Windows 7 64x You May Be The Victim of Software Counterfieting? RRS feed

  • Question

  • I have a genuine windows 64 disc. I installed it using a key I had acquired from ebay. However, it worked great for 3 months. Then today all of a sudden when I look for some really stupid music I don't listen to on youtube and installing iTunes. I started getting these really whack messages. They don't even look like real Microsoft messages. and the auto updater issue only pops up when I connect to the internet. I have been looking at it online and it seems like it could be a virus. I have clicked on the validate tool because I was forced to upon the first startup. It had no option to call Microsoft. It changed my background black (Build 7601). Could it be possible that slui.exe was altered from malware? I would also like to mention the startup was much longer than normal. I made a restore point before the first restart hopefully that saves me. Any helpers thanks.

    Diagnostic Report (1.9.0027.0):
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a2
    Windows Product Key: *****-*****-WJ327-QJ749-7P9FG
    Windows Product Key Hash: z29/EGD2ngsJoNXPBnaV8OEEP5I=
    Windows Product ID: 00359-233-1576504-86687
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {4F7CEF7E-5009-4715-8199-C7A5267CF433}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130318-1533
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{4F7CEF7E-5009-4715-8199-C7A5267CF433}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7P9FG</PKey><PID>00359-233-1576504-86687</PID><PIDType>5</PIDType><SID>S-1-5-21-4180031641-1790388094-975512316</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc.        </Manufacturer><Model>N80Vb               </Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>207    </Version><SMBIOSVersion major="2" minor="5"/><Date>20081205000000.000000+000</Date></BIOS><HWID>77AA0600018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: 3b965dfc-31d9-4903-886f-873a0382776c
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00172-233-157650-00-1033-7601.0000-0782013
    Installation ID: 002531990561590564177286260380202373564263731194028556
    Processor Certificate URL: (what it usually says I cant enter links)
    Machine Certificate URL:(what it usually says I cant enter links)
    Use License URL:(what it usually says I cant enter links)
    Product Key Certificate URL:(what it usually says I cant enter links)
    Partial Product Key: 7P9FG
    License Status: Notification
    Notification Reason: 0xC004F200 (non-genuine).
    Remaining Windows rearm count: 3
    Trusted time: 6/23/2013 8:03:15 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C4A2
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:23:2013 14:08
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:

    HWID Data-->

    OEM Activation 1.0 Data-->

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   120508  APIC1018
      FACP   120508  FACP1018
      DBGP   120508  DBGP1018
      HPET   120508  OEMHPET
      BOOT   120508  BOOT1018
      MCFG   120508  OEMMCFG
      SLIC   _ASUS_  Notebook
      ECDT   120508  OEMECDT
      OEMB   120508  OEMB1018
      DMAR   120508  DMAR1018
      SSDT   PmRef  CpuPm

    >>>----EDIT: It seems as if everything works as normal which I find odd. Windows update seems to say it has checked updates but the security essentials is looking... strange.
    • Edited by visatrade Monday, June 24, 2013 3:51 AM
    Monday, June 24, 2013 3:26 AM