locked
Vista Not Genuine after Avast! Bootscan removed Trojan "Java:Agent-AO", has been for three years. RRS feed

  • Question

  • Greetings. After a regular full system bootscan from my trusty Avast! Antivirus, four files were deleted based on recommendation of being recognized as a Trojan.  Upon starting up, I now have the following displayed in the bottom right corner of the desktop:

    "Windows Vista (TM)
    Build 6002
    This copy of Windows is not genuine"

    The files displayed as:
    C:\Users\Taylor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\653a8b4a-22c4b6d3|vmain.class
    C:\Users\Taylor\AppData\LocalLow\Sun\Java\Deployment\cache\41e8aee3-239e9ada|vmain.class
    C:\Users\Taylor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4084a7b0-4465276a|>______vload.class
    C:\Users\Taylor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4084a7b0-4465276a|>vmain.class

    Upon reading another thread, I downloaded and ran a diagnostic (MGADiag). As you can see from the report below, it states "Validation Status: Genuine". Any ideas about what (if anything) I should do to resolve this? Would reinstalling Java be a good idea? DId I inadvertantly delete something needed?

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-4JJQP-TP64Y-RPFFV
    Windows Product Key Hash: W7I5PeTN2iJuvTTU9QmIXc6iQqY=
    Windows Product ID: 89578-OEM-7332157-00043
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {0C377D1E-373B-4611-A415-54290DC110BE}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.101014-0432
    TTS Error: M:20110629114222943-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 102
    2007 Microsoft Office system - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{0C377D1E-373B-4611-A415-54290DC110BE}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RPFFV</PKey><PID>89578-OEM-7332157-00043</PID><PIDType>2</PIDType><SID>S-1-5-21-2426717977-387080370-4285042848</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc.        </Manufacturer><Model>M50Vm               </Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>207    </Version><SMBIOSVersion major="2" minor="5"/><Date>20080811000000.000000+000</Date></BIOS><HWID>3B313507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Canada Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-0031-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>2007 Microsoft Office system</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAEcXAAAAAAAAYWECAOSvpqBCJufmgzbMARhy9171jCizkdIEkQaJZ678pfJt0gC0kR5kXHPc4LpZrD32bFnAsHVirdXL6S/F7FF0H9Oh+hJEw7XKSAShRbeHe+VPe3RVLezRDMPRxtud1mjkjzXhcq94m48ceJqGOPu1UvB7bxiIfUEtgIRGphkOSa+EGUYcOX5/UvkAHnVxZcgJE7vAy9kku8TlF45JWpsbJiscvAYWgzyFZ0z79y0OKm53Bw867hHNE43WvZqUI0Rf1MqA3D5sWfEw7WeNfzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005
    Name: Windows(TM) Vista, HomePremium edition
    Description: Windows Operating System - Vista, OEM_SLP channel
    Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 89578-00146-321-500043-02-1033-6001.0000-2612008
    Installation ID: 103891594940529821901211843385506602511596048863996614
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
    Partial Product Key: RPFFV
    License Status: Licensed

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: PgAAAAIABAABAAEAAgACAAAABAABAAEAeqhadgKbb1CeEbg5gk741cADps6N7/L01pt4zE3xYszeBaxWRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   081108  APIC2148
      FACP   081108  FACP2148
      DBGP   081108  DBGP2148
      HPET   081108  OEMHPET
      BOOT   081108  BOOT2148
      MCFG   081108  OEMMCFG
      SLIC   _ASUS_  Notebook
      ECDT   081108  OEMECDT
      OEMB   081108  OEMB2148
      ATKG   022008  OEMATKG
      SSDT   PmRef  CpuPm

     

    Friday, July 8, 2011 8:21 PM

Answers

All replies