none
Windows 7 suddenly not genuine after virus removal

    Question

  • I've had my computer since Jan/Feb 2010, and everything was fine until today. I discovered that I had the Virtumonde virus on my computer. I went through many different venues of cleaning it up (Malware something, AVG, SpyBot, Ad-Aware) and finally used Advanced System Care to clean it up. One tech forum I used called for me to use rkill to stop some of the processes from running. I did, and it didn't end up helping. Either way, after I scanned the computer with Ad-Aware, I restarted it, and Now my Windows 7 copy that I bought directly from Dell almost 2 years ago tells me that it's not valid. I ran MGA Diagnostic on it and this is everything I have gotten.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
    Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
    Windows Product ID: 00359-OEM-8992687-00095
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010300.0.0.003
    ID: {3C4E2954-AFF7-4F41-AC81-0A85568398A3}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.110622-1503
    TTS Error: T:20110930185650843-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{3C4E2954-AFF7-4F41-AC81-0A85568398A3}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-2106693779-1820746826-297510996</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1545                   </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A13</Version><SMBIOSVersion major="2" minor="4"/><Date>20091023000000.000000+000</Date></BIOS><HWID>74BB3607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>WN09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAAoyAAAAAAAAYWECAKD4//9ExHc9xH/MAWbXGpOihAOpMHzDmWxsjuq2Ue30SrDSCKuz3snCZ8MMgv0QY9LrS+FlWbOzAMCB9jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHXtrMUegLeKYKoJD9369kRUSdW64FsNpt4r+8L39OTeczkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800095-02-1033-7600.0000-2732011
    Installation ID: 008205811486276023615010127501035901321723643095539776
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: RMV82
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 9/30/2011 9:57:10 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 9:30:2011 21:54
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEA6GEM5JpG2jPitXYOKB9UbQbouuVGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            DELL          WN09  
      FACP            DELL          WN09  
      HPET            DELL          WN09  
      MCFG            DELL          WN09  
      SLIC            DELL          WN09  
      SSDT            PmRef        CpuPm


    ________________________________

    I obviously don't have the product key, and there isn't a stick on here that tells me what it is. What can I do to get this fixed? It was genuine up until about 5:00 EST today. Advanced System Care fixed the Trojan, but not the activation issue.

     

    Thank you in advance for any assistance you can give me

     

    Saturday, October 01, 2011 2:10 AM

Answers

  • "LizButton" wrote in message news:2019e409-4564-4555-bb2f-2a06b7c7da9a...

    I've had my computer since Jan/Feb 2010, and everything was fine until today. I discovered that I had the Virtumonde virus on my computer. I went through many different venues of cleaning it up (Malware something, AVG, SpyBot, Ad-Aware) and finally used Advanced System Care to clean it up. One tech forum I used called for me to use rkill to stop some of the processes from running. I did, and it didn't end up helping. Either way, after I scanned the computer with Ad-Aware, I restarted it, and Now my Windows 7 copy that I bought directly from Dell almost 2 years ago tells me that it's not valid. I ran MGA Diagnostic on it and this is everything I have gotten.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
    Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
    Windows Product ID: 00359-OEM-8992687-00095
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010300.0.0.003
    ID: {3C4E2954-AFF7-4F41-AC81-0A85568398A3}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.110622-1503
    TTS Error: T:20110930185650843-



    Other data-->
    SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1545                   </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A13</Version><SMBIOSVersion major="2" minor="4"/><Date>20091023000000.000000+000</Date></BIOS>


    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Partial Product Key: RMV82
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 9/30/2011 9:57:10 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 9:30:2011 21:54
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEA6GEM5JpG2jPitXYOKB9UbQbouuVGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            DELL          WN09  
      FACP            DELL          WN09  
      HPET            DELL          WN09  
      MCFG            DELL          WN09  
      SLIC            DELL          WN09  
      SSDT            PmRef        CpuPm


    ________________________________

    I obviously don't have the product key, and there isn't a stick on here that tells me what it is. What can I do to get this fixed? It was genuine up until about 5:00 EST today. Advanced System Care fixed the Trojan, but not the activation issue.

     

    Thank you in advance for any assistance you can give me

     

    I suggest that you go to a specialist forum for assistance in malware removal – it’s VERY likely that your system is fatally compromised, and will require a reformat/reinstall to bring back to sanity.
     
    Why do you ‘obviously’ not have the product Key?
    Advanced System Care way well have created your activation problem, rather than anything else, – it’s known to cause problems.
     
     
    You have a rare error in your system – a Trusted Store Tamper.
     
    I really do recommend reinstalling from the Dell Recovery media – if you neglected to make a set of disks when you bought the machine, and didn’t order a set at the time, then you should order a set from Dell, and use that to get your system back to ex-factory state – you will need to back up all your data to external media first.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, October 01, 2011 9:41 AM