Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Unknown virus

28 Jul 2017   #11

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring

Hi max,
You seem to have a some odd programs with weird names

2017-07-26 22:44 - 2017-07-27 02:01 - 00000000 ____D C:\Program Files (x86)\zyr1m3bxyfu
2017-07-26 22:44 - 2017-07-27 02:01 - 00000000 ____D C:\Program Files (x86)\bkp1zkncaay
2017-07-22 22:57 - 2017-07-22 22:57 - 0005094 _____ () C:\ProgramData\czchsjpj.srw
2017-07-22 22:57 - 2017-07-22 22:57 - 0000016 _____ () C:\ProgramData\mntemp

on top of that you appear to be running a non-genuine program
2017-07-22 23:34 - 2017-07-22 23:34 - 52545957 ____R C:\Users\Owner\Downloads\iSkysoft iMedia Converter Deluxe v8.8.0.1 Setup +

According to your specs you have a HP system i can see no HP related programs.

Please remove any pirated programs on your system

i would also like to see the results of this tool, copy/paste the output

There is NO need to change any data within it.


My System SpecsSystem Spec
28 Jul 2017   #12
max kragen

Win7 x64

Yes, I did have that converter on there. Thought I had removed it. Thanks you for spotting it.

Here is the result of what you asked me for (unedited);

Diagnostic Report (1.9.0027.0):
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-3PCF4-969VQ-XPJW2
Windows Product Key Hash: zIs+o9Tfq6WcJ9guPTa5C6awTpU=
Windows Product ID: 00359-OEM-0631031-18575
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {11469584-9CDB-4006-BF65-C4C2926524E9}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.170512-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{11469584-9CDB-4006-BF65-C4C2926524E9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XPJW2</PKey><PID>00359-OEM-0631031-18575</PID><PIDType>3</PIDType><SID>S-1-5-21-217011151-2072011241-3863041349</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq 8000 Elite CMT PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786G7 v01.02</Version><SMBIOSVersion major="2" minor="6"/><Date>20091022000000.000000+000</Date></BIOS><HWID>D0853A07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-BPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: a63275f4-530c-48a7-b0d3-4f00d688d151
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00212-310-318575-02-1033-7601.0000-1602016
Installation ID: 004212018313461682021994125496600386327456602654944584
Processor Certificate URL:
Machine Certificate URL:
Use License URL:
Product Key Certificate URL:
Partial Product Key: XPJW2
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 7/28/2017 8:14:45 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:16:2017 11:44
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->

OEM Activation 1.0 Data-->

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
My System SpecsSystem Spec
29 Jul 2017   #13
max kragen

Win7 x64

Did I do something wrong again? I didn't do that to the windows product key. This is all copy/pasta.
My System SpecsSystem Spec

31 Jul 2017   #14
max kragen

Win7 x64

Ok, guess it's too complicated. I will look for help elsewhere. Thanks for trying.
My System SpecsSystem Spec
02 Aug 2017   #15

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring

Hi Max,

Asked for that report as some malware inserts data into what should be an empty file, in this case

Spsys.log Content: 0x80070002

the 0x8 code tells me its empty

The product key is fine, its not the original one or the back-up key on the COA sticker.
sometime in June last year it looks like you reinstalled your OS, with system builder retail/purchased media.
(Dont know why, i can see that the original install was prepped for W7, (W8/W10 or different version Pro?)

Theres nothing that particularly stands out as malware, the weird names possibly belong to a Samsung phone transfer program.

As for Yahoo appearing, if it does not happen in IE or FF, then it could be a prefference setting, in that case uninstall Google DO NOT save anything to re-import. start from scratch.

note whenever you install ANY new program choose the CUSTOM option and uncheck any extras.

My System SpecsSystem Spec
02 Aug 2017   #16
max kragen

Win7 x64

Ok. Yes had some problems and did a full wipe last year along with a video card and memory upgrade. Wow, very intelligent you are. Thank you very much for sharing this information. I really do appreciate it. I wish you the best sir. Thank you once again. I am very grateful for the time given to help me resolve this.
My System SpecsSystem Spec

 Unknown virus

Thread Tools

Similar help and support threads
Thread Forum
Virus on flash drive, unknown characters
Hello! My friend plugged in her USB Flash Drive on a computer shop this week. After plugging in, she got a couple of viruses. She let me take a look at it. I scanned the Flash Drive with my AV and I found couple of viruses. But when I opened the USB, I found something strange. The file names (as...
System Security
Unknown device In device manager, by a virus ?
Hello everyone, I hope you could give me some clue that may have caused the appearance of an unknown device. All information here : First, That was solved by uninstalling and rebooting, did not appear anymore. But as...
System Security
Unknown Virus Disables Bitdefender
I have Bitdefender Total Internet Security installed. I have run MSE scan, Microsoft malware scan and Malwarebytes scan and all come back clear. BUT, my Bitdefender on-demand scanner will not turn on and my live protection is disabled. Also, when I try a deep scan, it will not complete due to...
System Security
unknown virus
hey, there has apparently been a virus going around that attacks graphics cards. im afraid that i have this virus because my graphics seem to be deterriating. every time i boot my computer i have to turn on aero effects and window monitoring for my computer to work properly. i have performed many...
System Security
Unknown Virus?
My Win7 64 Pro suddenly got slower. With my system I never wait for anything, now I am typing at 2-3 CPS. I asked around online and they suggested I look at the Resource Monitor. I am getting 75 Memory Hard Faults per second. Memory Hard Hard Faults is somewhat of a misnomer. They are Windows Page...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:54.
Twitter Facebook Google+