New
#11
Can't run Microsoft Security cause for some reason these BSOD's have ripped my genuine status from my OS.......
Can't run Microsoft Security cause for some reason these BSOD's have ripped my genuine status from my OS.......
No problem. Post a report following the Windows Genuine and Activation Issue Posting Instructions. We will try to assist you.
Here are the results from the free MBAM anti-virus software.
Code:Malwarebytes Anti-Malware (Trial) 1.70.0.1100 Malwarebytes : Free anti-malware download Database version: v2013.03.12.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Federico :: FEDERICO-PC [administrator] Protection: Enabled 3/11/2013 7:42:44 PM mbam-log-2013-03-11 (19-42-44).txt Scan type: Full scan (C:\|D:\|E:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 566602 Time elapsed: 1 hour(s), 5 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Federico\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully. Files Detected: 8 C:\Users\Federico\Downloads\Windows 7 Genuine Activation RemoveWAT 2.2.6.0 NLT-Release\Software\RemoveWAT.exe (HackTool.Wpakill) -> Quarantined and deleted successfully. C:\Users\Federico\AppData\Roaming\dclogs\2013-01-03-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Federico\AppData\Roaming\dclogs\2013-01-04-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Federico\AppData\Roaming\dclogs\2013-01-05-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Federico\AppData\Roaming\dclogs\2013-01-06-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Federico\AppData\Roaming\dclogs\2013-01-07-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Federico\AppData\Roaming\dclogs\2013-01-08-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Federico\AppData\Roaming\dclogs\2013-01-09-4.dc (Stolen.Data) -> Quarantined and deleted successfully. (end)
Didn't even know I had infections. I usually am VERY careful with things. Guess you can't be too careful though.
Trying to complete the genuine guidelines you gave me, it's tough because I keep getting the BSOD's like every 5 minutes with the browser open.
I really truly appreciate the help Arc, you're awesome. Have an awesome day!
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: 0x0 Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2 Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g= Windows Product ID: 00426-OEM-8992662-00006 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010100.1.0.001 ID: {0B9CF30C-533C-451C-B715-6735BEBB5B8A}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Ultimate Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.130104-1431 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files\Waterfox\waterfox.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100 Other data--> Office Details: <GenuineResults><MachineData><UGUID>{0B9CF30C-533C-451C-B715-6735BEBB5B8A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-209981913-2473670028-3598164684</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1902 </Version><SMBIOSVersion major="2" minor="6"/><Date>20110217000000.000000+000</Date></BIOS><HWID>E6410200018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs". Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: N/A HealthStatus: 0x0000000000000000 Event Time Stamp: N/A ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Not Registered - 0x80070005 HealthStatus Bitmask Output: HWID Data--> HWID Hash Current: MgAAAAAABAABAAEAAQACAAAAAQABAAEACrYA8rbyJOZU8hAzzNG68NxGYj18RMDgji4= OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes, but no SLIC table Windows marker version: N/A OEMID and OEMTableID Consistent: N/A BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC 021711 APIC1308 FACP 021711 FACP1308 SRAT AMD FAM_F_10 HPET 021711 OEMHPET MCFG 021711 OEMMCFG OEMB 021711 OEMB1308 SSDT A M I POWERNOW
Thank you very much Arc, I've greatly appreciated all of your help! Take care my friend!
This might be a clue from post #13
----
C:\Users\Federico\Downloads\Windows 7 Genuine Activation RemoveWAT 2.2.6.0 NLT-Release\Software\RemoveWAT.exe (HackTool.Wpakill) -> Quarantined and deleted successfully
----
http://www.microsoft.com/security/po...in32%2FWpakill
I have a legal key. I only tried to RemoveWat after these BSOD's removed my key(at least that's what I think it is). My dad's company that he works for has business licenses that they sometimes have extras of. That's where I got my key. Before these BSOD's I never had a problem with Windows being genuine. I've had this computer for almost two years (will be 2 years old in May) and have never experienced this problem.
EDIT:
I could try to re-input my key that I got, I would just have to talk to my dad. I'll update you guys when my Windows is GENUINELY genuine again, lol =P.
Re-EDIT:
Oh and BTW, this FOR SURE has something to do with my display driver. Every time I disable it from Device Manager, nothing happens. The BSODs stop.
Last edited by UniqueDeath; 12 Mar 2013 at 09:24.
RemoveWAT is installed
the Key is for Acer, but it's a retail board with no SLIC table
Counterfeit.