locked
This Computer is not running genuine Windows - 6 Month old Asus from NewEgg RRS feed

  • Question

  • Hi - and thanks, in advance, for help!

    Problem: I started getting this Windows Message about 2 weeks ago.  I go through the steps, but it wants me to buy windows.  After reading the posts I ran MGADiag.exe (results below) and say some files were listed as "tampered".  I ran 2 malware/spyware scanners and an Avast full system boot-time scan and have found nothing.  I uninstalled a bunch of Canon software that came with my camera because since it vaguely coincided with the problem.  I have also run a boot-time check disk.  There has really been no unusual activity or problems on this computer.  It has taken me a long time to get it setup with all the apps configured the way I want them, so I hope that a "clean install" is not the only option.

    System: Asus Laptop, about 6 months old, purchased new through NewEgg.com retailer.  Windows 7 Home Premium 64-bit pre-installed.

    Any Help will be GREATLY appreciated!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E901197C-5EA9-4448-8B25-F91E64FBA06F}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E901197C-5EA9-4448-8B25-F91E64FBA06F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-295665998-2533128837-2654638125</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc.</Manufacturer><Model>K73E</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>K73E.205</Version><SMBIOSVersion major="2" minor="6"/><Date>20110401000000.000000+000</Date></BIOS><HWID>AC563A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009
    Installation ID: 109040126004362591068604511771368414471042795371088805
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 9YQTR
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 12/22/2011 7:30:21 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: MgAAAAEAAQABAAEAAAACAAAABAABAAEAonbuUNIp2nk4llzfmH0RLmLjtrkYLhkuLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            _ASUS_        Notebook
      FACP            _ASUS_        Notebook
      DBGP            _ASUS_        Notebook
      HPET            _ASUS_        Notebook
      MCFG            _ASUS_        Notebook
      ECDT            _ASUS_        Notebook
      SLIC            _ASUS_        Notebook
      SSDT            PmRef        Cpu0Ist
      SSDT            PmRef        Cpu0Ist
      ASF!            INTEL          HCG



     

    Thursday, December 22, 2011 12:31 PM

Answers

  • "a person named Keith" wrote in message news:9a49dd5d-30c5-4c41-8fea-9f4c00ce3ccb...

    Hi - and thanks, in advance, for help!

    Problem: I started getting this Windows Message about 2 weeks ago.  I go through the steps, but it wants me to buy windows.  After reading the posts I ran MGADiag.exe (results below) and say some files were listed as "tampered".  I ran 2 malware/spyware scanners and an Avast full system boot-time scan and have found nothing.  I uninstalled a bunch of Canon software that came with my camera because since it vaguely coincided with the problem.  I have also run a boot-time check disk.  There has really been no unusual activity or problems on this computer.  It has taken me a long time to get it setup with all the apps configured the way I want them, so I hope that a "clean install" is not the only option.

    System: Asus Laptop, about 6 months old, purchased new through NewEgg.com retailer.  Windows 7 Home Premium 64-bit pre-installed.

    Any Help will be GREATLY appreciated!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100


    Other data-->
    SYSTEM><Manufacturer>ASUSTeK Computer Inc.</Manufacturer><Model>K73E</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>K73E.205</Version><SMBIOSVersion major="2" minor="6"/><Date>20110401000000.000000+000</Date></BIOS



    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Partial Product Key: 9YQTR
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 12/22/2011 7:30:21 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys



     
    The set of file mismatches above are typical of one of two causes:-
    1) a restore from an image backup of the system
    2) a failed driver update
    The only one for which we currently have a solution is the second.....
    Installing the Intel Rapid Storage Drivers
    try downloading and installing them from here -
    - you’ll need the set for the x64 (64-bit) platform on Win7
    Once complete, please reboot twice, then post another MGADiag report.
    Good Luck!
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, December 22, 2011 2:26 PM
    Moderator

All replies

  • "a person named Keith" wrote in message news:9a49dd5d-30c5-4c41-8fea-9f4c00ce3ccb...

    Hi - and thanks, in advance, for help!

    Problem: I started getting this Windows Message about 2 weeks ago.  I go through the steps, but it wants me to buy windows.  After reading the posts I ran MGADiag.exe (results below) and say some files were listed as "tampered".  I ran 2 malware/spyware scanners and an Avast full system boot-time scan and have found nothing.  I uninstalled a bunch of Canon software that came with my camera because since it vaguely coincided with the problem.  I have also run a boot-time check disk.  There has really been no unusual activity or problems on this computer.  It has taken me a long time to get it setup with all the apps configured the way I want them, so I hope that a "clean install" is not the only option.

    System: Asus Laptop, about 6 months old, purchased new through NewEgg.com retailer.  Windows 7 Home Premium 64-bit pre-installed.

    Any Help will be GREATLY appreciated!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100


    Other data-->
    SYSTEM><Manufacturer>ASUSTeK Computer Inc.</Manufacturer><Model>K73E</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>K73E.205</Version><SMBIOSVersion major="2" minor="6"/><Date>20110401000000.000000+000</Date></BIOS



    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Partial Product Key: 9YQTR
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 12/22/2011 7:30:21 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys



     
    The set of file mismatches above are typical of one of two causes:-
    1) a restore from an image backup of the system
    2) a failed driver update
    The only one for which we currently have a solution is the second.....
    Installing the Intel Rapid Storage Drivers
    try downloading and installing them from here -
    - you’ll need the set for the x64 (64-bit) platform on Win7
    Once complete, please reboot twice, then post another MGADiag report.
    Good Luck!
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, December 22, 2011 2:26 PM
    Moderator
  • Thank you for your suggestion to install the latest Intel Rapid Storage drivers.

    I did that and now the "File Mismatch" problems are gone, but WGADiag is still reporting "Tampered Files".

    I do not know if the "NOT Genuine" message is fixed, I have not gotten it yet, but it is inconsistent.

    I am VERY disturbed that Windows 7 can so easily be disabled as non-genuine.  My computer DID NOT report either of the (2) events you mentioned (I think would have noticed if I did an IMAGE restore!):

    The set of file mismatches above are typical of one of two causes:-
    1) a restore from an image backup of the system
    2) a failed driver update

    I support all efforts to prevent illegal software use, but the manufacture MUST go to great lengths to make sure legitmit owners are not inconvenienced or damaged!

    This type of problem is just going to drive more people to MAC (this coming from a 20 year PC user).

    LATEST WGADIAG

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E901197C-5EA9-4448-8B25-F91E64FBA06F}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E901197C-5EA9-4448-8B25-F91E64FBA06F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-295665998-2533128837-2654638125</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc.</Manufacturer><Model>K73E</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>K73E.205</Version><SMBIOSVersion major="2" minor="6"/><Date>20110401000000.000000+000</Date></BIOS><HWID>AC563A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009
    Installation ID: 109040126004362591068604511771368414471042795371088805
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 9YQTR
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 12/22/2011 6:47:11 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: MgAAAAEAAQABAAEAAAACAAAABAABAAEAonbuUNIp2nk4llzfmH0RLmLjtrkYLhkuLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            _ASUS_        Notebook
      FACP            _ASUS_        Notebook
      DBGP            _ASUS_        Notebook
      HPET            _ASUS_        Notebook
      MCFG            _ASUS_        Notebook
      ECDT            _ASUS_        Notebook
      SLIC            _ASUS_        Notebook
      SSDT            PmRef        Cpu0Ist
      SSDT            PmRef        Cpu0Ist
      ASF!            INTEL          HCG



    Thursday, December 22, 2011 11:56 PM
  • This type of problem is just going to drive more people to MAC (this coming from a 20 year PC user).

    No it isn't.  And this is from a long time Mac AND PC user.  Apple has a whole set of their own frustating problems.  Also, the sheer cost of a Mac (250% of an equivalent PC) and the dominance of Windows software deters many folks.  I'm still waiting for native usb 3.0 support for my MacBook Pro. 

     


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Friday, December 23, 2011 1:43 AM
    Answerer
  • "a person named Keith" wrote in message news:5eda2728-7bd6-4018-b401-5c1ab78612a0...

    Thank you for your suggestion to install the latest Intel Rapid Storage drivers.

    I did that and now the "File Mismatch" problems are gone, but WGADiag is still reporting "Tampered Files".

    I do not know if the "NOT Genuine" message is fixed, I have not gotten it yet, but it is inconsistent.

    I am VERY disturbed that Windows 7 can so easily be disabled as non-genuine.  My computer DID NOT report either of the (2) events you mentioned (I think would have noticed if I did an IMAGE restore!):

    The set of file mismatches above are typical of one of two causes:-
    1) a restore from an image backup of the system
    2) a failed driver update

    I support all efforts to prevent illegal software use, but the manufacture MUST go to great lengths to make sure legitmit owners are not inconvenienced or damaged!

    This type of problem is just going to drive more people to MAC (this coming from a 20 year PC user).

    LATEST WGADIAG

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003




     
     
    Unfortunately, there’s no change in the report – both file mismatches and tampers are still present.
    There’s one other thing that *may be associated* – please open an Admin Command Prompt window, and run the command
    SC QC CRYPTSVC
    - what response do you get?
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, December 23, 2011 9:26 PM
    Moderator
  • Yes, you are right , I was too hasty/optimistic in marking the problem solved.  It is not, the pop-ups happened several times today.

    I ran "SC QC CRYPTSVC" in an elevated command prompt.  The results are below.  There has been no unusual activity or problems with this computer - I really feel like this problem came from nowhere.  Very unnerving....

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>sc qc cryptsvc
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: cryptsvc
            TYPE               : 20  WIN32_SHARE_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : Cryptographic Services
            DEPENDENCIES       : RpcSs
            SERVICE_START_NAME : NT Authority\NetworkService

    C:\Windows\system32>

    Saturday, December 24, 2011 4:53 AM
  • "a person named Keith" wrote in message news:b336e0e7-cf43-4e4a-a9dd-d5e3383b6ca4...

    Yes, you are right , I was too hasty/optimistic in marking the problem solved.  It is not, the pop-ups happened several times today.

    I ran "SC QC CRYPTSVC" in an elevated command prompt.  The results are below.  There has been no unusual activity or problems with this computer - I really feel like this problem came from nowhere.  Very unnerving....



    C:\Windows\system32>

    nothing unusual there, I’m afraid.
    Your best option is to contact WGA Support, and see if they have any alternative solution to a repair install.
    WGA Support can be found here-
    North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4

    Outside North America:
    http://support.microsoft.com/contactus/?ws=support#tab0

    Please let us know if (and how) MS manage to repair the problem without a repair install of the OS - it would be useful for future reference!
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, December 24, 2011 9:30 AM
    Moderator
  • I remembered something that did happen recently:

    Thunderbird was having problems with file permissions in a few folders, so I reset the permissions on the C: drive root and subfolders to give my logon user full control.  I have had to do this on other computers without any problems, however I wonder if it caused some of the files to be flagged as "tampered".

    Do you think a "System Restore" to a point before I did this have any effect?

    I will contact WGA support.

    Thank you for your efforts.

    Saturday, December 24, 2011 12:43 PM
  • "a person named Keith" wrote in message news:f4becfc5-e309-441a-aee7-9b0f1f083b8c...

    I remembered something that did happen recently:

    Thunderbird was having problems with file permissions in a few folders, so I reset the permissions on the C: drive root and subfolders to give my logon user full control.  I have had to do this on other computers without any problems, however I wonder if it caused some of the files to be flagged as "tampered".

    Do you think a "System Restore" to a point before I did this have any effect?

    I will contact WGA support.

    Thank you for your efforts.

    That’s certainly a possibility – and a System Restore may help.
    Setting the whole C: drive to have Full permissions for the User account is dangerous, to say the least! – it basically will allow malware free range over the whole system, and defeats the point of having Security Permissions in the first place.
    Can you tell me how you did it? that way I can try and duplicate it in a VM and see what happens.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, December 24, 2011 12:54 PM
    Moderator
  • WGA support chat was not able to help.  After running me through "slui 3" and "slui 4" they referred me to standard tech support, which I do not have time for right now, maybe later.

    The error message "slui 3" was giving at the end of the process was: "Invalid product key. The following error occurred while trying to use the product key: CODE: 0x80070005. DESCRIPTION: access is denied."  I think the "Invalid product key" part of the message is a red herring because WGA support verified the COA key via chat.  BUT, what I wonder is, if the " access denied" might have something to do with the permission changes I made...

    Back to those permission changes:  I agree that blanket permissions for the active user is a security risk and I was using it as a "blunt" troubleshooting tool because my email and browser had developed some permissions problems and I was testing to see if some prior malware attack had tampered with and changed the permissions.  The system is coming up clean now and the email/browser problem ended up being realted to an anti-virus config issue.

    How did I change the permissions: I went to the root and went to the Security tab and gave the user that is logged on full control of the root and all sub-folders.

    Question: if I did a system restore to a point prior to the permission change, will it restore the permission levels too?. 

    I am going to try a System Restore now.

    Sunday, December 25, 2011 9:20 PM
  • Ok, System Restore is not an option.  I only have one point in System Restore and it is too recent.  I don't know why I only have 1, maybe because I limited System Restore to 12GB and that only fits one ?!?!?

    Another thing I tried was "sfc /scannow".  In regular boot and Safe Mode it found problems that it was unable to repair.  It wrote out a very long log I have not gone through, but it does make references to "ignoring duplicate ownership information".

    I will now see if the ASUS disks I burned when I first got the computer include any utility to do a repair install.  I did not get MS media with the computer...

    Sunday, December 25, 2011 9:35 PM
  • "a person named Keith" wrote in message news:7612936b-35d4-4741-aefa-d4b59077fe91...

    WGA support chat was not able to help.  After running me through "slui 3" and "slui 4" they referred me to standard tech support, which I do not have time for right now, maybe later.

    The error message "slui 3" was giving at the end of the process was: "Invalid product key. The following error occurred while trying to use the product key: CODE: 0x80070005. DESCRIPTION: access is denied."  I think the "Invalid product key" part of the message is a red herring because WGA support verified the COA key via chat.  BUT, what I wonder is, if the " access denied" might have something to do with the permission changes I made...

    Back to those permission changes:  I agree that blanket permissions for the active user is a security risk and I was using it as a "blunt" troubleshooting tool because my email and browser had developed some permissions problems and I was testing to see if some prior malware attack had tampered with and changed the permissions.  The system is coming up clean now and the email/browser problem ended up being realted to an anti-virus config issue.

    How did I change the permissions: I went to the root and went to the Security tab and gave the user that is logged on full control of the root and all sub-folders.

    Question: if I did a system restore to a point prior to the permission change, will it restore the permission levels too?.

    I am going to try a System Restore now.

    Which Anti-Virus were you having problems with? – What other AV’s have EVER been installed on this machine?
     
    When I tried to change the permissions on the root, I got a mass of access denied error messages – and only the files in the root folder ended up being affected.
    I had to take possession first, and then change the permissions.
    I still had no problems with activation or the MGADiag report, or installing updates.
     
     
    I see from your later message that SR failed  - my previous SR points seem unaffected by their experience.
    My SFC scan is still running.
     
     
    The Asus disk unfortunately doesn’t (usually at least) have the ability to do a repair install – particularly if it’s one based on the RTM system, as RTM disks cannot be used for repair installs of SP1 systems.
    You would need a (preferably) Retail disk with SP1 embedded to be able to do the repair.

     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, December 25, 2011 10:07 PM
    Moderator
  • Thank you for your efforts to reproduce the problem.  I had previously taken ownership of the drive and subfolders.  I did get a few "access denied" messages for files that were associated with running processes.  Good to hear that it had no effect for you, which means it may not be the issue for me.

    The SFC log seems too verbose to list here, but let me know if you are interested.

    That is bad news about the ASUS disk.  I was very disappointed in the new standard practice of not including media for windows - it isn't like other software where you can just download it again - it's the operating system for crying out loud!

    I guess I'll see if I can buy original media from ASUS and attempt a repair install rather than restore a factory image.

    I have so many other things I need to be doing rather than cleaning up this mess.  I am very frustrated with how this happened to a rather "plain" installation that sees little heavy work and has minimally expose to threats.

    The anti-virus is Avast Internet Security (paid version) and it is the only one that has ever been installed.

    Monday, December 26, 2011 4:10 AM
  • I'm afraid that the Asus recovery media will only restore the image that was used at the factory.  It is not a Windows installation disk and cannot be used to do an upgrade-in-place (repair installation).  It doesn't install Windows.  It transfers the factory image to the hard drive.
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Monday, December 26, 2011 4:22 AM
    Answerer
  • "a person named Keith" wrote in message news:be1de3bd-d1f0-4622-a398-e7936bc708ee...

    Thank you for your efforts to reproduce the problem.  I had previously taken ownership of the drive and subfolders.  I did get a few "access denied" messages for files that were associated with running processes.  Good to hear that it had no effect for you, which means it may not be the issue for me.

    The SFC log seems too verbose to list here, but let me know if you are interested.

    That is bad news about the ASUS disk.  I was very disappointed in the new standard practice of not including media for windows - it isn't like other software where you can just download it again - it's the operating system for crying out loud!

    I guess I'll see if I can buy original media from ASUS and attempt a repair install rather than restore a factory image.

    I have so many other things I need to be doing rather than cleaning up this mess.  I am very frustrated with how this happened to a rather "plain" installation that sees little heavy work and has minimally expose to threats.

    The anti-virus is Avast Internet Security (paid version) and it is the only one that has ever been installed.

     
    The installation almost certainly came with a Trial version of an AV – which you may never have activated, but which could still be having effects on the system if not uninstalled properly, and then completely removed using the AV manufacturer’s removal tool. The chances are that it was either McAfee or Norton – I would suggest that you run the removal tool for both, and see if that makes any difference, then run the removal tool for Avast, and reinstall it (I have seen situations where Avast itself causes problems with version upgrades.)
     
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Monday, December 26, 2011 11:16 AM
    Moderator