New
#1
ACER OEM W7x64 Non Genuine after HDD/Malware Issues
Hi,
I don't know where to start explaining the stuff I have done in the last 2 weeks in regards to this PC.
I had HDD/Partition issues, I couldn't start in Safe Mode, without BSOD initially. I was able to "rectify" enough using Install DVD iso from digitalriver. I ran a restore to a point just prior to OS failing, but I think it was a point full of malware, and has brough with it more pain.
I was using an account with admin rights . On successful reboot I then found I was non genuine. Trying to validate fails with 0x800700B7.
I created a new user and downgraded my normal account to std user. on reboot I can't use anything any more as that user, no cmd.exe, webpages won't load, MBAM has runtime error 383 for example.
I think I have seriously screwed my permissions, and may still have malware....
Summary:
- Windows 7 x64 Home Premium Build 7601
- Non Genuine OS warning, unable to validate.
- Std user account now cannot even start cmd.exe
I have MGDiag, the actual sequence of events will reveal themselves eventually
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 50 Cached Online Validation Code: N/A, hr = 0x800700b7 Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7 Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34= Windows Product ID: 00359-OEM-8992687-00006 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010300.1.0.003 ID: {E5FB64D2-6F10-45AB-8C58-173A0A925D38}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Home Premium Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.130828-1532 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Users\LCLS\AppData\Local\Google\Chrome\Application\chrome.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{E5FB64D2-6F10-45AB-8C58-173A0A925D38}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-987475376-978822867-1750259723</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire X3960</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P01-A0 </Version><SMBIOSVersion major="2" minor="6"/><Date>20101120000000.000000+000</Date></BIOS><HWID>F9F93607018400FE</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x800700B7' to display the error text. Error: 0x800700B7 Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: N/A HealthStatus: 0x0000000000000000 Event Time Stamp: N/A ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Registered, Version: 7.1.7600.16395 HealthStatus Bitmask Output: HWID Data--> HWID Hash Current: KgAAAAEAAQABAAEAAAABAAAAAQABAAEA6GHWfThNnBd4duwOCE50zy5z OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC ACRSYS ACRPRDCT FACP ACRSYS ACRPRDCT HPET ACRSYS ACRPRDCT MCFG ACRSYS ACRPRDCT SSDT AMICPU PROC SLIC ACRSYS ACRPRDCT