Solved The MS virus

[PussEKatt]

On my last three installs of Windows7,I have had the following.
On the first two Windows stopped working properly and said that I had an illegal install of Windows.When I entered my Windows 7 serial it was not accepted.
On my last install I was not even asked to input my serial,so I am expecting this install to go pear shaped in about a month.
I have a legitimate Windows 7 DVD that I bought from a retailer when Win7 first came out.
This is worse than having a virus.At least with a virus your PC plays up because you have installed something iffy.This LEGAL Windows is acting like a virus
From what I have read on these forums and around the web.It is pointless getting in touch with MS.How is it legal for MS to be able to do something like this and what can I do to get Windows 7 up and running again,without the MS virus.

 

[Megahertz07]

Are you sure it is a legit Windows 7 DVD? All Installations ask for a KEY.
Does the DVD has holograms on it?
Do you have the Product key sticker (proof of license)?

 

[PussEKatt]

Yes,I have all of the above.
I bought the DVD from a very large electrical company ( with branches all over Australia ) and I have been using said DVD for quite a few years now so mI dont understand what has brought this on.Also I have had this PC for about 5 years and never had any problems like this before.

 

[Megahertz07]

Run MGADiag and post the results here (hit copy and paste here)
Download Microsoft Genuine Advantage Diagnostic Tool 1.9.27.0

 

[PussEKatt]

Run MGADiag and post the results here (hit copy and paste here)
Download Microsoft Genuine Advantage Diagnostic Tool 1.9.27.0

Here is some added information that may/may not help.
1 - On this install Windows did not ask me for the serial number
2 - While Windows was loading it installed 2 updates,ther are
KB2999226 and KB 2685811

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-74XYM-BH4JX-XM76F
Windows Product Key Hash: KeYfcvXg/a1Q01x73+f8IL/JC4Y=
Windows Product ID: 00359-112-0000007-85869
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {132103B4-40A6-4C10-8614-50F4B35D7FF2}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{132103B4-40A6-4C10-8614-50F4B35D7FF2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XM76F</PKey><PID>00359-112-0000007-85869</PID><PIDType>5</PIDType><SID>S-1-5-21-3391486202-3896399409-1105061826</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0303</Version><SMBIOSVersion major="3" minor="0"/><Date>20161108000000.000000+000</Date></BIOS><HWID>A1723507018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-112-000000-00-1033-7601.0000-0382021
Installation ID: 012464352472133601594043697426815162830894744374571626
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XM76F
License Status: Initial grace period
Time remaining: 40020 minute(s) (27 day(s))
Remaining Windows rearm count: 3
Trusted time: 2/9/2021 8:23:11 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LAAAAAIAAQABAAEAAAABAAAAAQABAAEAln3ufF7fYO18WfbItETU5UyHFig=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
DBGP INTEL
HPET INTEL KBL
MCFG ALASKA A M I
FPDT ALASKA A M I
BGRT ALASKA A M I
SSDT SataRe SataTabl
FIDT ALASKA A M I
SSDT SataRe SataTabl
SSDT SataRe SataTabl
SSDT SataRe SataTabl
SSDT SataRe SataTabl
SSDT SataRe SataTabl
UEFI INTEL EDK2
SSDT SataRe SataTabl
LPIT INTEL KBL
WSMT INTEL KBL
SSDT SataRe SataTabl
SSDT SataRe SataTabl
DBG2 INTEL

 

[Megahertz07]

Is it Win 7 HP SP1?
windows7 SP1-kb976932-x64 to download the update package



Links valid for 24 hours
Links expire: 2/10/2021 1:30:07 PM UTC

Win7_HomePrem_SP1_English_x32.iso
Win7_HomePrem_SP1_English_x64.iso

Apply eicfg_removal_utility to make it universal (all types)

 

[PussEKatt]

Is it Win 7 HP SP1?
windows7 SP1-kb976932-x64 to download the update package



Links valid for 24 hours
Links expire: 2/10/2021 1:30:07 PM UTC

Win7_HomePrem_SP1_English_x32.iso
Win7_HomePrem_SP1_English_x64.iso

Apply eicfg_removal_utility to make it universal (all types)

Yes it is.
Do you want me to run the above eicfg removal utility ?

 

[Megahertz07]

Yes it is.
Do you want me to run the above eicfg removal utility ?

eicfg removal utility is to be applied on a Win7 installation ISO file.

If you download a fresh ISO from the links provided, yes you can apply it.
If you going to use the disk you have, no.

 

[PussEKatt]

Thank you for your quick replies.Just to make everything clear,is this what I do now.
Load the Win7 ISO into Power Iso
Add or Run eicfg ?
Burn the ISO to disk or mount it ?
Then install/Run it on my current Windows instilation

 

[Megahertz07]

You run the eicfg_removal_utility and point to the Win 7.ISO
Read the readme.txt on the eicfg_removal_utility

 

[PussEKatt]

I installed eicfg on the Windows7 ISO and then I mounted the ISO.Windows then installed itself again and I am back to a clean desktop with only the trash can on it.Is this what is supposed to happen ?
Can I safely install programs now without fear of Windows going pear shaped after a month ?
If I am now all set to go on my PC without silly ( Windows is not genuine ) then I cant thank you enough.

 

[Megahertz07]

If you ran setup.exe from running windows it did reinstall Windows. It is a in place upgrade (with same version) or a so called Repair install.
- Is windows activated?
- Go to windows update and set it to never check.
- Use Single file with all updates - Simplix

 

[PussEKatt]

iN that case, as I said before I cant thank you enough for getting my PC working properly again.
Yes Windows asked me for my key and I have activated it,no problems.As for updates,I dont use them I always turn updates off.I have been doing this for years.
Again,thank you very very much.Not only for fixing my PC but also for your quick responces to my replies.I will mark this thread closed tomorrow,in case you want to add anything else.Thank you again.

 

[Megahertz07]

You should install the updates using Simplix, not only for security but also to install required updates.

 

[PussEKatt]

Ok,as you have been so helpful I have downloaded the Simplex pack and also the KB_Spy.cmd.txt
Thank you