none
Another Win 7 64bit Not Genuine RRS feed

  • Question

  • Running on a Dell XPS M1530.  The system came with Vista installed, but I purchased Win 7 Ultimate from my school.  A few months after installation, the "windows not genuine" interruptions began...  I've looked for advice and figured out that my slui.exe has somehow been tampered?!?  I have no idea how that might have happened.

    If there is any other info that would be helpful, please let me know.  Thank you in advance for any assistance.

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-KX4CK-GC32R-RKJGY
    Windows Product Key Hash: Byq/Yd/m+UcWV3WF12kJIvkELzw=
    Windows Product ID: 00426-437-2284651-85653
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.001
    ID: {FD956A1D-5B2F-4263-B8B2-7C4CA0418846}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\slui.exe[Hr = 0x80092003]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{FD956A1D-5B2F-4263-B8B2-7C4CA0418846}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RKJGY</PKey><PID>00426-437-2284651-85653</PID><PIDType>5</PIDType><SID>S-1-5-21-3627851165-241386180-318854388</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS M1530                       </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="4"/><Date>20080714000000.000000+000</Date></BIOS><HWID>83BA3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>M08    </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00170-437-228465-01-1033-7600.0000-1822010
    Installation ID: 014674781200166662241416728545044695141955359803120090
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: RKJGY
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 11/24/2010 10:28:35 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 11:22:2010 13:20
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: PgAAAAIABgABAAEAAQABAAAABAABAAEAeqigTHxUTjQGDE5qmnoyDx6zRoM2oCbb3oiw5Bu6bv8S6xoFKoU=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    M08   
      FACP   DELL    M08   
      HPET   DELL    M08   
      BOOT   DELL    M08   
      MCFG   DELL    M08   
      SLIC   DELL    M08   
      OSFR   DELL    M08   
      SSDT   PmRef  CpuPm

     

    Thursday, November 25, 2010 5:27 AM

Answers

  • "zetharx" wrote in message news:5566d215-c841-47b9-b10e-5a459884b055...

    below are

    - system file check output

    - CBS log  (just a few lines)

    - MGADiag ... same result as last time it seems

     

    is there any way for me to do a restore of system files from Win 7 installation disc without a full re-install.  I would like to avoid the need to re-install all my programs and such.  Thanks =)

     

    ***************************************************************

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-KX4CK-GC32R-RKJGY

    Windows Product Key Hash: Byq/Yd/m+UcWV3WF12kJIvkELzw=

    Windows Product ID: 00426-437-2284651-85653

    Windows Product ID Type: 5

    Windows License Type: Retail

    Windows OS version: 6.1.7600.2.00010100.0.0.001

     

    File Scan Data-->

    File Mismatch: C:\Windows\system32\slui.exe[Hr = 0x80092003]

     

     

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    The only file which matters is SLUI.EXE in this context - so we can ignore the other problems until we solve this one.
    You can try copying the file from another working Win 7 installation - that sometimes works with these files. You will probably have to do it while in Safe Mode.
    Once that's done, reboot, and run MGADiag again and see if it's worked. If so, then you can try posting a query about the other CBS.log files in the Win 7 Answers Repair forum.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Proposed as answer by Darin Smith MS Tuesday, November 30, 2010 12:42 AM
    • Marked as answer by Darin Smith MS Friday, December 3, 2010 12:09 AM
    Thursday, November 25, 2010 4:02 PM
    Moderator

All replies

  • "zetharx" wrote in message news:7b5ada7d-54da-441a-b5f7-9f929ad9b41c...

    Running on a Dell XPS M1530.  The system came with Vista installed, but I purchased Win 7 Ultimate from my school.  A few months after installation, the "windows not genuine" interruptions began...  I've looked for advice and figured out that my slui.exe has somehow been tampered?!?  I have no idea how that might have happened.

    If there is any other info that would be helpful, please let me know.  Thank you in advance for any assistance.

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-KX4CK-GC32R-RKJGY
    Windows Product Key Hash: Byq/Yd/m+UcWV3WF12kJIvkELzw=
    Windows Product ID: 00426-437-2284651-85653
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.001

    File Scan Data-->
    File Mismatch: C:\Windows\system32\slui.exe[Hr = 0x80092003]

     

     

    As you suspected, your SLUI.EXE file is being seen by the system as being tampered - this can happen for a number of reasons.
    First thing to try is a System Restore back to a date about three days before the problem first appeared (it can take up to three days for Windows to spot these problems).
    If that doesn't work, then try using the System File Checker -
    System File Checker - Instructions
    Click on the Start button
    type in the Search  box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator
     - the Elevated Command Prompt window should pop up
    At the Command prompt, type
     
    SFC   /SCANNOW
     
    and hit the Enter key
    Wait for the scan to finish - make a note of any error messages - and then reboot
    Visit the Validation site  http://www.microsoft.com/genuine and attempt to Validate Windows - again, make a note of error messages.
    Reboot.
    Run MGADiag again, and post the report, and error messages in your reply.
     
     

     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, November 25, 2010 8:06 AM
    Moderator
  • below are

    - system file check output

    - CBS log  (just a few lines)

    - MGADiag ... same result as last time it seems

     

    is there any way for me to do a restore of system files from Win 7 installation disc without a full re-install.  I would like to avoid the need to re-install all my programs and such.  Thanks =)

     

    *************************************************

    C:\Windows\system32>sfc /scannow

     

    Beginning system scan.  This process will take some time.

     

    Beginning verification phase of system scan.

    Verification 100% complete.

    Windows Resource Protection found corrupt files but was unable to fix some of them.

    Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example

    C:\Windows\Logs\CBS\CBS.log

     

     

    ***************************************************************

    these seemed to be the corrupted files mentioned in CBS.log

     

    2010-11-25 08:50:21, Info                  CSI    0000033d [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:16{8}]"slui.exe"; source file in store is also corrupted

    2010-11-25 08:50:21, Info                  CSI    00000337 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:46{23}]"PortableDeviceTypes.dll"; source file in store is also corrupted

    2010-11-25 08:50:21, Info                  CSI    00000331 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"mblctr.exe"; source file in store is also corrupted

    2010-11-25 08:50:21, Info                  CSI    0000032b [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"quartz.dll"; source file in store is also corrupted

    ***************************************************************

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-KX4CK-GC32R-RKJGY

    Windows Product Key Hash: Byq/Yd/m+UcWV3WF12kJIvkELzw=

    Windows Product ID: 00426-437-2284651-85653

    Windows Product ID Type: 5

    Windows License Type: Retail

    Windows OS version: 6.1.7600.2.00010100.0.0.001

    ID: {FD956A1D-5B2F-4263-B8B2-7C4CA0418846}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Ultimate

    Architecture: 0x00000009

    Build lab: 7600.win7_gdr.100618-1621

    TTS Error: 

    Validation Diagnostic: 

    Resolution Status: N/A

     

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

     

    OGA Data-->

    Office Status: 109 N/A

    OGA Version: Registered, 2.0.48.0

    Signed By: Microsoft

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Users\zetharx\AppData\Local\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

    File Mismatch: C:\Windows\system32\slui.exe[Hr = 0x80092003]

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{FD956A1D-5B2F-4263-B8B2-7C4CA0418846}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RKJGY</PKey><PID>00426-437-2284651-85653</PID><PIDType>5</PIDType><SID>S-1-5-21-3627851165-241386180-318854388</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS M1530                       </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="4"/><Date>20080714000000.000000+000</Date></BIOS><HWID>83BA3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>M08    </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

     

    Spsys.log Content: 0x80070002

     

    Licensing Data-->

    Software licensing service version: 6.1.7600.16385

     

    Name: Windows(R) 7, Ultimate edition

    Description: Windows Operating System - Windows(R) 7, RETAIL channel

    Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 00426-00170-437-228465-01-1033-7600.0000-1822010

    Installation ID: 014674781200166662241416728545044695141955359803120090

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

    Partial Product Key: RKJGY

    License Status: Licensed

    Remaining Windows rearm count: 3

    Trusted time: 11/25/2010 9:23:53 AM

     

    Windows Activation Technologies-->

    HrOffline: 0x8004FE22

    HrOnline: N/A

    HealthStatus: 0x0000000000000800

    Event Time Stamp: 11:22:2010 13:20

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

     

     

    HWID Data-->

    HWID Hash Current: PgAAAAIABgABAAEAAQABAAAABAABAAEAeqigTHxUTjQGDE5qmnoyDx6zRoM2oCbb3oiw5Bu6bv8S6xoFKoU=

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x0

    OEMID and OEMTableID Consistent: yes

    BIOS Information: 

      ACPI Table Name OEMID Value OEMTableID Value

      APIC DELL   M08    

      FACP DELL   M08    

      HPET DELL   M08    

      BOOT DELL   M08    

      MCFG DELL   M08    

      SLIC DELL   M08    

      OSFR DELL   M08    

      SSDT PmRef CpuPm

     

     

    Thursday, November 25, 2010 3:35 PM
  • "zetharx" wrote in message news:5566d215-c841-47b9-b10e-5a459884b055...

    below are

    - system file check output

    - CBS log  (just a few lines)

    - MGADiag ... same result as last time it seems

     

    is there any way for me to do a restore of system files from Win 7 installation disc without a full re-install.  I would like to avoid the need to re-install all my programs and such.  Thanks =)

     

    ***************************************************************

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-KX4CK-GC32R-RKJGY

    Windows Product Key Hash: Byq/Yd/m+UcWV3WF12kJIvkELzw=

    Windows Product ID: 00426-437-2284651-85653

    Windows Product ID Type: 5

    Windows License Type: Retail

    Windows OS version: 6.1.7600.2.00010100.0.0.001

     

    File Scan Data-->

    File Mismatch: C:\Windows\system32\slui.exe[Hr = 0x80092003]

     

     

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    The only file which matters is SLUI.EXE in this context - so we can ignore the other problems until we solve this one.
    You can try copying the file from another working Win 7 installation - that sometimes works with these files. You will probably have to do it while in Safe Mode.
    Once that's done, reboot, and run MGADiag again and see if it's worked. If so, then you can try posting a query about the other CBS.log files in the Win 7 Answers Repair forum.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Proposed as answer by Darin Smith MS Tuesday, November 30, 2010 12:42 AM
    • Marked as answer by Darin Smith MS Friday, December 3, 2010 12:09 AM
    Thursday, November 25, 2010 4:02 PM
    Moderator
  • Thank you Noel.  I will definately try that.  It will be a few days till the next update, though.  I left my disc at home, and I'm visiting family for Thanksgiving.  Happy Turkey Day =).
    Thursday, November 25, 2010 4:11 PM
  • "zetharx" wrote in message news:89940d66-32f7-40c1-b112-bbe34a5d9c70...
    Thank you Noel.  I will definately try that.  It will be a few days till the next update, though.  I left my disc at home, and I'm visiting family for Thanksgiving.  Happy Turkey Day =).

    I doubt the turkeys are too happy!
    :)
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, November 25, 2010 8:48 PM
    Moderator
  • Well I put in the Win 7 Ultimate installation dvd and ran an upgrade.  It successfully fixed slui.exe and I am once more genuine.  Thanks for the help.
    Sunday, December 5, 2010 12:58 AM
  • "zetharx" wrote in message news:519a5d74-82ff-410f-9c9f-2e103c97f72f...
    Well I put in the Win 7 Ultimate installation dvd and ran an upgrade.  It successfully fixed slui.exe and I am once more genuine.  Thanks for the help.

    A full upgrade install is a little more than I was suggesting - but if it fixed the problem, well done!
    I would suggest , however, that you download Belarc Advisor, (www.belarc.com) and run it - it will check your updates and flag any that have been broken by the reinstall so that you can fix them.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, December 5, 2010 3:10 PM
    Moderator