Says computer not running genuine Windows

All replies

• 

  

  0

  Sign in to vote

  The mismatches suggest that you need to reinstall the Intel Rapid Storage Drivers.  This can be caused by a recent update.

  Download the Intel Rapid Storage Drivers from here:
   
  http://bit.ly/xmcovN
   
   You’ll need the set for the x64 (64-bit) platform on Win7.
   
  Once complete, please reboot twice, then post another MGADiag report.
   
  Good Luck!

  ---

  Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

  Sunday, May 13, 2012 7:55 PM

  Answerer
• 

  

  0

  Sign in to vote

  He actually needs the 32-bit version, Colin - but since both are in the same package, it doesn't make much difference :)

  ><Architecture>x32</Architecture><

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Sunday, May 13, 2012 8:03 PM

  Moderator
• 

  

  0

  Sign in to vote

  Here are the new logs.

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  
  Validation Code: 0x8004FE21
  Cached Online Validation Code: 0x0
  Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
  Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
  Windows Product ID: 00371-OEM-8992671-00524
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.1.7600.2.00010100.0.0.048
  ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows 7 Professional
  Architecture: 0x00000000
  Build lab: 7600.win7_gdr.110622-1503
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A
  
  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  
  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002
  
  OGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  OGAExec.exe Signed By: N/A, hr = 0x80070002
  OGAAddin.dll Signed By: N/A, hr = 0x80070002
  
  OGA Data-->
  Office Status: 109 N/A
  OGA Version: N/A, 0x80070002
  Signed By: N/A, hr = 0x80070002
  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
  
  Browser Data-->
  Proxy settings: N/A
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed
  
  File Scan Data-->
  
  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>E2     </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
  
  Spsys.log Content: 0x80070002
  
  Licensing Data-->
  Software licensing service version: 6.1.7600.16385
  
  Name: Windows(R) 7, Professional edition
  Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
  Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
  Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
  Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
  Installation ID: 013786937242744224473514982353667282985713024056079126
  Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
  Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
  Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
  Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
  Partial Product Key: 733WD
  License Status: Licensed
  Remaining Windows rearm count: 3
  Trusted time: 5/14/2012 1:12:14 AM
  
  Windows Activation Technologies-->
  HrOffline: 0x8004FE21
  HrOnline: N/A
  HealthStatus: 0x000000000003EFFF
  Event Time Stamp: 5:8:2012 02:39
  ActiveX: Registered, Version: 7.1.7600.16395
  Admin Service: Registered, Version: 7.1.7600.16395
  HealthStatus Bitmask Output:
  Tampered File: %systemroot%\system32\wat\watadminsvc.exe
  Tampered File: %systemroot%\system32\wat\watweb.dll
  Tampered File: %systemroot%\system32\wat\npwatweb.dll
  Tampered File: %systemroot%\system32\wat\watux.exe
  Tampered File: %systemroot%\system32\sppobjs.dll
  Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
  Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
  Tampered File: %systemroot%\system32\sppwinob.dll
  Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
  Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
  Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
  Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
  Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
  Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
  Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
  Tampered File: %systemroot%\system32\drivers\spsys.sys
  Tampered File: %systemroot%\system32\drivers\spldr.sys
  
  
  HWID Data-->
  HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==
  
  OEM Activation 1.0 Data-->
  N/A
  
  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20001
  OEMID and OEMTableID Consistent: yes
  BIOS Information:
    ACPI Table Name    OEMID Value    OEMTableID Value
    APIC            DELL          E2     
    FACP            DELL          E2     
    HPET            DELL          E2     
    BOOT            DELL          E2      
    MCFG            A M I         GMCH945.
    TCPA                    
    SLIC            DELL          E2     
    SSDT            PmRef        CpuPm
  
  

  Monday, May 14, 2012 6:12 AM
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:57f5b6a0-c232-47ba-9413-3841114b0f3f...

  Here are the new logs.

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  
  Validation Code: 0x8004FE21
  Cached Online Validation Code: 0x0
  Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
  Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
  Windows Product ID: 00371-OEM-8992671-00524
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.1.7600.2.00010100.0.0.048
  
  
  Windows Activation Technologies-->
  HrOffline: 0x8004FE21
  HrOnline: N/A
  HealthStatus: 0x000000000003EFFF
  Event Time Stamp: 5:8:2012 02:39
  ActiveX: Registered, Version: 7.1.7600.16395
  Admin Service: Registered, Version: 7.1.7600.16395
  HealthStatus Bitmask Output:
  Tampered File: %systemroot%\system32\wat\watadminsvc.exe
  Tampered File: %systemroot%\system32\wat\watweb.dll
  Tampered File: %systemroot%\system32\wat\npwatweb.dll
  Tampered File: %systemroot%\system32\wat\watux.exe
  Tampered File: %systemroot%\system32\sppobjs.dll
  Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
  Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
  Tampered File: %systemroot%\system32\sppwinob.dll
  Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
  Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
  Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
  Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
  Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
  Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
  Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
  Tampered File: %systemroot%\system32\drivers\spsys.sys
  Tampered File: %systemroot%\system32\drivers\spldr.sys
  
  

   

   

  please try the following...

  from an elevated Command Prompt, run the following commands.

   

  regsvr32 softpub.dll

  regsvr32 wintrust.dll

   

  reboot amnd run another MGADiag report.

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Monday, May 14, 2012 8:10 AM

  Moderator
• 

  

  0

  Sign in to vote

  New logs:

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  
  Validation Code: 0x8004FE21
  Cached Online Validation Code: 0x0
  Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
  Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
  Windows Product ID: 00371-OEM-8992671-00524
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.1.7600.2.00010100.0.0.048
  ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows 7 Professional
  Architecture: 0x00000000
  Build lab: 7600.win7_gdr.110622-1503
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A
  
  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  
  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002
  
  OGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  OGAExec.exe Signed By: N/A, hr = 0x80070002
  OGAAddin.dll Signed By: N/A, hr = 0x80070002
  
  OGA Data-->
  Office Status: 109 N/A
  OGA Version: N/A, 0x80070002
  Signed By: N/A, hr = 0x80070002
  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
  
  Browser Data-->
  Proxy settings: N/A
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed
  
  File Scan Data-->
  
  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>E2     </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
  
  Spsys.log Content: 0x80070002
  
  Licensing Data-->
  Software licensing service version: 6.1.7600.16385
  
  Name: Windows(R) 7, Professional edition
  Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
  Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
  Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
  Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
  Installation ID: 013786937242744224473514982353667282985713024056079126
  Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
  Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
  Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
  Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
  Partial Product Key: 733WD
  License Status: Licensed
  Remaining Windows rearm count: 3
  Trusted time: 5/14/2012 1:45:11 PM
  
  Windows Activation Technologies-->
  HrOffline: 0x8004FE21
  HrOnline: N/A
  HealthStatus: 0x000000000003EFFF
  Event Time Stamp: 5:8:2012 02:39
  ActiveX: Registered, Version: 7.1.7600.16395
  Admin Service: Registered, Version: 7.1.7600.16395
  HealthStatus Bitmask Output:
  Tampered File: %systemroot%\system32\wat\watadminsvc.exe
  Tampered File: %systemroot%\system32\wat\watweb.dll
  Tampered File: %systemroot%\system32\wat\npwatweb.dll
  Tampered File: %systemroot%\system32\wat\watux.exe
  Tampered File: %systemroot%\system32\sppobjs.dll
  Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
  Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
  Tampered File: %systemroot%\system32\sppwinob.dll
  Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
  Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
  Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
  Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
  Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
  Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
  Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
  Tampered File: %systemroot%\system32\drivers\spsys.sys
  Tampered File: %systemroot%\system32\drivers\spldr.sys
  
  
  HWID Data-->
  HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==
  
  OEM Activation 1.0 Data-->
  N/A
  
  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20001
  OEMID and OEMTableID Consistent: yes
  BIOS Information:
    ACPI Table Name    OEMID Value    OEMTableID Value
    APIC            DELL          E2     
    FACP            DELL          E2     
    HPET            DELL          E2     
    BOOT            DELL          E2      
    MCFG            A M I         GMCH945.
    TCPA                    
    SLIC            DELL          E2     
    SSDT            PmRef        CpuPm
  
  

  Monday, May 14, 2012 6:45 PM
• 

  

  0

  Sign in to vote

  Sorry about that - getting my threads confused :(

  No change - let's look elsewhere.

  This will sound odd - but what error messages do you get if you attempt to either Check for Updates, or install updates??

  These error messages often are more descriptive than those in an MGADiag report.

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Monday, May 14, 2012 8:38 PM

  Moderator
• 

  

  0

  Sign in to vote

  Code received

  Error Code 80096001

  Monday, May 14, 2012 9:32 PM
• 

  

  0

  Sign in to vote

  Also the error number when the pop up validation thing comes up is

  0x8004fe21

  Tuesday, May 15, 2012 12:54 AM
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

  Code received

  Error Code 80096001

  That error code is suggestive of malware.

   

  (unashamed steal from PA Bear - who I'm pinging for assistance)

  <quote>

  Please answer each of the following diagnostic questions in a numbered list in your very next reply (no need to quote this post):

  1a. When (approx. date) did you purchase the computer?

  1b. Did Win7 come preinstalled on the computer when you bought it, did you do a clean install of Win7, or did you upgrade from Vista to Win7?

  2. Is Windows 7 Service Pack 1 (already) installed? See...

  • Which version of the Windows operating system am I running?
  http://windows.microsoft.com/en-us/windows7/help/which-version-of-the-windows-operating-system-am-i-running

  3a. When (approx. date) did you install Microsoft Security Essentials (MSE)?

  3b. Was MSE offered & installed via Windows Update or did you intentionally choose to install it?

  4. What anti-virus application was installed before you installed MSE, was your subscription still current, and did you uninstall it before you installed MSE?

  5. Has a(nother) Norton application or a McAfee application EVER been installed on the computer?

  6. Did a Norton free-trial or a McAfee free-trial [pick one] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

  7a. Are ANY of the following updates listed in View installed updates (not Update History)? [1]

  • KB2631813, KB2644615, KB2584146, KB2585542

  7b. How about these updates?...

  • KB2618444, KB2633171, KB2639417, KB2620712, KB2619339; KB2641690 & KB2588516

  • KB2572076 or KB2572077 [<=TELL ME WHICH ONE]

  • KB2544521 or Windows Internet Explorer 9 [<=TELL ME WHICH ONE]

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  Related references may include:

  Check list for installing Microsoft Security Essentials
  http://answers.microsoft.com/thread/bf757e6a-e320-4a67-92bc-767e6acb26c4

  Can I install Microsoft Security Essentials [or any other anti-virus/anti-spyware application] to clean up my already-infected computer?
  http://answers.microsoft.com/thread/87058857-d181-4019-a723-efd9a49d9275

  </quote>

  we already have the answer to a couple of these questions from the report - but please fill them all in anyhow.

   

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, May 15, 2012 9:54 AM

  Moderator
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

  Code received

  Error Code 80096001

   

  You could try the fixit from here http://support.microsoft..com/kb/2230957 - it sometimes works

   

  post back with a fresh MGADiag report after rebooting

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, May 15, 2012 12:14 PM

  Moderator
• 

  

  0

  Sign in to vote

  "Noel D Paton" wrote in message news:b1d6ebbf-15cb-45c3-be44-de8f3d7da221...

  "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

  Code received

  Error Code 80096001

  That error code is suggestive of malware.

   

  (unashamed steal from PA Bear - who I'm pinging for assistance)

   

   

   

  PA Bear has asked me to refer you to this thread - http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/my-windows-installer-has-failed-or-cannot-be/2927f131-91d8-47e3-9bb7-69ce50e70e47

   

  and answer the questions posed  in his first post there (responses in this thread, please!)

   

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, May 15, 2012 3:21 PM

  Moderator
• 

  

  0

  Sign in to vote

  Answers to very last post:

  1. Summer of 2010, Windows 7 came per-installed

  2. Win 7 Professional Version 6.1 Build 7600

  3. Malware Bytes and Super Anti Spyware

  4. Not that I know

  5. I think so? came with McAfee installed I believe

  6a. None of them

  6b. None of them

  6c. Neither

  6d. neither

  6e. have KB2544521

  7. Yes firefox

  8. no, not that I know of

  
  

  • Edited by Bdeniso Tuesday, May 15, 2012 8:10 PM

  Tuesday, May 15, 2012 8:10 PM
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

  Code received

  Error Code 80096001

   

  You could try the fixit from here http://support.microsoft..com/kb/2230957 - it sometimes works

   

  post back with a fresh MGADiag report after rebooting

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  new log:

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  
  Validation Code: 0x8004FE21
  Cached Online Validation Code: 0x0
  Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
  Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
  Windows Product ID: 00371-OEM-8992671-00524
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.1.7600.2.00010100.0.0.048
  ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows 7 Professional
  Architecture: 0x00000000
  Build lab: 7600.win7_gdr.110622-1503
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A
  
  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  
  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002
  
  OGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  OGAExec.exe Signed By: N/A, hr = 0x80070002
  OGAAddin.dll Signed By: N/A, hr = 0x80070002
  
  OGA Data-->
  Office Status: 109 N/A
  OGA Version: N/A, 0x80070002
  Signed By: N/A, hr = 0x80070002
  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
  
  Browser Data-->
  Proxy settings: N/A
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed
  
  File Scan Data-->
  
  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>E2     </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
  
  Spsys.log Content: 0x80070002
  
  Licensing Data-->
  Software licensing service version: 6.1.7600.16385
  
  Name: Windows(R) 7, Professional edition
  Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
  Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
  Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
  Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
  Installation ID: 013786937242744224473514982353667282985713024056079126
  Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
  Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
  Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
  Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
  Partial Product Key: 733WD
  License Status: Licensed
  Remaining Windows rearm count: 3
  Trusted time: 5/15/2012 3:17:02 PM
  
  Windows Activation Technologies-->
  HrOffline: 0x8004FE21
  HrOnline: N/A
  HealthStatus: 0x000000000003EFFF
  Event Time Stamp: 5:15:2012 07:45
  ActiveX: Registered, Version: 7.1.7600.16395
  Admin Service: Registered, Version: 7.1.7600.16395
  HealthStatus Bitmask Output:
  Tampered File: %systemroot%\system32\wat\watadminsvc.exe
  Tampered File: %systemroot%\system32\wat\watweb.dll
  Tampered File: %systemroot%\system32\wat\npwatweb.dll
  Tampered File: %systemroot%\system32\wat\watux.exe
  Tampered File: %systemroot%\system32\sppobjs.dll
  Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
  Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
  Tampered File: %systemroot%\system32\sppwinob.dll
  Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
  Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
  Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
  Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
  Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
  Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
  Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
  Tampered File: %systemroot%\system32\drivers\spsys.sys
  Tampered File: %systemroot%\system32\drivers\spldr.sys
  
  
  HWID Data-->
  HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==
  
  OEM Activation 1.0 Data-->
  N/A
  
  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20001
  OEMID and OEMTableID Consistent: yes
  BIOS Information:
    ACPI Table Name    OEMID Value    OEMTableID Value
    APIC            DELL          E2     
    FACP            DELL          E2     
    HPET            DELL          E2     
    BOOT            DELL          E2      
    MCFG            A M I         GMCH945.
    TCPA                    
    SLIC            DELL          E2     
    SSDT            PmRef        CpuPm
  
  

  Tuesday, May 15, 2012 8:18 PM
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:f495bc83-d4f2-4373-aa36-cbecbde6dbeb...

  1. Summer of 2010, Windows 7 came per-installed

  2. Win 7 Professional Version 6.1 Build 7600

  3. Malware Bytes and Super Anti Spyware

  4. Not that I know

  5. I think so? came with McAfee installed I believe

  6a. None of them

  6b. None of them

  6c. Neither

  6d. neither

  6e. have KB2544521

  7. Yes firefox

  8. no, not that I know of

   

   

   

  OK - to be on the safe side, we'd better run the uninstallers for both Norton and McAfee.

  You say you have MBAM and SAS - but you haven't mentioned any anti-virus?? Neither of these programs are anti-viruses.

   

  If you have no proper anti-virus protection installed, then there is no point in attempting to fix this installation - you should reformat and reinstall. Please let us know what AV is installed, if any.

   

  to run the Norton and McAfee uninstallers download them from the links below, following the instructions - note that teh uninstallers will work no matter which option you pick, since the difference in in the reactivation links, rather than anything else, and have nothing to do with the uninstallers themselves.

   

  Norton Removal Tool

  https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

   

  McAfee MCPR

  http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=CS41013

   

  reboot after each uninstall (whether it asks for it or not)

  then post a new MGADiag report.

   

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, May 15, 2012 8:22 PM

  Moderator
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

  Code received

  Error Code 80096001

  That error code is suggestive of malware.

   

  (unashamed steal from PA Bear - who I'm pinging for assistance)

  <quote>

  Please answer each of the following diagnostic questions in a numbered list in your very next reply (no need to quote this post):

  1a. When (approx. date) did you purchase the computer?

  1b. Did Win7 come preinstalled on the computer when you bought it, did you do a clean install of Win7, or did you upgrade from Vista to Win7?

  2. Is Windows 7 Service Pack 1 (already) installed? See...

  • Which version of the Windows operating system am I running?
  http://windows.microsoft.com/en-us/windows7/help/which-version-of-the-windows-operating-system-am-i-running

  3a. When (approx. date) did you install Microsoft Security Essentials (MSE)?

  3b. Was MSE offered & installed via Windows Update or did you intentionally choose to install it?

  4. What anti-virus application was installed before you installed MSE, was your subscription still current, and did you uninstall it before you installed MSE?

  5. Has a(nother) Norton application or a McAfee application EVER been installed on the computer?

  6. Did a Norton free-trial or a McAfee free-trial [pick one] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

  7a. Are ANY of the following updates listed in View installed updates (not Update History)? [1]

  • KB2631813, KB2644615, KB2584146, KB2585542

  7b. How about these updates?...

  • KB2618444, KB2633171, KB2639417, KB2620712, KB2619339; KB2641690 & KB2588516

  • KB2572076 or KB2572077 [<=TELL ME WHICH ONE]

  • KB2544521 or Windows Internet Explorer 9 [<=TELL ME WHICH ONE]

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  Related references may include:

  Check list for installing Microsoft Security Essentials
  http://answers.microsoft.com/thread/bf757e6a-e320-4a67-92bc-767e6acb26c4

  Can I install Microsoft Security Essentials [or any other anti-virus/anti-spyware application] to clean up my already-infected computer?
  http://answers.microsoft.com/thread/87058857-d181-4019-a723-efd9a49d9275

  </quote>

  we already have the answer to a couple of these questions from the report - but please fill them all in anyhow.

   

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  1. Summer 2010

  1b. Win 7 preinstalled

  2. Win 7 Professional Version 6.1 Build 7600

  3. I really have no idea, I think it came preinstalled

  4. I dont think so

  5. Not to my knowledge

  6. I think McAfee did

  7a. none of them

  7b. none of them, neither KB2572076 or KB2572077, and do have KB2544521

  Tuesday, May 15, 2012 8:23 PM
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:094f8454-a07c-4f68-a36d-0fe93e292b60...

  "Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...

  Code received

  Error Code 80096001

   

  You could try the fixit from here http://support.microsoft...com/kb/2230957 - it sometimes works

   

  post back with a fresh MGADiag report after rebooting

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  new log:

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  
  Validation Code: 0x8004FE21
  Cached Online Validation Code: 0x0
  Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
  Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
  Windows Product ID: 00371-OEM-8992671-00524
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.1.7600.2.00010100.0.0.048
  
  
  

  No change :(

  Please see my other note on your  AV situation.

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, May 15, 2012 8:29 PM

  Moderator
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:f495bc83-d4f2-4373-aa36-cbecbde6dbeb...

  1. Summer of 2010, Windows 7 came per-installed

  2. Win 7 Professional Version 6.1 Build 7600

  3. Malware Bytes and Super Anti Spyware

  4. Not that I know

  5. I think so? came with McAfee installed I believe

  6a. None of them

  6b. None of them

  6c. Neither

  6d. neither

  6e. have KB2544521

  7. Yes firefox

  8. no, not that I know of

   

   

   

  OK - to be on the safe side, we'd better run the uninstallers for both Norton and McAfee.

  You say you have MBAM and SAS - but you haven't mentioned any anti-virus?? Neither of these programs are anti-viruses.

   

  If you have no proper anti-virus protection installed, then there is no point in attempting to fix this installation - you should reformat and reinstall. Please let us know what AV is installed, if any.

   

  to run the Norton and McAfee uninstallers download them from the links below, following the instructions - note that teh uninstallers will work no matter which option you pick, since the difference in in the reactivation links, rather than anything else, and have nothing to do with the uninstallers themselves.

   

  Norton Removal Tool

  https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

   

  McAfee MCPR

  http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=CS41013

   

  reboot after each uninstall (whether it asks for it or not)

  then post a new MGADiag report.

   

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  I just noticed that I do have McAfee installed but it said OAS disabled - I enabled it and should I still uninstall them? Will they reinstall?
  

  Wednesday, May 16, 2012 2:20 AM
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:f495bc83-d4f2-4373-aa36-cbecbde6dbeb...

  1. Summer of 2010, Windows 7 came per-installed

  2. Win 7 Professional Version 6.1 Build 7600

  3. Malware Bytes and Super Anti Spyware

  4. Not that I know

  5. I think so? came with McAfee installed I believe

  6a. None of them

  6b. None of them

  6c. Neither

  6d. neither

  6e. have KB2544521

  7. Yes firefox

  8. no, not that I know of

   

   

   

  OK - to be on the safe side, we'd better run the uninstallers for both Norton and McAfee.

  You say you have MBAM and SAS - but you haven't mentioned any anti-virus?? Neither of these programs are anti-viruses.

   

  If you have no proper anti-virus protection installed, then there is no point in attempting to fix this installation - you should reformat and reinstall. Please let us know what AV is installed, if any.

   

  to run the Norton and McAfee uninstallers download them from the links below, following the instructions - note that teh uninstallers will work no matter which option you pick, since the difference in in the reactivation links, rather than anything else, and have nothing to do with the uninstallers themselves.

   

  Norton Removal Tool

  https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

   

  McAfee MCPR

  http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=CS41013

   

  reboot after each uninstall (whether it asks for it or not)

  then post a new MGADiag report.

   

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Actually, I have McAffee installed but it wont let On Access scan be enabled keeps turning off.  Running a on demand scan now while I wait if I should still proceed with uninstall.
  

  Wednesday, May 16, 2012 2:25 AM
• 

  

  0

  Sign in to vote

  Uninstall.  You can reinstall later.  You can run the free scan from the website.  Most of the anti-virus providers have a free online scanner you can use.

  ---

  Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

  Wednesday, May 16, 2012 2:36 AM

  Answerer
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:8948bc5b-d515-41f8-a089-7ca5544b6225...

  Actually, I have McAffee installed but it wont let On Access scan be enabled keeps turning off.  Running a on demand scan now while I wait if I should still proceed with uninstall.
  

  What is the date of the installed  definitions?

  Does it say 'license expired' anywhere?

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Wednesday, May 16, 2012 8:44 AM

  Moderator
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:8948bc5b-d515-41f8-a089-7ca5544b6225...

  Actually, I have McAffee installed but it wont let On Access scan be enabled keeps turning off.  Running a on demand scan now while I wait if I should still proceed with uninstall.
  

  What is the date of the installed  definitions?

  Does it say 'license expired' anywhere?

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Installed 8/24/2010

  And says licensed and not licensee expired

  Wednesday, May 16, 2012 4:06 PM
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:b1417701-c444-4477-b9de-a01b1b2f647b...

  Installed 8/24/2010

  And says licensed and not licensee expired

  ...and you'd forgotten all about it? - even after a 'virus' attack a few months ago??

   

  - from the date, it looks as if it was installed when you first got the PC?

   

  Most licenses only run for 12 months - and most AV's have at least one serious upgrade during that period.

   

  I'll ask PA Bear to look in and see if he can advise.

   

   

   

   

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Wednesday, May 16, 2012 4:36 PM

  Moderator
• 

  

  0

  Sign in to vote

  "Bdeniso" wrote in message news:b1417701-c444-4477-b9de-a01b1b2f647b...

  Installed 8/24/2010

  And says licensed and not licensee expired

  ...and you'd forgotten all about it? - even after a 'virus' attack a few months ago??

   

  - from the date, it looks as if it was installed when you first got the PC?

   

  Most licenses only run for 12 months - and most AV's have at least one serious upgrade during that period.

   

  I'll ask PA Bear to look in and see if he can advise.

   

   

   

   

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  I didn't forget about it per se, but since it came pre-installed I just forgot to mention it when you asked.  And it wasn't a virus, it was malware playing ads in the background.  It is updated I am not sure where to look to tell you what version. Ver 8.7.0i it says in one place, and DAT Version 6712.0000, Scan engine version 5400.1158
  

  Wednesday, May 16, 2012 6:49 PM
• 

  

  1

  Sign in to vote

  Let me cut to the chase & be brief here.

  You are seeing the effects of a longstanding hijackware infection, possibly compounded by a rootkit (or bootkit) infection!  See...

     • Cleaning a Compromised System
        http://technet.microsoft.com/en-us/library/cc700813.aspx

  Then see the (my) ANSWER post in this thread and follow those instructions (to-the-letter and in order!) to return your computer to a secure & functional state: http://answers.microsoft.com/thread/bc95f2f0-7968-4bd0-8de5-70b83db31fa6

  Note: The computer should NOT be connected to the internet or any local networks (i.e., other computers) in its current state. All of your personal data (e.g., online banking & credit-card passwords) should be considered at-risk, if not already compromised.

  Wish I'd had better news for you. Good luck!

  ---

  ~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services since 2002
  MS MVPs neither represent nor work for Microsoft 

  • Edited by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Wednesday, May 16, 2012 9:34 PM
  • Marked as answer by Darin Smith MS Monday, May 21, 2012 10:25 PM

  Wednesday, May 16, 2012 9:30 PM