Not a genuine copy of Windows7 display, after unauthorised entry!HELP!

Page 1 of 2 12 LastLast

  1. Posts : 4
    Windows Home Premium x64
       #1

    Not a genuine copy of Windows7 display, after unauthorised entry!HELP!


    hi my fellow Windowsians. The computer I'm currently on is the family computer. My mum had Malware uploaded onto it by a third party, receiving a phone call at home saying they were from Microsoft and...the usual rubbish (my poor mum had never heard of people doing 'such a thing'),that our computer will stop working because..... I wont go into it, im more than sure everyone (except my poor mum) has heard it.
    Im definatley no Computer Tech, but after having someone come into our home and, the computer being taken to a Computer Shop (twice), it still has the Malware on it. After studying, ALOT of studying, I found out after changing the graphics, down the bottom right hand side it says Window7 build 7600, This copy of Windows is not genuine. If there's anybody who has a bit of time, I can probably be walked through how to fix the problem.
    Thanx serena
      My Computer


  2. Posts : 6,285
    Windows 10 Pro X64
       #2

    Sounds like you need to first make sure the malware is gone. Any of these sites can help:

    Post here: https://www.sevenforums.com/system-security/

    They will also help with the not genuine problem.


    All bogus info, sorry. You are already in the right forum as Cottonball said.
    Last edited by Ztruker; 02 Jan 2014 at 22:26.
      My Computer


  3. Posts : 687
    Microsoft Windows 10 Professional / Windows 7 Professional
       #3

    serenarosedavis said:
    hi my fellow Windowsians. The computer I'm currently on is the family computer. My mum had Malware uploaded onto it by a third party, receiving a phone call at home saying they were from Microsoft and...the usual rubbish (my poor mum had never heard of people doing 'such a thing'),that our computer will stop working because..... I wont go into it, im more than sure everyone (except my poor mum) has heard it.
    Im definatley no Computer Tech, but after having someone come into our home and, the computer being taken to a Computer Shop (twice), it still has the Malware on it. After studying, ALOT of studying, I found out after changing the graphics, down the bottom right hand side it says Window7 build 7600, This copy of Windows is not genuine. If there's anybody who has a bit of time, I can probably be walked through how to fix the problem.
    Thanx serena
    Backup your Mom stuff and perform a clean install, dont risk any backdoor or malware to stay active on that computer, remember, an infected computer is not to be trusted anymore.
    Last edited by Brink; 02 Jan 2014 at 13:19. Reason: cleaned up thread
      My Computer


  4. Posts : 2,470
    Windows 7 Home Premium
       #4

    serenarosedavis,

    There is no need to go anywhere else, you are in the right forum. :)

    Please use Microsoft System Restore to return Windows to a previous point.
    To be safe, back up any important files before using System Restore.
    Next, Close any open windows.

    1, Click Start > All Programs > Accessories > System Tools , and then click: System Restore
    The Restore system files and settings window opens.

    2. Select a date and time before the incident happened from the list of available Restore Points.
    Click: Next

    System files are added, removed, or changed to match the same collection of system files that were in the computer's system file configuration on the selected date.

    Be aware that software and drivers installed after the selected date might not work correctly and might need to be reinstalled.

    3. Make sure this is the Restore Point you want to use, and then click: Finish

    4. Click Yes at the confirmation message.

    5.The computer should shut down and turn back on automatically, after the restoration completes.

    6. Click: Close

    Even though you restore your computer to a previous date, during the time "whoever" had access to your computer, your account logon and password information was available, as well as any documents stored on your computer.

    It is extremely important that you change all passwords, since access to any of your accounts (banks or credit cards) was available. Monitor you accounts, and notify any banks or credit card companies used. Also change the computer's name, and disable any remote access to your computer.


    When done with the above, please do the following:

    Please use the Farbar Recovery Scan Tool.
    Download: Farbar Recovery Scan Tool Download
    Select the version that applies to your system.
    Save it to your Desktop.
    Double-click the downloaded file to run it.

    When the tool opens click Yes to the disclaimer.

    At the program's console, press theScan button.

    When done, the tool produces a log, FRST.txt, in the same directory from which the tool is run (Desktop).
    Please provide the FRST.txt in your reply.

    The first time the tool is run, it also makes another log: Addition.txt
    Also post the Addition.txt in your reply.
      My Computer


  5. Posts : 4
    Windows Home Premium x64
    Thread Starter
       #5

    Thanks so much for the help, its much appreciated. When the hard-drive was taken to the computer shop for repairs (for the second time), the gentlemen explained that he had deleted the malware and restored the computer to its original state. He also made a system restore image disk, and told my mum that she shouldn't need it. Unfortunately that's not the case, it still has a bug and I found myself learning about how the computer runs, the different programs and what they do.

    CottonBall, the gentleman at the computer shop did a System Recovery on the computer the 1st time, I can't restore the computer to a date before it was accessed. Im going to do download Farbar Recovery Scan Tool and will return with the 2 logs, ok. Thanx so much for your help and everyone else.!
      My Computer


  6. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #6

    We should look at the MGADIAG report too:

    1. Download and save this tool to your desktop:
    http://go.microsoft.com/fwlink/?linkid=52012

    2. Run the tool, and then click Copy - ignore any errors if they appear

    3. Use CTRL+V to paste the unedited results of the tool here in your next reply
      My Computer


  7. Posts : 4
    Windows Home Premium x64
    Thread Starter
       #7

    Thankyou for your concern OldMx, I dont trust this computer with anything!! It's really frustrating using the computer, but I do think it can be fixed!

    Can someone explain to me in simple terms how Windows Power Shell works? Or a link that I can find out more about the more complex file types mui, nls, msc, cab, xml......

    Also CottonBall I downloaded Farbar Recovery Scan Tool, but an error appeared; AuotIt error

    line 15050
    error; variable used being without declared
      My Computer


  8. Posts : 2,470
    Windows 7 Home Premium
       #8

    Try running Farbar Recovery Scan Tool (FRST) again, and see if the error goes away.

    If FRST does not run in normal Windows, please run in Safe Mode:
    Restart your computer.
    When the computer starts, tap the F8 key repeatedly, until presented with the Advanced Boot Options menu
    Using the arrow keys, select: Safe Mode
    Press the Enter key on your keyboard to boot into the mode selected..


    Windows Power Shell is not 'my thing'. Will use cmd.exe when needed. Maybe someone else here has the required knowledge.

    Here is some info: Windows PowerShell

    Is there a reason why you want to use WPS?
      My Computer


  9. Posts : 4
    Windows Home Premium x64
    Thread Starter
       #9

    G'day yáll.
    I have the information that's been requested. I feel like i'm handing in an exam paper, knowing full well there's alot of problem area's!

    My mum has just informed me, that she has received more phone call's last week from the Microsoft support team. I can't believe the audasity of these people! They simply don't care that their stealing from us, we work hard for our money!!

    It makes me feel better knowing people who are genuinely concerned, are helping to restore order. I can't thank-you enough for helping me ( and everyone else) it's nice to know, there are still good people in the world!!

    Here is the Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010300.0.0.003
    ID: {66F1F381-4E17-44B9-82D9-C97F62B5B907}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: FCEE394C-458-80070005_025D1FF3-344-80070005_025D1FF3-229-80070005_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Disabled
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{66F1F381-4E17-44B9-82D9-C97F62B5B907}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-1331442415-3772729297-1220732176</SID><SYSTEM/><BIOS/><HWID>D1B83607018400FE</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x1A8' to display the error text.
    Error: 0x1A8

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Not Registered - 0x80040154
    Admin Service: Not Registered - 0x80040154
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEA6GFu7ZTiEjFkT0BMAkyBP9QXdlY=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC HPQOEM SLIC-CPC
    FACP HPQOEM SLIC-CPC
    HPET HPQOEM SLIC-CPC
    MCFG HPQOEM SLIC-CPC
    SLIC HPQOEM SLIC-CPC
    OEMB HPQOEM SLIC-CPC
    SSDT HPQOEM SLIC-CPC
    GSCI HPQOEM SLIC-CPC
    SSDT HPQOEM SLIC-CPC
      My Computer


  10. Posts : 2,470
    Windows 7 Home Premium
       #10

    serenarosedavis,

    Must make you aware that Windows Activation and Validation issues are not my forte by any chance. Please follow Golden's instructions on the next post # 11.

    Now, on malware removal, which is what I enjoy...any luck using FRST?

    If not, please do the following:

    Please use the tool Zoek:
    Download > Download zoek.exe version 5.0.0.0
    Click on: Download the Zoek.exe version

    When the download appears, save to the Desktop.
    On the Desktop, double-click the Zoek.exe file to start the program. (Give it a few seconds to appear.)

    If your AntiVirus warns you about the program, either allow Zoek to run, or temporarily disable your AV program.
    Info on how to disable your security applications > How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

    Next, please copy/paste the entire script inside the code box below to the input field of Zoek:

    Code:
    createsrpoint; 
    process; 
    filesrcm; 
    startupall; 
    installedprogs;
    installer-list; 
    uninstall-list;
    hijackthis; 
    firefoxlook; 
    chromelook;  
    srinfo; 
    DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b





    Now...
    • Close any open windows.
    • Click the Run script button, and wait. It takes a few minutes to run the script.
    • When the tool finishes, the zoek-results.log is opened in Notepad.
    • The log is also found on the systemdrive, normally C:\
    • If a reboot is needed log is opened after the reboot.
    Please post the zoek-results.log in your reply.
    Last edited by cottonball; 12 Jan 2014 at 14:36.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:57.
Find Us