V2.10
    Futuremark SystemInfo
    Glacier Bay v2a
    Glacier Bay v2b
    gmax
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService
    Grob SPn --- rel. 3.00
    H.264 Decoder
    Historical Repaint Expansion
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP My Display
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Update
    HPAsset component for HP Active Support Library
    HPProductAssistant
    Impulse
    Indeo® XP Software
    InterActual Player
    Jasc Paint Shop Pro 8
    Jasc Paint Shop Pro 9
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 7
    JPEG to PDF 1.0
    Juno Preloader
    Just Flight - FS Insider C152
    KAKE First Alert
    KB408682
    kuler
    LabelPrint
    LightScribe System Software 1.14.25.1
    LightScribe Template Labeler
    Little Registry Cleaner
    Logo Design Studio Pro
    Logo Design Studio The Big Concept Expansion Pack
    Magic ISO Maker v5.5 (build 0274)
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Messerschmitt Bf-109F 4 for FS2004
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB929729)
    Microsoft Flight Simulator 2004 A Century of Flight
    Microsoft Flight Simulator X
    Microsoft Flight Simulator X SDK SP1A
    Microsoft Flight Simulator X: Acceleration
    Microsoft Live Search Toolbar
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Works
    MKV Splitter
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    MSXML 4.0 SP2 Parser and SDK
    muvee Reveal
    MWSnap 3
    My HP Games
    MyScribe
    NetZero Preloader
    Neverwinter Nights 2
    Nielsen//NetRatings
    NVIDIA PhysX
    Over Flanders Fields - Between Heaven and Hell
    PayPal Plug-In
    PDF Settings CS4
    PhoenixRC Demo
    Photoshop Camera Raw
    PictureMover
    Pivot Software
    Power2Go
    PowerDirector
    PunkBuster Services
    Python 2.5.2
    QuickTime
    Rarewings.com Waterman Arrowbile for FSX
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Rhapsody
    RiffTrax DVD Player
    Scan
    SDK
    SecondLife (remove only)
    Sins of a Solar Empire
    Sins of a Solar Empire - Entrenchment
    SmartWebPrintingOC
    SolutionCenter
    SPORE Creature Creator Trial Edition
    Status
    Suite Shared Configuration CS4
    System Requirements Lab
    Tilt Rotor (FSX)
    Toolbox
    TrayApp
    TrueCrypt
    Uniblue RegistryBooster 2010
    Unity Web Player
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.762
    Ventrilo Server
    Veoh Web Player
    VitalSource Bookshelf
    VLC media player 0.9.8a
    Vue 8 xStream PLE 32bit
    Vue 8 xStream PLE 64bit
    VZAccess Manager
    Warner Bros. Digital Copy Manager
    WebEx
    WebReg
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Widgets
    Yak-12A Livery Pack
    Yakovlev Yak-12A (Harrier Panels Edition)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/20/2011 7:13:17 PM, Error: EventLog [6008] - The previous system shutdown at 6:29:08 PM on 6/20/2011 was unexpected.
    6/20/2011 4:14:48 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.123.137. The computer with the IP address 192.168.123.101 did not allow the name to be claimed by this computer.
    6/20/2011 12:44:31 AM, Error: nvstor64 [5] - A parity error was detected on \Device\RaidPort0.
    6/20/2011 12:33:46 AM, Error: Service Control Manager [7024] - The SL UI Notification Service service terminated with service-specific error 3221541889 (0xC004D401).
    6/20/2011 12:30:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt nnfwdk SRTSP SRTSPX
    6/20/2011 12:30:42 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    6/20/2011 12:30:33 AM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
    6/20/2011 12:30:33 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    6/20/2011 12:29:06 AM, Error: EventLog [6008] - The previous system shutdown at 10:32:03 PM on 6/19/2011 was unexpected.
    .
    ==== End Of File ===========================

    =================================================================
    Edit: Deleting duplicate Attach.txt log.
    DDS Attach
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Did you mark this thread Active?
  3. kananesgi

    kananesgi Newcomer, in training Topic Starter

    I didn't. Least I didn't on purpose. I didn't even know I could mark it myself.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Either Broni or I mark a thread 'Active' when we pick it up and begin helping. When we see 'Active', it means one of us has done that. So the other one of us will 'assume' the thread has been picked up.
    ==================================
    There are 2 different log from DDS: DDS.txt and Attach.txt. You inadvertently posted the Attach.txt log twice, one of which I have deleted. Please find the DDS.txt log on the system and include it with your next reply.
    ==================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =========================================
    Note: what was the source of the 'victim' message?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.