none
Another "not genuine Windows" victim.... diagnostic attached RRS feed

  • Question

  • Here is my diagnostic, per the instructions.  Would LOVE some help, thanks!

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Code: 0x8004FE21

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR

    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=

    Windows Product ID: 00359-OEM-8992687-00007

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.1.7601.2.00010300.1.0.003

    ID: {12B238E9-10F7-4290-9830-9CF9DD50748E}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Home Premium

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.120830-0333

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Home and Student 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{12B238E9-10F7-4290-9830-9CF9DD50748E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-3689473266-1359595395-3385317379</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc.        </Manufacturer><Model>K52F</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>K52F.208</Version><SMBIOSVersion major="2" minor="6"/><Date>20100506000000.000000+000</Date></BIOS><HWID>B9913807018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>7C88BEBDCCB870E</Val><Hash>+8kXAAYiMvyWWBW2TdQ96309jyM=</Hash><Pid>81602-903-2718406-68571</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->

    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition

    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel

    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009

    Installation ID: 107275800355827075186152405954275102209106553052385474

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

    Partial Product Key: 9YQTR

    License Status: Licensed

    Remaining Windows rearm count: 3

    Trusted time: 12/20/2012 10:38:37 PM

    Windows Activation Technologies-->

    HrOffline: 0x8004FE21

    HrOnline: N/A

    HealthStatus: 0x000000000001EFF0

    Event Time Stamp: 12:20:2012 22:30

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\sppobjs.dll

    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui

    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui

    Tampered File: %systemroot%\system32\sppwinob.dll

    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui

    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui

    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui

    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui

    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui

    Tampered File: %systemroot%\system32\drivers\spsys.sys

    HWID Data-->

    HWID Hash Current: LgAAAAEAAQABAAEAAAABAAAAAwABAAEA6GHo23KaABfUOobOFC80YZRNvjJcXQ==

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    _ASUS_                                Notebook

      FACP                                   _ASUS_                                Notebook

      DBGP                                  _ASUS_                                Notebook

      HPET                                    _ASUS_                                Notebook

      MCFG                                 _ASUS_                                Notebook

      ECDT                                    _ASUS_                                Notebook

      SLIC                                      _ASUS_                                Notebook

      SSDT                                    PmRef                  CpuPm


    Saturday, December 22, 2012 3:17 AM

Answers

All replies

  • This may simply be caused by a bad set of Intel Rapid Storage Technology drivers -  

     

    Installing the Intel Rapid Storage Drivers

    try downloading and installing them from here - http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=2101&DwnldID=21730

     

    (you want the iata_enu.exe download)

     

    Once complete, please reboot twice, then post another MGADiag report.   

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    • Marked as answer by rblaude Saturday, December 22, 2012 1:26 PM
    Saturday, December 22, 2012 11:02 AM
    Moderator
  • Noel, thank you!  I *think* it worked.  I went back to the validation tool on the Windows website and it said "Welcome, because your Windows is genuine" yadda yadda.... so that seems to be a good thing.  Here is my new diagnostic after installing the Intel drivers and the two-time reboot.  Let me know if it still looks suspicious..... thanks again.

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Code: 0

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR

    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=

    Windows Product ID: 00359-OEM-8992687-00007

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.1.7601.2.00010300.1.0.003

    ID: {12B238E9-10F7-4290-9830-9CF9DD50748E}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Home Premium

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.120830-0333

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Home and Student 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{12B238E9-10F7-4290-9830-9CF9DD50748E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-3689473266-1359595395-3385317379</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc.        </Manufacturer><Model>K52F</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>K52F.208</Version><SMBIOSVersion major="2" minor="6"/><Date>20100506000000.000000+000</Date></BIOS><HWID>B9913807018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>7C88BEBDCCB870E</Val><Hash>+8kXAAYiMvyWWBW2TdQ96309jyM=</Hash><Pid>81602-903-2718406-68571</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->

    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition

    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel

    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009

    Installation ID: 107275800355827075186152405954275102209106553052385474

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

    Partial Product Key: 9YQTR

    License Status: Licensed

    Remaining Windows rearm count: 3

    Trusted time: 12/22/2012 7:58:57 AM

    Windows Activation Technologies-->

    HrOffline: 0x00000000

    HrOnline: 0x00000000

    HealthStatus: 0x0000000000000000

    Event Time Stamp: 12:21:2012 22:38

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    HWID Data-->

    HWID Hash Current: LgAAAAEAAQABAAEAAAABAAAAAwABAAEA6GHo23KaABfUOobOFC80YZRNvjJcXQ==

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    _ASUS_                                Notebook

      FACP                                   _ASUS_                                Notebook

      DBGP                                  _ASUS_                                Notebook

      HPET                                    _ASUS_                                Notebook

      MCFG                                 _ASUS_                                Notebook

      ECDT                                    _ASUS_                                Notebook

      SLIC                                      _ASUS_                                Notebook

      SSDT                                    PmRef                  CpuPm

    Saturday, December 22, 2012 1:21 PM
  • All fixed - you're good to go :)

    Good luck.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 22, 2012 1:36 PM
    Moderator