"This computer is not running genuine Windows"

• Question

• 

  

  0

  Sign in to vote

  Recently removed the Win32:LoadMoney trojan, suspect the two might be related. Report below:

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  
  Validation Code: 0x8004FE21
  Cached Online Validation Code: 0x0
  Windows Product Key: *****-*****-WDH4T-XDMJG-YC8F6
  Windows Product Key Hash: LFkx8vUnyOjiFXj++ZY2pZqhavQ=
  Windows Product ID: 00426-OEM-9179727-96332
  Windows Product ID Type: 3
  Windows License Type: OEM System Builder
  Windows OS version: 6.1.7601.2.00010100.1.0.001
  ID: {7C430F87-3C08-4FE9-BF34-16B4F9A557FD}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: Registered, 1.9.9.1
  Signed By: Microsoft
  Product Name: Windows 7 Ultimate
  Architecture: 0x00000009
  Build lab: 7601.win7sp1_gdr.130318-1533
  TTS Error: 
  Validation Diagnostic: 
  Resolution Status: N/A
  
  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  
  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002
  
  OGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  OGAExec.exe Signed By: N/A, hr = 0x80070002
  OGAAddin.dll Signed By: N/A, hr = 0x80070002
  
  OGA Data-->
  Office Status: 109 N/A
  OGA Version: N/A, 0x80070002
  Signed By: N/A, hr = 0x80070002
  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
  
  Browser Data-->
  Proxy settings: N/A
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed
  
  File Scan Data-->
  File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
  File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
  File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
  File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
  File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
  File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
  File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
  File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
  File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
  File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
  File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
  File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
  File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
  File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
  File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
  File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
  File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
  
  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{7C430F87-3C08-4FE9-BF34-16B4F9A557FD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-YC8F6</PKey><PID>00426-OEM-9179727-96332</PID><PIDType>3</PIDType><SID>S-1-5-21-3032815953-2543113838-1293354510</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 1720</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="5"/><Date>20090408000000.000000+000</Date></BIOS><HWID>31063D07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CL09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
  
  Spsys.log Content: 0x80070002
  
  Licensing Data-->
  Software licensing service version: 6.1.7601.17514
  
  Name: Windows(R) 7, Ultimate edition
  Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
  Activation ID: cfb3e52c-d707-4861-af51-11b27ee6169c
  Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
  Extended PID: 00426-00182-797-296332-02-1033-7600.0000-1392013
  Installation ID: 017830935710088003888522484992058566901281495444074821
  Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
  Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
  Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
  Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
  Partial Product Key: YC8F6
  License Status: Licensed
  Remaining Windows rearm count: 5
  Trusted time: 12/3/2013 7:10:34 AM
  
  Windows Activation Technologies-->
  HrOffline: 0x8004FE21
  HrOnline: N/A
  HealthStatus: 0x000000000001EFF0
  Event Time Stamp: 12:1:2013 22:05
  ActiveX: Registered, Version: 7.1.7600.16395
  Admin Service: Registered, Version: 7.1.7600.16395
  HealthStatus Bitmask Output:
  Tampered File: %systemroot%\system32\sppobjs.dll
  Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
  Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
  Tampered File: %systemroot%\system32\sppwinob.dll
  Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
  Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
  Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
  Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
  Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
  Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
  Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
  Tampered File: %systemroot%\system32\drivers\spsys.sys
  
  
  HWID Data-->
  HWID Hash Current: MAAAAAEAAQABAAEAAgABAAAAAgABAAEAln0+sSBWjAI2K3joZD7+UzjQ4me470bK
  
  OEM Activation 1.0 Data-->
  N/A
  
  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20001
  OEMID and OEMTableID Consistent: yes
  BIOS Information: 
    ACPI Table Name OEMID Value OEMTableID Value
    APIC PTLTD APIC  
    FACP TOSCPL CRESTLNE
    HPET INTEL CRESTLNE
    BOOT PTLTD $SBFTBL$
    MCFG INTEL CRESTLNE
    OSFR TOSHIB A+2nd ID
    SLIC DELL   CL09   
    SSDT PmRef CpuPm
  
  

  Tuesday, December 3, 2013 1:11 PM