locked
Windows 7 Home Premium 64bit on Acer Aspire One - genuine but not genuine RRS feed

  • Question

  • Hi All,

    having same oproblem as many here in this forum. Started around 2-3 weeks after - not sure which - update. Netbook bought in a store with Win7 Home Premium preinstalled. Was working ok for 6-7 months. The key from the sticker not shared with anyone.

    I search the forums and noticed a common issue with token file - I tried this workaround but it did not help.

     

    Here is my Diag output below:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {A08F2BB7-C451-4D16-8127-C9AE17D8341E}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\Szczech\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\slc.dll[Hr = 0x800b0100]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A08F2BB7-C451-4D16-8127-C9AE17D8341E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2010434842-2864290191-3904940465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>AO722</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>V1.04</Version><SMBIOSVersion major="2" minor="7"/><Date>20110608000000.000000+000</Date></BIOS><HWID>A0390200018400FC</HWID><UserLCID>0415</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central European Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800006-02-1033-7601.0000-1042011
    Installation ID: 008793058945389883211822955441799696147152510562320252
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 2011-11-06 20:08:57

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0000000000000100
    Event Time Stamp: 11:5:2011 21:03
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui


    HWID Data-->
    HWID Hash Current: LAAAAAAAAgABAAEAAAACAAAAAQABAAEA6GFOMFT5wuQO7B7xYj32feZR/Ag=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  ACRPRDCT
      FACP   ACRSYS  ACRPRDCT
      HPET   ACRSYS  ACRPRDCT
      BOOT   ACRSYS  ACRPRDCT
      MCFG   ACRSYS  ACRPRDCT
      SLIC   ACRSYS  ACRPRDCT
      SSDT   AMD     POWERNOW
      SSDT   AMD     POWERNOW

     

    Any help will be appreciated.

     

    Thanks in advance

    Szczech

    Sunday, November 6, 2011 7:19 PM

Answers

  • Hi All,

     

    just wanted to let everyone know that there is no longer any tampered file seen reported by the diag tool on my system. Did nothing else than all above with the exception of getting new updates installed from today: KB890830, KB2310132 (definition 1.115.1486.0). Rebooted and ran the diag:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {A08F2BB7-C451-4D16-8127-C9AE17D8341E}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A08F2BB7-C451-4D16-8127-C9AE17D8341E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2010434842-2864290191-3904940465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>AO722</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>V1.04</Version><SMBIOSVersion major="2" minor="7"/><Date>20110608000000.000000+000</Date></BIOS><HWID>A0390200018400FC</HWID><UserLCID>0415</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central European Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800006-02-1033-7601.0000-1042011
    Installation ID: 008793058945389883211822955441799696147152510562320252
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 2011-11-08 19:55:51

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:5:2011 21:03
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAAAAgABAAEAAAACAAAAAQABAAEA6GFOMFT5wuQO7B7xYj32feZR/Ag=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            ACRSYS        ACRPRDCT
      FACP            ACRSYS        ACRPRDCT
      HPET            ACRSYS        ACRPRDCT
      BOOT            ACRSYS        ACRPRDCT
      MCFG            ACRSYS        ACRPRDCT
      SLIC            ACRSYS        ACRPRDCT
      SSDT            AMD           POWERNOW
      SSDT            AMD           POWERNOW


    So far so good but probably to early to cheer. Will report success after 24 hours or so.

     

    Szczech

    • Proposed as answer by Darin Smith MS Tuesday, November 8, 2011 10:49 PM
    • Marked as answer by Szczech Wednesday, November 9, 2011 12:07 PM
    Tuesday, November 8, 2011 7:05 PM

All replies

  • "Szczech" wrote in message news:5bb69bfb-9a1a-4118-82a5-91ff0a73d28c...

    Hi All,

    having same oproblem as many here in this forum. Started around 2-3 weeks after - not sure which - update. Netbook bought in a store with Win7 Home Premium preinstalled. Was working ok for 6-7 months. The key from the sticker not shared with anyone.

    I search the forums and noticed a common issue with token file - I tried this workaround but it did not help.

     

    Here is my Diag output below:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003

    File Scan Data-->
    File Mismatch: C:\Windows\system32\slc.dll[Hr = 0x800b0100]

    Other data-->
    SYSTEM><Manufacturer>Acer</Manufacturer><Model>AO722</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>V1.04</Version><SMBIOSVersion major="2" minor="7"/><Date>20110608000000.000000+000</Date></BIOS

     

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 2011-11-06 20:08:57

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0000000000000100
    Event Time Stamp: 11:5:2011 21:03
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui

     

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes

    Thanks in advance

    Szczech

    Your problem is the File Mismatch above.
    Since you seem to have had this problem for a while, System Restore may not be an option – but go ahead if it’s less than a couple of weeks.
     
    Otherwise,
    I would suggest running CHKDSK and SFC (assuming that you’ve already tried a System Restore?)
    type in the Search box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator
    - the Elevated Command Prompt window should pop up
    At the Command prompt, type
    CHKDSK C: /R
    and hit the Enter key
    You will be told that the drive is locked, and the CHKDSK will run at he next boot - hit the Y key, and then reboot. The chkdsk will take a few hours depending on the size of the drive, so be patient!

    After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) - then run the SFC

    SFC -System File Checker - Instructions
    Click on the Start button
    type in the Search box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator
    - the Elevated Command Prompt window should pop up
    At the Command prompt, type

    SFC /SCANNOW

    and hit the Enter key
    Wait for the scan to finish - make a note of any error messages - and then reboot.

    run another MGADiag report, and post the results.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, November 6, 2011 7:26 PM
    Moderator
  • Much appreciated - quick and specific response Noel - thanks.

    I disabled system restore so this is not an option but I am about to follow your chkdsk and sfc guidelines...

    Will post back once I am back online.

    Thanks again

     

    Szczech

    Sunday, November 6, 2011 7:33 PM
  • "Szczech" wrote in message news:490f8c68-f5d2-48b9-b0a0-280d65d00c9c...

    Much appreciated - quick and specific response Noel - thanks.

    I disabled system restore so this is not an option but I am about to follow your chkdsk and sfc guidelines...

    Will post back once I am back online.

    Thanks again

     

    Szczech

     
    Now you see why I say that System Restore should never be disabled :)

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, November 6, 2011 7:41 PM
    Moderator
  • Now you see why I say that System Restore should never be disabled :

     

    Hi Noel,


    re: system restore - we have a saying in Poland that goes like this in freeform translation: "The Polish is always smarter after ther loss/damage" ;)

    Back to the results.

    I did the chkdisk as - ran clean - no issues detected.
    I ran sfc and got this as a result:

    Windows Resource Protection found corrupt files and successfully repaired
    them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
    example C:\Windows\Logs\CBS\CBS.log

    Rebooted and ran the diag again:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {A08F2BB7-C451-4D16-8127-C9AE17D8341E}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\Szczech\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\slc.dll[Hr = 0x800b0100]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A08F2BB7-C451-4D16-8127-C9AE17D8341E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2010434842-2864290191-3904940465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>AO722</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>V1.04</Version><SMBIOSVersion major="2" minor="7"/><Date>20110608000000.000000+000</Date></BIOS><HWID>A0390200018400FC</HWID><UserLCID>0415</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central European Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800006-02-1033-7601.0000-1042011
    Installation ID: 008793058945389883211822955441799696147152510562320252
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 2011-11-06 23:20:11

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0000000000000100
    Event Time Stamp: 11:5:2011 21:03
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui


    HWID Data-->
    HWID Hash Current: LAAAAAAAAgABAAEAAAACAAAAAQABAAEA6GFOMFT5wuQO7B7xYj32feZR/Ag=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  ACRPRDCT
      FACP   ACRSYS  ACRPRDCT
      HPET   ACRSYS  ACRPRDCT
      BOOT   ACRSYS  ACRPRDCT
      MCFG   ACRSYS  ACRPRDCT
      SLIC   ACRSYS  ACRPRDCT
      SSDT   AMD     POWERNOW
      SSDT   AMD     POWERNOW

     

    Apparently the "tampered" file is still there not "untampered".

    Any idea on what coule be the next step?

    Thanks

    Szczech

    Sunday, November 6, 2011 10:27 PM
  • It may also simply be unregistered for some reason.  That happens.

    Try regsvr32 C:\Windows\system32\slc.dll


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Sunday, November 6, 2011 11:00 PM
    Answerer
  • It may also simply be unregistered for some reason.  That happens.
    Try regsvr32 C:\Windows\system32\slc.dll
    Hi Colin,
    I tried and received following error message:
     
    The module "C:\Windows\system32\slc.dll" was loaded but the entry-point DllRegisterServer was not found.
    
    Make sure that "C:\Windows\system32\slc.dll" is a valid DLL or OCX file and then try again.

    The genuine message keeps on popping up every now and then every day.
    Thanks
    Szczech
    Monday, November 7, 2011 2:40 PM
  • Hi All,

     

    just wanted to let everyone know that there is no longer any tampered file seen reported by the diag tool on my system. Did nothing else than all above with the exception of getting new updates installed from today: KB890830, KB2310132 (definition 1.115.1486.0). Rebooted and ran the diag:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {A08F2BB7-C451-4D16-8127-C9AE17D8341E}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A08F2BB7-C451-4D16-8127-C9AE17D8341E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2010434842-2864290191-3904940465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>AO722</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>V1.04</Version><SMBIOSVersion major="2" minor="7"/><Date>20110608000000.000000+000</Date></BIOS><HWID>A0390200018400FC</HWID><UserLCID>0415</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central European Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800006-02-1033-7601.0000-1042011
    Installation ID: 008793058945389883211822955441799696147152510562320252
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 2011-11-08 19:55:51

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:5:2011 21:03
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAAAAgABAAEAAAACAAAAAQABAAEA6GFOMFT5wuQO7B7xYj32feZR/Ag=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            ACRSYS        ACRPRDCT
      FACP            ACRSYS        ACRPRDCT
      HPET            ACRSYS        ACRPRDCT
      BOOT            ACRSYS        ACRPRDCT
      MCFG            ACRSYS        ACRPRDCT
      SLIC            ACRSYS        ACRPRDCT
      SSDT            AMD           POWERNOW
      SSDT            AMD           POWERNOW


    So far so good but probably to early to cheer. Will report success after 24 hours or so.

     

    Szczech

    • Proposed as answer by Darin Smith MS Tuesday, November 8, 2011 10:49 PM
    • Marked as answer by Szczech Wednesday, November 9, 2011 12:07 PM
    Tuesday, November 8, 2011 7:05 PM
  • "Szczech" wrote in message news:f11872c3-fbf0-42a8-9783-e45a5e1b0e41...

    Hi All,

     

    just wanted to let everyone know that there is no longer any tampered file seen reported by the diag tool on my system. Did nothing else than all above with the exception of getting new updates installed from today: KB890830, KB2310132 (definition 1.115.1486.0). Rebooted and ran the diag:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003



    So far so good but probably to early to cheer. Will report success after 24 hours or so.

     

    Szczech

     
    Good news – thanks for the update (pun intended<g>)
    Your MGADiag report looks OK now
    Good luck

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, November 8, 2011 7:28 PM
    Moderator
  • marking the update as the answer...thanks all for help.
    Wednesday, November 9, 2011 12:08 PM
  • "Szczech" wrote in message news:5c7648d5-b37d-4885-867c-32ba6e62b5b3...
    marking the update as the answer...thanks all for help.
     
    Checking the KB’s – it seems that they are BOTH virus-detection updates (one for MSRT, and one for MSE/Defender)
    This raises the strong possibility that you have (had) a serious virus infection which caused the problem.
     
    I would suggest that you scan the system with a couple more cleanup tools before relaxing! – and check your bank accounts, if you use internet banking.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, November 9, 2011 12:30 PM
    Moderator
  • Noel, it is all good and of course you can never exclude the possibility of infection. Thanks again. /Szczech
    Thursday, November 10, 2011 7:39 PM