locked
Says computer not running genuine Windows RRS feed

  • Question

  • I keep getting a pop up saying I am not running genuine windows with error 0x800fe21.  Full disclosure, I had a virus a few months ago that played ads in the background even when no browser was open so I am thinking maybe the anti-virus steps taken may have caused this issue, however there was at least a full month between ridding of that virus and this problem starting. 

    Here is the requested issue:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.110622-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>E2     </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
    Installation ID: 013786937242744224473514982353667282985713024056079126
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 733WD
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 5/13/2012 2:41:39 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 5:8:2012 02:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            DELL          E2     
      FACP            DELL          E2     
      HPET            DELL          E2     
      BOOT            DELL          E2      
      MCFG            A M I         GMCH945.
      TCPA                    
      SLIC            DELL          E2     
      SSDT            PmRef        CpuPm

    Sunday, May 13, 2012 7:45 PM

Answers

All replies

  • The mismatches suggest that you need to reinstall the Intel Rapid Storage Drivers.  This can be caused by a recent update.

    Download the Intel Rapid Storage Drivers from here:
     
    http://bit.ly/xmcovN
     
     You’ll need the set for the x64 (64-bit) platform on Win7.
     
    Once complete, please reboot twice, then post another MGADiag report.
     
    Good Luck!


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

    Sunday, May 13, 2012 7:55 PM
    Answerer
  • He actually needs the 32-bit version, Colin - but since both are in the same package, it doesn't make much difference :)

    ><Architecture>x32</Architecture><


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, May 13, 2012 8:03 PM
    Moderator
  • Here are the new logs.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.110622-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>E2     </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
    Installation ID: 013786937242744224473514982353667282985713024056079126
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 733WD
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 5/14/2012 1:12:14 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 5:8:2012 02:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            DELL          E2     
      FACP            DELL          E2     
      HPET            DELL          E2     
      BOOT            DELL          E2      
      MCFG            A M I         GMCH945.
      TCPA                    
      SLIC            DELL          E2     
      SSDT            PmRef        CpuPm

    Monday, May 14, 2012 6:12 AM
  • "Bdeniso" wrote in message news:57f5b6a0-c232-47ba-9413-3841114b0f3f...

    Here are the new logs.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.048


    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 5:8:2012 02:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys

     
     
    please try the following...
    from an elevated Command Prompt, run the following commands.
     
    regsvr32 softpub.dll
    regsvr32 wintrust.dll
     
    reboot amnd run another MGADiag report.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Monday, May 14, 2012 8:10 AM
    Moderator
  • New logs:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.110622-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>E2     </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
    Installation ID: 013786937242744224473514982353667282985713024056079126
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 733WD
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 5/14/2012 1:45:11 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 5:8:2012 02:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            DELL          E2     
      FACP            DELL          E2     
      HPET            DELL          E2     
      BOOT            DELL          E2      
      MCFG            A M I         GMCH945.
      TCPA                    
      SLIC            DELL          E2     
      SSDT            PmRef        CpuPm

    Monday, May 14, 2012 6:45 PM
  • Sorry about that - getting my threads confused :(

    No change - let's look elsewhere.

    This will sound odd - but what error messages do you get if you attempt to either Check for Updates, or install updates??

    These error messages often are more descriptive than those in an MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, May 14, 2012 8:38 PM
    Moderator
  • Code received

    Error Code 80096001

    Monday, May 14, 2012 9:32 PM
  • Also the error number when the pop up validation thing comes up is

    0x8004fe21

    Tuesday, May 15, 2012 12:54 AM
  • "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

    Code received

    Error Code 80096001

    That error code is suggestive of malware.
     
    (unashamed steal from PA Bear - who I'm pinging for assistance)
    <quote>

    Please answer each of the following diagnostic questions in a numbered list in your very next reply (no need to quote this post):

    1a. When (approx. date) did you purchase the computer?

    1b. Did Win7 come preinstalled on the computer when you bought it, did you do a clean install of Win7, or did you upgrade from Vista to Win7?

    2. Is Windows 7 Service Pack 1 (already) installed? See...

    • Which version of the Windows operating system am I running?
    http://windows.microsoft.com/en-us/windows7/help/which-version-of-the-windows-operating-system-am-i-running

    3a. When (approx. date) did you install Microsoft Security Essentials (MSE)?

    3b. Was MSE offered & installed via Windows Update or did you intentionally choose to install it?

    4. What anti-virus application was installed before you installed MSE, was your subscription still current, and did you uninstall it before you installed MSE?

    5. Has a(nother) Norton application or a McAfee application EVER been installed on the computer?

    6. Did a Norton free-trial or a McAfee free-trial [pick one] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

    7a. Are ANY of the following updates listed in View installed updates (not Update History)? [1]

    • KB2631813, KB2644615, KB2584146, KB2585542

    7b. How about these updates?...

    • KB2618444, KB2633171, KB2639417, KB2620712, KB2619339; KB2641690 & KB2588516

    • KB2572076 or KB2572077 [<=TELL ME WHICH ONE]

    • KB2544521 or Windows Internet Explorer 9 [<=TELL ME WHICH ONE]

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Related references may include:

    Check list for installing Microsoft Security Essentials
    http://answers.microsoft.com/thread/bf757e6a-e320-4a67-92bc-767e6acb26c4

    Can I install Microsoft Security Essentials [or any other anti-virus/anti-spyware application] to clean up my already-infected computer?
    http://answers.microsoft.com/thread/87058857-d181-4019-a723-efd9a49d9275

    </quote>

    we already have the answer to a couple of these questions from the report - but please fill them all in anyhow.

     

     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, May 15, 2012 9:54 AM
    Moderator
  • "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

    Code received

    Error Code 80096001

     
    You could try the fixit from here http://support.microsoft..com/kb/2230957 - it sometimes works
     
    post back with a fresh MGADiag report after rebooting
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, May 15, 2012 12:14 PM
    Moderator
  • "Noel D Paton" wrote in message news:b1d6ebbf-15cb-45c3-be44-de8f3d7da221...
    "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

    Code received

    Error Code 80096001

    That error code is suggestive of malware.
     
    (unashamed steal from PA Bear - who I'm pinging for assistance)
     
     
     
     
    and answer the questions posed  in his first post there (responses in this thread, please!)
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, May 15, 2012 3:21 PM
    Moderator
  • Answers to very last post:

    1. Summer of 2010, Windows 7 came per-installed

    2. Win 7 Professional Version 6.1 Build 7600

    3. Malware Bytes and Super Anti Spyware

    4. Not that I know

    5. I think so? came with McAfee installed I believe

    6a. None of them

    6b. None of them

    6c. Neither

    6d. neither

    6e. have KB2544521

    7. Yes firefox

    8. no, not that I know of


    • Edited by Bdeniso Tuesday, May 15, 2012 8:10 PM
    Tuesday, May 15, 2012 8:10 PM
  • "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

    Code received

    Error Code 80096001

     
    You could try the fixit from here http://support.microsoft..com/kb/2230957 - it sometimes works
     
    post back with a fresh MGADiag report after rebooting
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    new log:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.110622-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>E2     </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
    Installation ID: 013786937242744224473514982353667282985713024056079126
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 733WD
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 5/15/2012 3:17:02 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 5:15:2012 07:45
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            DELL          E2     
      FACP            DELL          E2     
      HPET            DELL          E2     
      BOOT            DELL          E2      
      MCFG            A M I         GMCH945.
      TCPA                    
      SLIC            DELL          E2     
      SSDT            PmRef        CpuPm

    Tuesday, May 15, 2012 8:18 PM
  • "Bdeniso" wrote in message news:f495bc83-d4f2-4373-aa36-cbecbde6dbeb...

    1. Summer of 2010, Windows 7 came per-installed

    2. Win 7 Professional Version 6.1 Build 7600

    3. Malware Bytes and Super Anti Spyware

    4. Not that I know

    5. I think so? came with McAfee installed I believe

    6a. None of them

    6b. None of them

    6c. Neither

    6d. neither

    6e. have KB2544521

    7. Yes firefox

    8. no, not that I know of

     
     
     
    OK - to be on the safe side, we'd better run the uninstallers for both Norton and McAfee.
    You say you have MBAM and SAS - but you haven't mentioned any anti-virus?? Neither of these programs are anti-viruses.
     
    If you have no proper anti-virus protection installed, then there is no point in attempting to fix this installation - you should reformat and reinstall. Please let us know what AV is installed, if any.
     
    to run the Norton and McAfee uninstallers download them from the links below, following the instructions - note that teh uninstallers will work no matter which option you pick, since the difference in in the reactivation links, rather than anything else, and have nothing to do with the uninstallers themselves.
     
    Norton Removal Tool
     
    McAfee MCPR
     
    reboot after each uninstall (whether it asks for it or not)
    then post a new MGADiag report.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, May 15, 2012 8:22 PM
    Moderator
  • "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

    Code received

    Error Code 80096001

    That error code is suggestive of malware.
     
    (unashamed steal from PA Bear - who I'm pinging for assistance)
    <quote>

    Please answer each of the following diagnostic questions in a numbered list in your very next reply (no need to quote this post):

    1a. When (approx. date) did you purchase the computer?

    1b. Did Win7 come preinstalled on the computer when you bought it, did you do a clean install of Win7, or did you upgrade from Vista to Win7?

    2. Is Windows 7 Service Pack 1 (already) installed? See...

    • Which version of the Windows operating system am I running?
    http://windows.microsoft.com/en-us/windows7/help/which-version-of-the-windows-operating-system-am-i-running

    3a. When (approx. date) did you install Microsoft Security Essentials (MSE)?

    3b. Was MSE offered & installed via Windows Update or did you intentionally choose to install it?

    4. What anti-virus application was installed before you installed MSE, was your subscription still current, and did you uninstall it before you installed MSE?

    5. Has a(nother) Norton application or a McAfee application EVER been installed on the computer?

    6. Did a Norton free-trial or a McAfee free-trial [pick one] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

    7a. Are ANY of the following updates listed in View installed updates (not Update History)? [1]

    • KB2631813, KB2644615, KB2584146, KB2585542

    7b. How about these updates?...

    • KB2618444, KB2633171, KB2639417, KB2620712, KB2619339; KB2641690 & KB2588516

    • KB2572076 or KB2572077 [<=TELL ME WHICH ONE]

    • KB2544521 or Windows Internet Explorer 9 [<=TELL ME WHICH ONE]

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Related references may include:

    Check list for installing Microsoft Security Essentials
    http://answers.microsoft.com/thread/bf757e6a-e320-4a67-92bc-767e6acb26c4

    Can I install Microsoft Security Essentials [or any other anti-virus/anti-spyware application] to clean up my already-infected computer?
    http://answers.microsoft.com/thread/87058857-d181-4019-a723-efd9a49d9275

    </quote>

    we already have the answer to a couple of these questions from the report - but please fill them all in anyhow.

     

     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    1. Summer 2010

    1b. Win 7 preinstalled

    2. Win 7 Professional Version 6.1 Build 7600

    3. I really have no idea, I think it came preinstalled

    4. I dont think so

    5. Not to my knowledge

    6. I think McAfee did

    7a. none of them

    7b. none of them, neither KB2572076 or KB2572077, and do have KB2544521

    Tuesday, May 15, 2012 8:23 PM
  • "Bdeniso" wrote in message news:094f8454-a07c-4f68-a36d-0fe93e292b60...
    "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

    Code received

    Error Code 80096001

     
    You could try the fixit from here http://support.microsoft...com/kb/2230957 - it sometimes works
     
    post back with a fresh MGADiag report after rebooting
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    new log:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.048


    No change :(
    Please see my other note on your  AV situation.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, May 15, 2012 8:29 PM
    Moderator
  • "Bdeniso" wrote in message news:f495bc83-d4f2-4373-aa36-cbecbde6dbeb...

    1. Summer of 2010, Windows 7 came per-installed

    2. Win 7 Professional Version 6.1 Build 7600

    3. Malware Bytes and Super Anti Spyware

    4. Not that I know

    5. I think so? came with McAfee installed I believe

    6a. None of them

    6b. None of them

    6c. Neither

    6d. neither

    6e. have KB2544521

    7. Yes firefox

    8. no, not that I know of

     
     
     
    OK - to be on the safe side, we'd better run the uninstallers for both Norton and McAfee.
    You say you have MBAM and SAS - but you haven't mentioned any anti-virus?? Neither of these programs are anti-viruses.
     
    If you have no proper anti-virus protection installed, then there is no point in attempting to fix this installation - you should reformat and reinstall. Please let us know what AV is installed, if any.
     
    to run the Norton and McAfee uninstallers download them from the links below, following the instructions - note that teh uninstallers will work no matter which option you pick, since the difference in in the reactivation links, rather than anything else, and have nothing to do with the uninstallers themselves.
     
    Norton Removal Tool
     
    McAfee MCPR
     
    reboot after each uninstall (whether it asks for it or not)
    then post a new MGADiag report.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    I just noticed that I do have McAfee installed but it said OAS disabled - I enabled it and should I still uninstall them? Will they reinstall?
    Wednesday, May 16, 2012 2:20 AM
  • "Bdeniso" wrote in message news:f495bc83-d4f2-4373-aa36-cbecbde6dbeb...

    1. Summer of 2010, Windows 7 came per-installed

    2. Win 7 Professional Version 6.1 Build 7600

    3. Malware Bytes and Super Anti Spyware

    4. Not that I know

    5. I think so? came with McAfee installed I believe

    6a. None of them

    6b. None of them

    6c. Neither

    6d. neither

    6e. have KB2544521

    7. Yes firefox

    8. no, not that I know of

     
     
     
    OK - to be on the safe side, we'd better run the uninstallers for both Norton and McAfee.
    You say you have MBAM and SAS - but you haven't mentioned any anti-virus?? Neither of these programs are anti-viruses.
     
    If you have no proper anti-virus protection installed, then there is no point in attempting to fix this installation - you should reformat and reinstall. Please let us know what AV is installed, if any.
     
    to run the Norton and McAfee uninstallers download them from the links below, following the instructions - note that teh uninstallers will work no matter which option you pick, since the difference in in the reactivation links, rather than anything else, and have nothing to do with the uninstallers themselves.
     
    Norton Removal Tool
     
    McAfee MCPR
     
    reboot after each uninstall (whether it asks for it or not)
    then post a new MGADiag report.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Actually, I have McAffee installed but it wont let On Access scan be enabled keeps turning off.  Running a on demand scan now while I wait if I should still proceed with uninstall.
    Wednesday, May 16, 2012 2:25 AM
  • Uninstall.  You can reinstall later.  You can run the free scan from the website.  Most of the anti-virus providers have a free online scanner you can use.

    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

    Wednesday, May 16, 2012 2:36 AM
    Answerer
  • "Bdeniso" wrote in message news:8948bc5b-d515-41f8-a089-7ca5544b6225...
    Actually, I have McAffee installed but it wont let On Access scan be enabled keeps turning off.  Running a on demand scan now while I wait if I should still proceed with uninstall.
    What is the date of the installed  definitions?
    Does it say 'license expired' anywhere?
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, May 16, 2012 8:44 AM
    Moderator
  • "Bdeniso" wrote in message news:8948bc5b-d515-41f8-a089-7ca5544b6225...
    Actually, I have McAffee installed but it wont let On Access scan be enabled keeps turning off.  Running a on demand scan now while I wait if I should still proceed with uninstall.
    What is the date of the installed  definitions?
    Does it say 'license expired' anywhere?
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Installed 8/24/2010

    And says licensed and not licensee expired

    Wednesday, May 16, 2012 4:06 PM
  • "Bdeniso" wrote in message news:b1417701-c444-4477-b9de-a01b1b2f647b...
    Installed 8/24/2010

    And says licensed and not licensee expired

    ...and you'd forgotten all about it? - even after a 'virus' attack a few months ago??
     
    - from the date, it looks as if it was installed when you first got the PC?
     
    Most licenses only run for 12 months - and most AV's have at least one serious upgrade during that period.
     
    I'll ask PA Bear to look in and see if he can advise.
     
     
     
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, May 16, 2012 4:36 PM
    Moderator
  • "Bdeniso" wrote in message news:b1417701-c444-4477-b9de-a01b1b2f647b...
    Installed 8/24/2010

    And says licensed and not licensee expired

    ...and you'd forgotten all about it? - even after a 'virus' attack a few months ago??
     
    - from the date, it looks as if it was installed when you first got the PC?
     
    Most licenses only run for 12 months - and most AV's have at least one serious upgrade during that period.
     
    I'll ask PA Bear to look in and see if he can advise.
     
     
     
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    I didn't forget about it per se, but since it came pre-installed I just forgot to mention it when you asked.  And it wasn't a virus, it was malware playing ads in the background.  It is updated I am not sure where to look to tell you what version. Ver 8.7.0i it says in one place, and DAT Version 6712.0000, Scan engine version 5400.1158
    Wednesday, May 16, 2012 6:49 PM
  • Let me cut to the chase & be brief here.

    You are seeing the effects of a longstanding hijackware infection, possibly compounded by a rootkit (or bootkit) infection!  See...

       • Cleaning a Compromised System
          http://technet.microsoft.com/en-us/library/cc700813.aspx

    Then see the (my) ANSWER post in this thread and follow those instructions (to-the-letter and in order!) to return your computer to a secure & functional state: http://answers.microsoft.com/thread/bc95f2f0-7968-4bd0-8de5-70b83db31fa6

    Note: The computer should NOT be connected to the internet or any local networks (i.e., other computers) in its current state. All of your personal data (e.g., online banking & credit-card passwords) should be considered at-risk, if not already compromised.

    Wish I'd had better news for you. Good luck!


    ~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services since 2002
    MS MVPs neither represent nor work for Microsoft 

    Wednesday, May 16, 2012 9:30 PM