Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I believe my laptop was been infected [Solved]


  • This topic is locked This topic is locked

#31
RxEnergy

RxEnergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hello blmadara,

Did everything like your asked, but I did have a problem with WVCheck. Bellow is the message it produced when scan was complete. I did find the Error file message talks about, but it was empty, so there was nothing for me to copy.

An error occurred in WVCheck.

If you recieve this message,
please go to your desktop and open the file: WVCheck_error.txt
And copy that information to your forum post.

After you've copied the information,
press any key to close the program.

And here's the MGADiag report per second part of your instructions.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-V9488-FGM44-2C9T3
Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
Windows Product ID: 00426-OEM-8992662-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {1BD0B0A3-78B7-47FA-91D2-4EB49CBF4D6A}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1BD0B0A3-78B7-47FA-91D2-4EB49CBF4D6A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3113676377-2342901040-2773481060</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>FJ464AA-ABA a6554f</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>5.32   </Version><SMBIOSVersion major="2" minor="5"/><Date>20081023000000.000000+000</Date></BIOS><HWID>17C53507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070005
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LAAAAAEAAAABAAEAAQACAAAAAQABAAEAlisGbWjd+Kb4b+JsGuwIyiCpzDE=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			HPQOEM		SLIC-CPC
  FACP			HPQOEM		SLIC-CPC
  HPET			HPQOEM		SLIC-CPC
  MCFG			HPQOEM		SLIC-CPC
  OEMB			HPQOEM		SLIC-CPC
  GSCI			HPQOEM		SLIC-CPC
  SLIC			HPQOEM		SLIC-CPC
  SSDT			HPQOEM		SLIC-CPC



Thank you. Will wait for further instructions.
  • 0

Advertisements


#32
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Is your copy of Windows legitimate? From the logs it appears that it is not legitimate. Because of this, according to our Terms of Use, I will be unable to help you until Windows is successfully validated.
  • 0

#33
RxEnergy

RxEnergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I should be, but I bought that PC on ebay, so there are no guarantees. All the updates run without a hitch and I was able to get all the other MS goodies from their website without a problem.
It's too late to change anything now, been a long time since my purchase and with current pricing buying just the OS would be more expensive than buying a new machine...

Regardless, I thankful for your time and all the help you provided. I truly appreciate it. Hope you have a great weekend.
  • 0

#34
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Did you get a copy of the Windows CD when you bought the computer? Maybe it simply needs to be reactivated with the code on the CD case.
  • 0

#35
RxEnergy

RxEnergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
No, sorry. I didn't get it brand new. That's fine though. That computer's main purpose is to be a NAS and I only reboot when new Windows updates are available, I can deal with few extra minutes of boot time.

Thanks again for all your help!!!

You can close this thread now.
  • 0

#36
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
You're very welcome. Good luck!!
  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP