locked
Windows 7 Genuine Alert reoccuring RRS feed

  • Question

  • I get the alert that Windows is not genuine repeatedly. After many bouts with chkdsk trying to coorect the drive bitmap indices a got an alert that Windows might be pirated and not genuine so I went on the hunt and found several tools to correct the problem with only my last stop producing a FixIt application that actually installed and operated as it should. I then proceeded to activate and got the validation success with the obvious gratuities and thanks for being a Microsoft consumer. Now, I am getting the alerts again and after the second time I went back to system and re-entered my product key to validate and license my product again with success. The whole time, my windows system shows that my installation of Windows 7 is in fact Genuine complete with the report that it is Windows 7 SP1, the build number and the Genuine Advantage Logo graphic in the lower right of the window.

    I ran the MGAD tool and it reports all of the details that I would expect to see and they are all absolutely correct. The cab file output by the tool was a little more informative with a report that there was a health status failure with several codes. When I copied and pasted them into a web search field to investigate their purpose I was returned with nothing but hacker links and forums as well as sites hosting pirated copies of Windows 7 and Windows 7 SP1. This is not exactly what I consider support and may help you all out, but more importantly I want to see better support in these forums and sites of Microsoft in the future -- this is ridiculous.

    Currently I am enrolled in college and haven't the time to neither play these trivial games of cat and mouse in a round robin fashion akin to a daisy chained circle jerk nor do I believe that the Universities and businesses reliant on Microsoft technologies are any better for wear as I have seen their reports cropping up all over now. These quick fixes don't appear to be anything outside of a bandage placed over a gaping, sucking, chest wound in Windows and Windows 7 SP1 has already proven to me worse than XP or Vista during like periods and update procedures.

    Never the less, my MGAD details are as follows and in response to posting these findings I see nothing that would indicate anything that could be utilized diagnostically. The best output for diagnostics, after my de-compression and perusal, are the cab files output of the MGAD tool which identified the system health failure report that I addressed earlier that once "web-searched" produced nothing but WAREZ quality results. i am somewhat a white hat and am not easily led into a good line of B.S. as a heads up for any respondent here to my problem and my patience is paper thin. In addition to the MGAD reports MS Security Essentials identified a Windows 7 key generator on my system of which I obviously do not need and how it got onto my box I've no idea as I have tried to limit my exposure with these problems to Microsoft sites and partner sites so be aware that your servers may have been assaulted not that that's news to anyone at Microsoft considering your servers are attacked millions of times a second on average.

    I am a Microsoft fan and am seriously disappointed with the current turn of events and hope that you al resolve these issues post haste (like yesterday), once again my MGAD results as copied from within MGAD using its copy functionality and pasted here directly:

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE22

    Cached Online Validation Code: N/A, hr = 0xc004f012

    Windows Product Key: *****-*****-*****-*****-G22BX (I edited here with asterisks as i do not expose my keys openly and even this is too much in my opinion.)

    Windows Product Key Hash: RKK34NHA+79xk3Kh7XsKgGYy7ns=

    Windows Product ID: 00426-292-7362055-85407

    Windows Product ID Type: 5

    Windows License Type: Retail

    Windows OS version: 6.1.7600.2.00010100.1.0.001

    ID: {E583C2B0-EE5F-4013-B82B-E3CB40DE344D}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Ultimate

    Architecture: 0x00000009

    Build lab: 7600.win7_rtm.090713-1255

    TTS Error: T:20110812144811596-

    Validation Diagnostic: 

    Resolution Status: N/A

     

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

     

    OGA Data-->

    Office Status: 109 N/A

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{E583C2B0-EE5F-4013-B82B-E3CB40DE344D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-G22BX</PKey><PID>00426-292-7362055-85407</PID><PIDType>5</PIDType><SID>S-1-5-21-2456646436-1665439745-4094459593</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>FE</Version><SMBIOSVersion major="2" minor="4"/><Date>20100311000000.000000+000</Date></BIOS><HWID>AC723B07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

     

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAM4wAAAAAAAAYWECAAAA///Vl/J7sljMAROJf9ybj7SsIEe8hMh9DOEUBJykk7ybYtxyOk1Ua+K4N1ezLl9kdKwrBDLtW3qHfCs5tPW7DjeVJytY37WzvmMzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHn1lF/n8y80efDt+/tlNONuTVERUHO5L5uoRBqnyqi6wzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4fkRFCk5dZ9gb+/yOKCrmFIMrjQ/G9bK+KzWKQg+gnD3Kzm09bsON5UnK1jftbO+YzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDHh1mzGz+zFpBJmHoMIS4Efv//gSw54Cd912vjkidA9Ak/9qYZFTpXXEXa8o+CbwPTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

     

    Licensing Data-->

    Software licensing service version: 6.1.7601.17514

     

    Name: Windows(R) 7, Ultimate edition

    Description: Windows Operating System - Windows(R) 7, RETAIL channel

    Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 00426-00170-292-736205-00-1033-7600.0000-2302011

    Installation ID: 003820835716767100177355234684163932428265396080893472

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

    Partial Product Key: G22BX

    License Status: Licensed

    Remaining Windows rearm count: 5

    Trusted time: 8/19/2011 12:44:14 PM

     

    Windows Activation Technologies-->

    HrOffline: 0x8004FE22

    HrOnline: N/A

    HealthStatus: 0x0000000000004000

    Event Time Stamp: 8:18:2011 07:00

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui

     

     

    HWID Data-->

    HWID Hash Current: OgAAAAMABAABAAEAAQACAAAAAgABAAEAln2KpE0u5Op3AQw1Rrzkv4Q0AA/aScKPKs/WrepVbBRGyg==

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes, but no SLIC table

    Windows marker version: N/A

    OEMID and OEMTableID Consistent: N/A

    BIOS Information: 

      ACPI Table Name OEMID Value OEMTableID Value

      APIC GBT   GBTUACPI

      FACP GBT   GBTUACPI

      MCFG GBT   GBTUACPI

      TAMG GBT   GBT   B0

      SSDT PmRef CpuPm

     

     

    Friday, August 19, 2011 5:32 PM

Answers

  • "RDRush" wrote in message news:86964bab-1c46-449f-ae41-237e26d7a86e...

    KB971033 is already installed dialog is the result of trying to manually install Update for Windows 7 for x64-based Systems KB971033 MSU.

    A couple weeks back just after installing SP1 and having a few issues with erratic system behaviour I searched several topics addressing said problem(s) where the system32 had executables that weren't firing up like they should and ran across a site talking about corrupted executable files and followed some links that landed me on a tool called MalwareBytes. I have since un-installed the system but it is looking like its un-installer neglected to put stuff back the way it found it and this problem is starting to point in that direction.

     

    My WAT tools would obviously have to be installed and operational if I just had to validate Windows 7 as genuine last night otherwise the system would spit out errors about invalid data; etc. i have already successfully corrected the validation services problems that prevented me from validating Windows 7 with a FixIt application from Windows 7 Support forums here at MS online.

    Something's on this b!tch and that's all there is to that.

    I have SP! installed via updates, Windows Updates says that SP1 is in fact installed Windows System reports that I have installed Windows 7 SP1 and that it is Genuine Microsoft Windows. I cannot do an in-place upgrade repair with my Windows 7 DVD for Windows 64 bit because it is pre-SP1 release and the currently installed version of Windows is newer than the DVD version -- which makes sense obviously. So I located a download link to get a Windows 7 SP1 64bit DVD ISO because I have Windows 7 Ultimate 64 bit that is updated to SP1 and then I'll do an in-place upgrade with that to repair my system -- wrong! The 7 SP1 DVD tells me that I need to have SP1 installed and rolls back the installation...

    Can't uninstall SP1 because there is no uninstall button in Windows Update for SP1 like it was the Windows 7 SP1 retail version. Tried to manually uninstall it via command prompt at user and administrator levels and those were acts in futility. It is truly FUBAR ladies (ARMY flashback it happens from time to time) and I make no excuse for it it.

    CHKDSK is even running nicely now -- I just don't get it outside of something viral screwing around here -- why else would safe mode, disk utilities and Paragon Disk Manager see everything as being obeekaybee. it has got to be something that needs start up with the regular system which would explain why i don't get these annoyances or reports MGAD told me. It also seems strange that my system32 cleanmgr.exe executable for System Cleanup is corrupt and non-responsive.

    What ever problem I got here obviously does not want to be bothered, snuck up on or inadvertently destroyed by a system maintenance routine.

     
    Malwarebytes Anti-Malware is the best-of-breed anti-malware app in the business at the moment – and leaves very little behind (certainly nothing that will break your system if you use it and then uninstall it) I install it on every stand-alone computer I come into contact with, and it has NEVER caused a problem yet (except one which was the result of a then-new piece of malware)
     
    I would suggest that you reinstall it (the free version – www.malwarebytes.org ), and then run a Quick scan in ALL the user accounts on the system – much stuff is hidden in the registry nowadays, and running scans in only the one user is not enough.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, August 19, 2011 10:34 PM
    Moderator

All replies

  • "RDRush" wrote in message news:c6a2ab39-a3d7-4b4f-89a4-10fc00eed3ce...

    I get the alert that Windows is not genuine repeatedly. After many bouts with chkdsk trying to coorect the drive bitmap indices a got an alert that Windows might be pirated and not genuine so I went on the hunt and found several tools to correct the problem with only my last stop producing a FixIt application that actually installed and operated as it should. I then proceeded to activate and got the validation success with the obvious gratuities and thanks for being a Microsoft consumer. Now, I am getting the alerts again and after the second time I went back to system and re-entered my product key to validate and license my product again with success. The whole time, my windows system shows that my installation of Windows 7 is in fact Genuine complete with the report that it is Windows 7 SP1, the build number and the Genuine Advantage Logo graphic in the lower right of the window.

    I ran the MGAD tool and it reports all of the details that I would expect to see and they are all absolutely correct. The cab file output by the tool was a little more informative with a report that there was a health status failure with several codes. When I copied and pasted them into a web search field to investigate their purpose I was returned with nothing but hacker links and forums as well as sites hosting pirated copies of Windows 7 and Windows 7 SP1. This is not exactly what I consider support and may help you all out, but more importantly I want to see better support in these forums and sites of Microsoft in the future -- this is ridiculous.

    Currently I am enrolled in college and haven't the time to neither play these trivial games of cat and mouse in a round robin fashion akin to a daisy chained circle jerk nor do I believe that the Universities and businesses reliant on Microsoft technologies are any better for wear as I have seen their reports cropping up all over now. These quick fixes don't appear to be anything outside of a bandage placed over a gaping, sucking, chest wound in Windows and Windows 7 SP1 has already proven to me worse than XP or Vista during like periods and update procedures.

    Never the less, my MGAD details are as follows and in response to posting these findings I see nothing that would indicate anything that could be utilized diagnostically. The best output for diagnostics, after my de-compression and perusal, are the cab files output of the MGAD tool which identified the system health failure report that I addressed earlier that once "web-searched" produced nothing but WAREZ quality results. i am somewhat a white hat and am not easily led into a good line of B.S. as a heads up for any respondent here to my problem and my patience is paper thin. In addition to the MGAD reports MS Security Essentials identified a Windows 7 key generator on my system of which I obviously do not need and how it got onto my box I've no idea as I have tried to limit my exposure with these problems to Microsoft sites and partner sites so be aware that your servers may have been assaulted not that that's news to anyone at Microsoft considering your servers are attacked millions of times a second on average.

    I am a Microsoft fan and am seriously disappointed with the current turn of events and hope that you al resolve these issues post haste (like yesterday), once again my MGAD results as copied from within MGAD using its copy functionality and pasted here directly:

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE22

    Cached Online Validation Code: N/A, hr = 0xc004f012

    Windows Product Key: *****-*****-*****-*****-G22BX (I edited here with asterisks as i do not expose my keys openly and even this is too much in my opinion.)

    Windows Product Key Hash: RKK34NHA+79xk3Kh7XsKgGYy7ns=

    Windows Product ID: 00426-292-7362055-85407

    Windows Product ID Type: 5

    Windows License Type: Retail

    Windows OS version: 6.1.7600.2.00010100.1.0.001

     

     

     

    File Scan Data-->

    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

     

     

    Windows Activation Technologies-->

    HrOffline: 0x8004FE22

    HrOnline: N/A

    HealthStatus: 0x0000000000004000

    Event Time Stamp: 8:18:2011 07:00

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui

     

     
     
    The file errors above are characteristic of the use of a program called RemoveWAT to bypass activation requirements.
    You need to first remove the crack imposed by RemoveWAT
    If RemoveWAT is still present, run it – and pick the option to RestoreWAT. This should repair the mess it’s made.
    Then you may need to uninstall and reinstall the WAT update (KB971033).
    Once complete, post back with another MGADiag report.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, August 19, 2011 5:41 PM
    Moderator
  • I apologize for any typos in the post above as I have caught a few after submitting my initial edit and cannot go back in to relieve my prior ignorances.

     

    Oddly, I am respondent to the fact that MGAD identifies my system browser as IE 8.0 when it is in fact 9 with a current security fix and update.

    My Windows 7 is updated to SP1 via Windows Update originally retail consumer Ultimate Edition prior to SP1 release. I currently run the 64 bit installation and have updated all mother board drivers, bios and peripheral drivers and bios to the most current well before SP1 was released in beta to my knowledge. My Office 2010 Professional installation took a major hit where it could no longer read the license files associated with the product so I had to hunt down FixIts at Microsoft sites until I was left with no alternative but to use a Microsoft tool to externally rip Office out of the system and then manually edit the registry allowing Office 2010 to install running the installer 59 (fifty-nine) times, but it got installed. Then I began to have problems with Outlook shortly after with NavPane defaults and had to do a reset with an administrative console before the fix would work and now Outlook only opens under Administrative rights; it doesn't bother me as long as Outlook operates, but I must say that this is beyond odd and deviation like mutation indicates that it is only a matter of when not if more problems will arise. Word and all other Office applications run fine though as opposed to the black sheep Outlook in lieu of all problems encountered thus far.

     

    If any support personnel wish to get their meat hooks into my MGAD cab result files let me know as I will keep them on hand for a while until I have made sense of the report details for myself while juggling college Math and getting my course and student paperwork caught up and finalized. My external obligations demand my attention and thus I may not be frequent here, but I will be back at least once a week minimum hopefully.


    Friday, August 19, 2011 5:56 PM
  • The crack RemoveWat was never installed or run on this system as that would be idiotic since the retail registration is that retail and correct. If this is in fact installed on my system then Windows 7 was attacked by a virus as I have been growing more suspicious of as time goes on. With what I was suspecting and the slew of ridiculous behaviour that the O.S. is exhibiting in conjunction with what Noel has expressed, of which I have no reason to doubt, it seems as though there are new viruses on the horizon and hacker land has been quite responsive to the new SP1 updates.

    I have been running a full scan for quite a great while today and it is getting close to finishing up. Three hard drives internally and two external USB hard drives with around 3 terrabytes of storage collectively. I just checked in on it while in the middle of this exact response entry and it has identified potentially malicious software as I had suspected so I wasn't being entirely paranoid.

     

    Been at this crap for too long and my gut never lies -- this crap is getting old though -- I do know that.

     

    I went into a tutorial today looking into the WAT today to narrow down the problem and it had some search commands to offer and when I executed those commands the return results were to identify wat.dlls; etc. and I had not a single one -- nothing in the results. So, whatever got me got me and now it's nothing but recovery. I will be trying to re-install the Wat update tool thing. The reports only started yesterday out of the blue and I had utilized a Microsoft FixIt to un-break my Windows System Registration where I would enter the key into the online validation service prompt and would get the error invalid data type -- the FixIt worked like a charm and after a system reboot I went into the registration without a glitch. Something is on my sh!t and that's all there is to it and it was most likely viral and stuff created by a**hole black hats that were aware of SP1 stuff before I was which wasn't to hard since I wasn't even aware of SP1 until I saw it in Windows Updates. My bag/bad I guess as I like to try and think that I run a fairly intelligent operation where I can modestly administrate my own system -- it appears that I am getting rusty while in school.

     

    At any rate I will post anything new that I find after chasing down KB971033 presented by Noel of which I offer many thanks -- wish me luck. I will also report any findings that MS Security Essentials presents as I have yet to see anything that looks like RemoveWat in any reports. We might be dealing with a viral variant of this technology installing itself on clients and would more than likely be recent if not readily identifiable by MSSE as I know the definitons are updated frequently and I personally ensure they are updated very frequently from inside MSSE itself. I also have the tool (MSSE) set to run whenever it wants or feels the need to without restriction of any kind -- I really do think it's the best on the market -- and F all those other companies that whined about Microsoft letting Windows Users download it through updates -- it's none of their business and they aren't paying my way through life so to hell with them -- I don't owe them sh!t.

     

    Once again, thanks Noel -- the heads up is good stuff and I'll be on the look out until I get some free time where I am more than likely just going to reinstall my system entirely. The problem is finding the time between classes as I'm enrolled in an online college (yes it is legitimate and accredited federally) and the courses are accelerated so there are few breaks if any. Chasing down a Bachelors in this fashion is very demanding -- almost as much as a child, well close anyway.

    Friday, August 19, 2011 9:02 PM
  • MSSE History references a Hacktool referenced as HackTool:Win32/Kegen and it was located in the following directory:

    C:\Users\myusername\Downloads\Windows 7 Loader\Windows 7 Loader\Windows 7 Loader.exe

    This entry is dated for the 11th of August 2011. I for the life of me do not remember ever seeing such a folder or directory in downloads. Something was downloading stuff and hiding the crap. I have my explorer settings set to show all files except hidden system files. The only way this could have happened is if the directory Windows 7 Loader was set to be hidden if that's possible and it also means that what ever was going on got past MSSE and WinPatrol until it obviously tried to extract and run the sh!t when MSSE caught its azz.

    Nice job for MSSE +1. The scan is still in process and I'll update this response post with the results.

     

    MSSE found four wonderful culprits lurking about scattered across my drives with the most interesting candidate being an IFrame tool Exploit:HTML/IframeRef.V that went ahead and installed itself on my stuff using Opera web browser. It had so many entries throughout my system32 directory and appdata files I am still wondering where it found the time to do all it did.

    Then, there is the Trojan:Win32/Sefnit.O which I am so fond of that enables an attacker to execute commands over a network and I suspect scripts and probably the mothership that dumped their sorry azziz off on our planet because their own civilization got sick of their sh!t.

    Oh, and there is the ever impressive openCandy sh!t that 's safe -- yeah it's harmless and the perfect gateway for network based attacks and data mining so potbellied thieves with neck beards can steal your SH!T -- get real. openCandy can open my shorts and get some candy like its creators -- fn losers. I used a tool i actually spent money on at an NVidia consumer portal managed by -- NVidia -- and the tool used openCandy and they swore it was safe. $30 and a viral system later VReveal was deleted and orbit downloader was scrapped as ever being candidates for installation on any system I own or manage -- I wasted $30 F****n dollars of my life to get a system wide virus that had application windows on my system at boot up before I even logged in and scanning my directories like security wasn't sh!t in Windows 7 believe it or not. UAC and WMI as well as everything else got circumvented there bub and the sh!t installed itself through one of or both of the ose apps using openCandy because that was the last thing I remember MSSE saying before I heard this rock tune playing with browser windows flying open leading up to a system reboot that could not be reverted introducing itself at reboot startup before I could even log in. The log in screen didn't even have a chance to appear it was right after the Windows logo on the black screen with the glowing throbber effect and all after that it was see Ya. STAY THE HELL AWAY from openCandy if you know what's good for you!
    Friday, August 19, 2011 9:20 PM
  • You know, I've been having difficulties with reports that my system32 directory was corrupt and now that I have finally pulled my head out of my buttocks and realized your bolding of the report entries am concede to the notion that what ever did this has more than likely caused the corruption errors regarding my system32 directory as well. This is starting to look linear now as opposed to being all over the place which I see as a misnomer in the digital realm anyway as everything is static even dynamics.

    I have obviously had a head to a** loop back going on or sometime and that would explain why this crap slipped past. Time to go back to the management drawing board I guess. User head room -- it really sux!

    Friday, August 19, 2011 9:58 PM
  • KB971033 is already installed dialog is the result of trying to manually install Update for Windows 7 for x64-based Systems KB971033 MSU.

    A couple weeks back just after installing SP1 and having a few issues with erratic system behaviour I searched several topics addressing said problem(s) where the system32 had executables that weren't firing up like they should and ran across a site talking about corrupted executable files and followed some links that landed me on a tool called MalwareBytes. I have since un-installed the system but it is looking like its un-installer neglected to put stuff back the way it found it and this problem is starting to point in that direction.

     

    My WAT tools would obviously have to be installed and operational if I just had to validate Windows 7 as genuine last night otherwise the system would spit out errors about invalid data; etc. i have already successfully corrected the validation services problems that prevented me from validating Windows 7 with a FixIt application from Windows 7 Support forums here at MS online.

    Something's on this b!tch and that's all there is to that.

    I have SP! installed via updates, Windows Updates says that SP1 is in fact installed Windows System reports that I have installed Windows 7 SP1 and that it is Genuine Microsoft Windows. I cannot do an in-place upgrade repair with my Windows 7 DVD for Windows 64 bit because it is pre-SP1 release and the currently installed version of Windows is newer than the DVD version -- which makes sense obviously. So I located a download link to get a Windows 7 SP1 64bit DVD ISO because I have Windows 7 Ultimate 64 bit that is updated to SP1 and then I'll do an in-place upgrade with that to repair my system -- wrong! The 7 SP1 DVD tells me that I need to have SP1 installed and rolls back the installation...

    Can't uninstall SP1 because there is no uninstall button in Windows Update for SP1 like it was the Windows 7 SP1 retail version. Tried to manually uninstall it via command prompt at user and administrator levels and those were acts in futility. It is truly FUBAR ladies (ARMY flashback it happens from time to time) and I make no excuse for it it.

    CHKDSK is even running nicely now -- I just don't get it outside of something viral screwing around here -- why else would safe mode, disk utilities and Paragon Disk Manager see everything as being obeekaybee. it has got to be something that needs start up with the regular system which would explain why i don't get these annoyances or reports MGAD told me. It also seems strange that my system32 cleanmgr.exe executable for System Cleanup is corrupt and non-responsive.

    What ever problem I got here obviously does not want to be bothered, snuck up on or inadvertently destroyed by a system maintenance routine.

    Friday, August 19, 2011 10:25 PM
  • "RDRush" wrote in message news:86964bab-1c46-449f-ae41-237e26d7a86e...

    KB971033 is already installed dialog is the result of trying to manually install Update for Windows 7 for x64-based Systems KB971033 MSU.

    A couple weeks back just after installing SP1 and having a few issues with erratic system behaviour I searched several topics addressing said problem(s) where the system32 had executables that weren't firing up like they should and ran across a site talking about corrupted executable files and followed some links that landed me on a tool called MalwareBytes. I have since un-installed the system but it is looking like its un-installer neglected to put stuff back the way it found it and this problem is starting to point in that direction.

     

    My WAT tools would obviously have to be installed and operational if I just had to validate Windows 7 as genuine last night otherwise the system would spit out errors about invalid data; etc. i have already successfully corrected the validation services problems that prevented me from validating Windows 7 with a FixIt application from Windows 7 Support forums here at MS online.

    Something's on this b!tch and that's all there is to that.

    I have SP! installed via updates, Windows Updates says that SP1 is in fact installed Windows System reports that I have installed Windows 7 SP1 and that it is Genuine Microsoft Windows. I cannot do an in-place upgrade repair with my Windows 7 DVD for Windows 64 bit because it is pre-SP1 release and the currently installed version of Windows is newer than the DVD version -- which makes sense obviously. So I located a download link to get a Windows 7 SP1 64bit DVD ISO because I have Windows 7 Ultimate 64 bit that is updated to SP1 and then I'll do an in-place upgrade with that to repair my system -- wrong! The 7 SP1 DVD tells me that I need to have SP1 installed and rolls back the installation...

    Can't uninstall SP1 because there is no uninstall button in Windows Update for SP1 like it was the Windows 7 SP1 retail version. Tried to manually uninstall it via command prompt at user and administrator levels and those were acts in futility. It is truly FUBAR ladies (ARMY flashback it happens from time to time) and I make no excuse for it it.

    CHKDSK is even running nicely now -- I just don't get it outside of something viral screwing around here -- why else would safe mode, disk utilities and Paragon Disk Manager see everything as being obeekaybee. it has got to be something that needs start up with the regular system which would explain why i don't get these annoyances or reports MGAD told me. It also seems strange that my system32 cleanmgr.exe executable for System Cleanup is corrupt and non-responsive.

    What ever problem I got here obviously does not want to be bothered, snuck up on or inadvertently destroyed by a system maintenance routine.

     
    Malwarebytes Anti-Malware is the best-of-breed anti-malware app in the business at the moment – and leaves very little behind (certainly nothing that will break your system if you use it and then uninstall it) I install it on every stand-alone computer I come into contact with, and it has NEVER caused a problem yet (except one which was the result of a then-new piece of malware)
     
    I would suggest that you reinstall it (the free version – www.malwarebytes.org ), and then run a Quick scan in ALL the user accounts on the system – much stuff is hidden in the registry nowadays, and running scans in only the one user is not enough.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, August 19, 2011 10:34 PM
    Moderator
  • To iterate on the registry comment I have extracted the system32 directory of my Windows Retail 64bit DVD with 7Zip following a tutorial on how to repair the directory from a console backing it up, deleting the original and copying the new directory. I have yet to do it, but it's looking really valid right about now. The registry is definitely under scrutiny as I had spoke of how my cleanmgr.exe in my system32 directory is inoperable well it runs from my desktop so it is definitely registry and system path variable related. I deleted the original cleanmgr.exe in the system32 directory after testing my extracted recovery direcory one on my desktop when I saw it working. I then moved the recovery directory cleanmgr.exe to the system32 directory and the file would not operate. I terminated the cleaner process in task manager and moved cleanmgr.exe back to the desktop and fired it up again with no problem.

    It is definitely but not limited to the registry.

     

    I had heard many praises from several communities about MalwareBytes and their support staff are hacker quality all the way with a fight fire with fire attitude that I myself live by as doctrine. I only suspected that the tool had locked out access points to certain functionalities and possibly overlooked the reset upon uninstallation, but I'll take your word and I will once again download, install and run the tool at your recommendation.

    Friday, August 19, 2011 10:44 PM