Laptop is doing strange things... might be a Hacker attack

paradise726

Thread Starter
Joined
Nov 16, 2021
Messages
33
Hello there,

I have a problem on my laptop. I try to be more precise as I can. My Laptop is doing strange things. I tried everything to see what is happening to my Laptop but unable to find. Laptop Time changing, Msconfig Settings changing, Regedit has creating invalid entries and all mentioned utilities are creating automatic entries. Also on some cases my laptop is doing auto shutdown. I was using Windows 7 ultimate since 1 year and facing those issues. Few days ago I tried to install Windows 7 starter but It cant help me. Today I clean install a Windows 7 home basic and recording events happening after. What I have to provide you to check It was a hacker attack? I suspect some hacker from ISP side is doing malicious things to my laptop. Please suggest what can I do further?
 

lochlomonder

Colin
Trusted Advisor
Spam Fighter
Joined
Jul 24, 2015
Messages
3,933
So you have copies of Windows 7 Starter, Home & Ultimate which just happened to be lying around? Unlikely. What I suspect here is you have a cracked version of Windows 7.
 

TerryNet

Terry
Moderator
Joined
Mar 23, 2005
Messages
81,754
Can I upload something for checking purposes?
Absolutely. Do this ....

Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

As a reminder to all, since this issue hasn't come up much lately: NO MORE HELP UNTIL A MODERATOR OR ADMINISTRATOR SAYS TO GO AHEAD.
 

paradise726

Thread Starter
Joined
Nov 16, 2021
Messages
33
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-3H233-PTWTJ-YRYRV
Windows Product Key Hash: iplHJdWi/M942hdv/dPc8+K1E4Y=
Windows Product ID: 00346-339-0000007-85240
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.002
ID: {046A3CCE-63E8-47B1-8DF6-3934C40CCFC2}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Basic
Architecture: 0x00000000
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{046A3CCE-63E8-47B1-8DF6-3934C40CCFC2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YRYRV</PKey><PID>00346-339-0000007-85240</PID><PIDType>5</PIDType><SID>S-1-5-12</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Extensa 5620 </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.35 </Version><SMBIOSVersion major="2" minor="4"/><Date>20080703000000.000000+000</Date></BIOS><HWID>DFC23607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pakistan Standard Time(GMT+05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomeBasic edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: b1184982-a958-4643-8e66-445fa0f92832
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00346-00170-339-000000-00-1033-7601.0000-0102006
Installation ID: 007226627660223794419964700926511515340613734292552591
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: YRYRV
License Status: Notification
Notification Reason: 0xC004F009 (grace time expired).
Remaining Windows rearm count: 3
Trusted time: 11/23/2021 5:51:31 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAEABAABAAIAAAABAAAAAgABAAEAJJRE7KpFRoP8kFQ5Rrfgs1Kd4oJAmZKzvMUqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
TCPA Intel CRESTLN
TMOR PTLTD
SLIC ACRSYS ACRPRDCT
ASF! OEMID OEMTBL
SSDT SataRe SataPri
SSDT SataRe SataPri
SSDT SataRe SataPri
SSDT SataRe SataPri
SSDT SataRe SataPri
SSDT SataRe SataPri
 

TerryNet

Terry
Moderator
Joined
Mar 23, 2005
Messages
81,754
Not a valid Windows Product Key. Please come back when you have a valid and genuine operating system.

Closing thread.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
121,911
I will reopen this thread in one last effort to obtain the truth about the situation.

First, please confirm that the issue here and the issues in the other very long thread are on the same device?

If they are the same device:

Is it a laptop of a desktop PC?
Who does it belong to?
What is the current operating system installed on it?

If they are not the same device

How many devices you are talking about?
What type of device are they (laptop or desktop PC),
Who does each device belong to?
What is the current operating system on each device?
 

paradise726

Thread Starter
Joined
Nov 16, 2021
Messages
33
First, please confirm that the issue here and the issues in the other very long thread are on the same device?
Answer: Yes It is only one device.

Is it a laptop of a desktop PC?
Answer: Laptop

Who does it belong to?
Answer: It is my own personal laptop.

What is the current operating system installed on it?
Answer: Current operating system is Windows 7 Home basic installed on it.

Next questions answer are same one. I have only a single device which is a Laptop basically.
 

paradise726

Thread Starter
Joined
Nov 16, 2021
Messages
33
Tech Guy Info:
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 7 Home Basic, Service Pack 1, 32 bit, Build 7601, Installed 20211123121412.000000+300
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz, x64 Family 6 Model 15 Stepping 13, CPU Count: 2
Total Physical RAM: 2 GB
Graphics Card: Mobile Intel(R) 965 Express Chipset Family (Microsoft Corporation - WDDM 1.1), 384 MB
Hard Drives: C: 37 GB (27 GB Free); D: 17 GB (10 GB Free); E: 16 GB (4 GB Free);
Motherboard: Acer Columbia, ver Rev, s/n LXE980X2638091A3422000
System: Phoenix Technologies LTD, ver ACRSYS - 6040000, s/n LXE980X2638091A3422000
Antivirus: None
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
121,911
Thank you for replying to my questions.

So the MGA Diagnostic report that you submitted shows that since you installed Windows 10 Home Basic it hasn't been activated. Please follow the instructions in the following link to activate your operating system with a valid license and then run the MGA Diagnostic utility again and post the new report.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top