Answered by:
Windows Genuine Advantage error
Question
-
I bought my computer from Best Buy about 4-5 years ago and have had no problems with licensing. I started getting the pop up windows saying 'This computer is not running genuine Windows.' I havent recently installed anything and looked around for what to do. I saw someone run the Windows Diagnostic Tool so I downloaded it from http://go.microsoft.com/fwlink/?linkid=52012 . I ran it and got results shown below. Not sure where to go from here.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-CCRXV
Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=
Windows Product ID: 55041-089-8916164-86999
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {66784CDB-47B2-4275-8DDA-B64FDB051511}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\PapaProg\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{66784CDB-47B2-4275-8DDA-B64FDB051511}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-089-8916164-86999</PID><PIDType>6</PIDType><SID>S-1-5-21-4092467384-3037088290-3243251233</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS><HWID>21A13A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.
Error: 0x8002801D
Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 1:2:2012 07:54
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
HWID Data-->
HWID Hash Current: NgAAAAIABAABAAEAAgABAAAAAQABAAEAvOkcQPziX5qMJka8aGWENGwCQBIKgI3vlCJA1uqC
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 092110 APIC1203
FACP 092110 FACP1203
HPET 092110 OEMHPET
MCFG 092110 OEMMCFG
OEMB 092110 OEMB1203
OSFR 092110 OEMOSFR
SSDT DpgPmm CpuPm
SLIC _ASUS_ Notebook
Monday, January 2, 2012 1:25 PM
Answers
-
"PapaWu69" wrote in message news:c51fd18a-a5d7-4d15-98e0-2721cca91546...
I just got the genuine Windows pop up message again. So it looks like the virus was not the cause. Please let me know how to continue to try and resolve the tampered file in the MGADiag report. I just ran the MGADiag again to get a report while the message is still open.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-CCRXV
Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=
Windows Product ID: 55041-089-8916164-86999
Windows Product ID Type: 6
Windows License Type: Volume MAK
Still no change :(I think at this point it would be best for you to go to WGA Support for assistance – I suspect that this problem needs more hands-on assistance than we can provide in a forum context..WGA Support can be found here-North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4
Outside North America:
http://support.microsoft.com/contactus/?ws=support#tab0
Please let us know if (and how) MS manage to repair the problem without a repair install of the OS - it would be useful for future reference!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked as answer by Darin Smith MS Monday, January 9, 2012 11:34 PM
Wednesday, January 4, 2012 8:22 AMModerator
All replies
-
"PapaWu69" wrote in message news:aaa3837d-7f13-4739-a668-95f5402f000e...
I bought my computer from Best Buy about 4-5 years ago and have had no problems with licensing. I started getting the pop up windows saying 'This computer is not running genuine Windows.' I havent recently installed anything and looked around for what to do. I saw someone run the Windows Diagnostic Tool so I downloaded it from http://go.microsoft.com/fwlink/?linkid=52012 .. I ran it and got results shown below. Not sure where to go from here.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-CCRXV
Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=
Windows Product ID: 55041-089-8916164-86999
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
Other data-->
SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.
Error: 0x8002801D
Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 1:2:2012 07:54
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
SLIC _ASUS_ Notebook
The License on this machine is a Volume license – which cannot be sold to the general public.The motherboard appears to be a Retail one – but has an ASUS SLIC table for Vista, and is dated long after Windows 7 was released (which could simply be because of BIOS updates).I suspect that this installation is non-genuinePlease look for the COA sticker on the machine – what version and edition of Windows does it say the computer is licensed for?How did you upgrade to Windows 7? – If your license came from a purchase, it was a counterfeit.If your license came from your company, you should contact them for assistance.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothMonday, January 2, 2012 1:35 PMModerator -
Well, since it was so long ago when this first started happening it may have started after I got a newer version of Windows from my school. The sticker on the side of the machine is for Windows Vista Home Premium but I updated it to Windows 7 Professional. It is definitely a valid license but does this error mean that I can only have Vista Home Premium on here?Monday, January 2, 2012 1:43 PM
-
"PapaWu69" wrote in message news:149fb11a-2425-4a21-966e-da9b64a65e56...Well, since it was so long ago when this first started happening it may have started after I got a newer version of Windows from my school. The sticker on the side of the machine is for Windows Vista Home Premium but I updated it to Windows 7 Professional. It is definitely a valid license but does this error mean that I can only have Vista Home Premium on here?It means that you need to1) fix the problem with the Tampered file in the report2) if fixing that doesn’t fix the non-genuine status, then you should ask the school for assistance.If both of the above fail, then you should reinstall Windows Vista, and then attempt a new upgrade to Win7 with the same Key you are currently using.Let’s try fixing the current problems -Unfortunately, you indicate that you’ve been getting the error for a long time, which rules out the easy solution of a System Restore back to before the problem arose, so we’ll have to try a few obvious tricks first.You have two error messages relevant – one of which is rare (the ‘0x8002801D' one), and the other which can be a pain to track down, if it’s possible at all.I suspect that the solutions are related, but I’m not sure where to start.Are you by any chance using Kaspersky as Anti-Virus?If so try uninstalling it, and see if the problem goes away.If not – what other malware/AV programs do you have installed?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothMonday, January 2, 2012 4:15 PMModerator -
I have Avast Internet Security running which was installed before the issue began. I also have Spybot S&D and Ad Aware which are constantly running (in sys tray). Occasionally I do a scan with Malwarebytes as well but I keep the system pretty clean so dont usually find much outside of cookies.Monday, January 2, 2012 6:53 PM
-
"PapaWu69" wrote in message news:7035bcca-4c18-4d85-ae2a-1862f58ab39b...I have Avast Internet Security running which was installed before the issue began. I also have Spybot S&D and Ad Aware which are constantly running (in sys tray). Occasionally I do a scan with Malwarebytes as well but I keep the system pretty clean so dont usually find much outside of cookies.If you have all three of those running in the background, you have a case of overkill!Please first Uninstall AdAware - IMHO it was one of the best pieces of anti-malware a few years ago, but is merely an also-ran nowadays. Reboot at least twice, and run another MGADiag report – check for the errors again.If no change, then uninstall Spybot, after disabling whatever protections you have enabled, reboot twice and check the MGADiag report again.If still no change, uninstall Avast, reboot twice and retest.If *still* no change, do the followingClick on the Start button
type in the Search box
CMD.EXE
right-click on the only file that is found
Select Run as Administrator
- the Elevated Command Prompt window should pop up
At the Command prompt, type
CHKDSK C: /R
and hit the Enter key
You will be told that the drive is locked, and the CHKDSK will run at he next boot - hit the Y key, and then reboot. The chkdsk will take a few hours depending on the size of the drive, so be patient!
After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) - then run the SFC
SFC -System File Checker - Instructions
Click on the Start button
type in the Search box
CMD.EXE
right-click on the only file that is found
Select Run as Administrator
- the Elevated Command Prompt window should pop up
At the Command prompt, type
SFC /SCANNOW
and hit the Enter key
Wait for the scan to finish - make a note of any error messages - and then reboot.
run another MGADiag report, and post the results.You can then reinstall Avast ONLY until we have some kind of solution.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothMonday, January 2, 2012 7:14 PMModerator -
ok so I uninstalled Ad Aware, rebooted twice and so far so good. I am going to be out for a few hours but will leave my computer on and see if the message pops up again. I am posting the MGADiag report which seems to show the same errors but we will see... if i see it when I return I will continue through your steps you previously stated (in order). Thanks in advance.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-CCRXV
Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=
Windows Product ID: 55041-089-8916164-86999
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {66784CDB-47B2-4275-8DDA-B64FDB051511}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\PapaProg\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{66784CDB-47B2-4275-8DDA-B64FDB051511}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-089-8916164-86999</PID><PIDType>6</PIDType><SID>S-1-5-21-4092467384-3037088290-3243251233</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS><HWID>21A13A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.
Error: 0x8002801D
Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 1:2:2012 07:54
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
HWID Data-->
HWID Hash Current: NgAAAAIABAABAAEAAgABAAAAAQABAAEAvOkcQPziX5qMJka8aGWENGwCQBIKgI3vlCJA1uqC
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 092110 APIC1203
FACP 092110 FACP1203
HPET 092110 OEMHPET
MCFG 092110 OEMMCFG
OEMB 092110 OEMB1203
OSFR 092110 OEMOSFR
SSDT DpgPmm CpuPm
SLIC _ASUS_ Notebook
Monday, January 2, 2012 8:44 PM -
ok so I did all the things that you said and it seems I didnt find the cause yet. dskchk finished and didnt find anything, sfc "did not any integrity violations". My last MGADiag report is below and I think it is same as previous;y posted.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-CCRXV
Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=
Windows Product ID: 55041-089-8916164-86999
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {66784CDB-47B2-4275-8DDA-B64FDB051511}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\PapaProg\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{66784CDB-47B2-4275-8DDA-B64FDB051511}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-089-8916164-86999</PID><PIDType>6</PIDType><SID>S-1-5-21-4092467384-3037088290-3243251233</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS><HWID>21A13A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.
Error: 0x8002801D
Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 1:2:2012 07:54
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
HWID Data-->
HWID Hash Current: NgAAAAIABAABAAEAAgABAAAAAQABAAEAvOkcQPziX5qMJka8aGWENGwCQBIKgI3vlCJA1uqC
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 092110 APIC1203
FACP 092110 FACP1203
HPET 092110 OEMHPET
MCFG 092110 OEMMCFG
OEMB 092110 OEMB1203
OSFR 092110 OEMOSFR
SSDT DpgPmm CpuPm
SLIC _ASUS_ Notebook
Tuesday, January 3, 2012 10:19 AM -
"PapaWu69" wrote in message news:876cfe4a-5ed6-430c-9cec-685d0f2c3ea6...
ok so I did all the things that you said and it seems I didnt find the cause yet. dskchk finished and didnt find anything, sfc "did not any integrity violations". My last MGADiag report is below and I think it is same as previous;y posted.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-CCRXV
Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=
Windows Product ID: 55041-089-8916164-86999
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
Unfortunately, you’re correct :(I take it that you’ve uninstalled all three security programs?please reinstall Avast, only for the moment.The Tampered file is probably the cause of the problem – please run the following commands and we’ll see if they bring anything to lightICACLS C:\Windows\System32\slui.exeICACLS C:\Windows\System32\slui.exe.muipost the results....The fact that the file doesn’t appear in the File Mismatch list as well as the Tampered file list tends to indicate that there is no problem with the file itself – which is supported by the fact that SFC shows no problems.This means that either there is a permissions problem with one of the two files, or that a registry entry for it is pointing somewhere it shouldn’t.The commands should tell us about the permissions – we need to find any registry entries that pertain.The most obvious entries are in the following registry KeysHKLM\SOFTWARE\Classes\AppID\slui.exeHKLM\SOFTWARE\Classes\Wow6432Node\AppID\slui.exeHKCR\AppID\slui.exeHKCR\Wow6432Node\AppID\slui.exeIn all cases, the Key contains a Value ‘AppID’ with the data {CCFDD24D-CEAB-458B-A4F1-F884973395DF}please check that this is correctPlease export the content of the KeysHKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}HKCR\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}HKCR\Wow6432Node\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}and post the results in your responseHopefully, that will track things down!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Proposed as answer by Darin Smith MS Tuesday, January 3, 2012 11:08 PM
Tuesday, January 3, 2012 11:01 AMModerator -
ok so here is what I have done.. (rebooted twice after each step as u recommended).i followed all the uninstall instructions you recommended including Avast I.S. (temp no AV installed but Windows Defender was on & Action Center (in sys tray) had message that AV is needed) - MGADiag report no changeI decided to run ESET AV online scanner next and it found a virus which I cannot remember name of but it was something to do with web/internet games which I had no idea was there and in a Program Files(x86) dir. --- MGADiag report had no change.Edit: found the ESET AV log I saved:C:\Program Files (x86)\hkVJbNV\04X1h23E.cpl a variant of Win32/Sefnit.AO trojan cleaned by deleting - quarantinedC:\Program Files (x86)\Retrogamer_2zEI\Installr\1.bin\2zEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantinedI have not yet seen the genuine windows notification pop up after virus removal but the MGADiag still shows has no change------------------------------------------------------------------------------------------------------Next I ran your commands with these results:------------------------------------------------------------------------------------------------------Microsoft Windows [Version 6.1.7601]Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\Windows\system32>ICACLS c:\Windows\System32\slui.exec:\Windows\System32\slui.exe NT SERVICE\TrustedInstaller:(F)BUILTIN\Administrators:(RX)NT AUTHORITY\SYSTEM:(RX)BUILTIN\Users:(RX)Successfully processed 1 files; Failed processing 0 filesC:\Windows\system32>ICACLS c:\Windows\System32\slui.exe.muic:\Windows\System32\slui.exe.mui: The system cannot find the file specified.Successfully processed 0 files; Failed processing 1 filesC:\Windows\system32>------------------------------------------------------------------------------------------------------Key values checked (through regedit) for Value ‘AppID’ with the data {CCFDD24D-CEAB-458B-A4F1-F884973395DF}HKLM\SOFTWARE\Classes\AppID\slui.exe -------------------------------- YHKLM\SOFTWARE\Classes\Wow6432Node\AppID\slui.exe -------------- YHKCR\AppID\slui.exe ------------------------------------------------------- YHKCR\Wow6432Node\AppID\slui.exe ------------------------------------- Y------------------------------------------------------------------------------------------------------Exported key content(exported locally opened & copied with notepad)------------------------------------------------------------------------------------------------------[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}]@="sppui""AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\00,00,02,00,30,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,\05,0a,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\00,00,00,20,02,00,00"LaunchPermission"=hex:01,00,04,80,30,00,00,00,40,00,00,00,00,00,00,00,14,00,\00,00,02,00,1c,00,01,00,00,00,00,00,14,00,1f,00,00,00,01,01,00,00,00,00,00,\01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,\00,00,00,05,20,00,00,00,20,02,00,00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}]@="sppui""AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\00,00,02,00,30,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,\05,0a,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\00,00,00,20,02,00,00"LaunchPermission"=hex:01,00,04,80,30,00,00,00,40,00,00,00,00,00,00,00,14,00,\00,00,02,00,1c,00,01,00,00,00,00,00,14,00,1f,00,00,00,01,01,00,00,00,00,00,\01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,\00,00,00,05,20,00,00,00,20,02,00,00[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}]@="sppui""AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\00,00,02,00,30,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,\05,0a,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\00,00,00,20,02,00,00"LaunchPermission"=hex:01,00,04,80,30,00,00,00,40,00,00,00,00,00,00,00,14,00,\00,00,02,00,1c,00,01,00,00,00,00,00,14,00,1f,00,00,00,01,01,00,00,00,00,00,\01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,\00,00,00,05,20,00,00,00,20,02,00,00[HKEY_CLASSES_ROOT\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}]@="sppui""AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\00,00,02,00,30,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,\05,0a,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\00,00,00,20,02,00,00"LaunchPermission"=hex:01,00,04,80,30,00,00,00,40,00,00,00,00,00,00,00,14,00,\00,00,02,00,1c,00,01,00,00,00,00,00,14,00,1f,00,00,00,01,01,00,00,00,00,00,\01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,\00,00,00,05,20,00,00,00,20,02,00,00[HKEY_CLASSES_ROOT\Wow6432Node\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}]@="sppui""AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\00,00,02,00,30,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,\05,0a,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\00,00,00,20,02,00,00"LaunchPermission"=hex:01,00,04,80,30,00,00,00,40,00,00,00,00,00,00,00,14,00,\00,00,02,00,1c,00,01,00,00,00,00,00,14,00,1f,00,00,00,01,01,00,00,00,00,00,\01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,\00,00,00,05,20,00,00,00,20,02,00,00Avast I.S. re-installedLatest report for record: (no change from previous) but have not yet seen the genuine Windows message (after virus removal) even though tampered fileDiagnostic Report (1.9.0027.0):-----------------------------------------Windows Validation Data-->Validation Code: 0x8004FE22Cached Online Validation Code: 0x0Windows Product Key: *****-*****-*****-*****-CCRXVWindows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=Windows Product ID: 55041-089-8916164-86999Windows Product ID Type: 6Windows License Type: Volume MAKWindows OS version: 6.1.7601.2.00010100.1.0.048ID: {66784CDB-47B2-4275-8DDA-B64FDB051511}(3)Is Admin: YesTestCab: 0x0LegitcheckControl ActiveX: N/A, hr = 0x80070002Signed By: N/A, hr = 0x80070002Product Name: Windows 7 ProfessionalArchitecture: 0x00000009Build lab: 7601.win7sp1_gdr.110622-1506TTS Error:Validation Diagnostic:Resolution Status: N/AVista WgaER Data-->ThreatID(s): N/A, hr = 0x80070002Version: N/A, hr = 0x80070002Windows XP Notifications Data-->Cached Result: N/A, hr = 0x80070002File Exists: NoVersion: N/A, hr = 0x80070002WgaTray.exe Signed By: N/A, hr = 0x80070002WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->Cached Result: N/A, hr = 0x80070002Version: N/A, hr = 0x80070002OGAExec.exe Signed By: N/A, hr = 0x80070002OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->Office Status: 100 GenuineMicrosoft Office Enterprise 2007 - 100 GenuineOGA Version: N/A, 0x80070002Signed By: N/A, hr = 0x80070002Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->Proxy settings: N/AUser Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)Default Browser: C:\Users\PapaProg\AppData\Local\Google\Chrome\Application\chrome.exeDownload signed ActiveX controls: PromptDownload unsigned ActiveX controls: DisabledRun ActiveX controls and plug-ins: AllowedInitialize and script ActiveX controls not marked as safe: DisabledAllow scripting of Internet Explorer Webbrowser control: DisabledActive scripting: AllowedScript ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->Other data-->Office Details: <GenuineResults><MachineData><UGUID>{66784CDB-47B2-4275-8DDA-B64FDB051511}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-089-8916164-86999</PID><PIDType>6</PIDType><SID>S-1-5-21-4092467384-3037088290-3243251233</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS><HWID>21A13A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: 0x80070002Licensing Data-->On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.Error: 0x8002801DWindows Activation Technologies-->HrOffline: 0x8004FE22HrOnline: N/AHealthStatus: 0x0000000000000800Event Time Stamp: 1:2:2012 07:54ActiveX: Registered, Version: 7.1.7600.16395Admin Service: Registered, Version: 7.1.7600.16395HealthStatus Bitmask Output:Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM RegistrationHWID Data-->HWID Hash Current: NgAAAAIABAABAAEAAgABAAAAAQABAAEAvOkcQPziX5qMJka8aGWENGwCQBIKgI3vlCJA1uqCOEM Activation 1.0 Data-->N/AOEM Activation 2.0 Data-->BIOS valid for OA 2.0: yesWindows marker version: 0x0OEMID and OEMTableID Consistent: yesBIOS Information:ACPI Table Name OEMID Value OEMTableID ValueAPIC 092110 APIC1203FACP 092110 FACP1203HPET 092110 OEMHPETMCFG 092110 OEMMCFGOEMB 092110 OEMB1203OSFR 092110 OEMOSFRSSDT DpgPmm CpuPmSLIC _ASUS_ NotebookHopefully I posted & bolded everything here to make it easy to understand. I have not seen the genuine Windows msg for an hour or so but I will post this, reboot and then see if I get it as i wait for your response...
- Edited by PapaWu69 Tuesday, January 3, 2012 9:22 PM
Tuesday, January 3, 2012 9:08 PM -
I just got the genuine Windows pop up message again. So it looks like the virus was not the cause. Please let me know how to continue to try and resolve the tampered file in the MGADiag report. I just ran the MGADiag again to get a report while the message is still open.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-CCRXV
Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=
Windows Product ID: 55041-089-8916164-86999
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {66784CDB-47B2-4275-8DDA-B64FDB051511}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\PapaProg\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{66784CDB-47B2-4275-8DDA-B64FDB051511}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-089-8916164-86999</PID><PIDType>6</PIDType><SID>S-1-5-21-4092467384-3037088290-3243251233</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS><HWID>21A13A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.
Error: 0x8002801D
Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 1:3:2012 22:04
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
HWID Data-->
HWID Hash Current: OAAAAAIABAABAAEAAgABAAAAAgABAAEAvOkcQPziX5qMJka8aGWENGwCQBIKgI3vlCJA1nm36oI=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 092110 APIC1203
FACP 092110 FACP1203
HPET 092110 OEMHPET
MCFG 092110 OEMMCFG
OEMB 092110 OEMB1203
OSFR 092110 OEMOSFR
SSDT DpgPmm CpuPm
SLIC _ASUS_ Notebook
Wednesday, January 4, 2012 3:09 AM -
"PapaWu69" wrote in message news:c51fd18a-a5d7-4d15-98e0-2721cca91546...
I just got the genuine Windows pop up message again. So it looks like the virus was not the cause. Please let me know how to continue to try and resolve the tampered file in the MGADiag report. I just ran the MGADiag again to get a report while the message is still open.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-CCRXV
Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=
Windows Product ID: 55041-089-8916164-86999
Windows Product ID Type: 6
Windows License Type: Volume MAK
Still no change :(I think at this point it would be best for you to go to WGA Support for assistance – I suspect that this problem needs more hands-on assistance than we can provide in a forum context..WGA Support can be found here-North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4
Outside North America:
http://support.microsoft.com/contactus/?ws=support#tab0
Please let us know if (and how) MS manage to repair the problem without a repair install of the OS - it would be useful for future reference!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked as answer by Darin Smith MS Monday, January 9, 2012 11:34 PM
Wednesday, January 4, 2012 8:22 AMModerator -
I will work with them and let you know. I also read about how it could be because of some race condition between two AV progs (or one AV and one spyware prog aka Windows Defender) so I removed Avast and ran it for a while without. I still got message and same diagnosic report. I installed a dif AV prog (ESET Smart SEcurity 5) same result...Wednesday, January 4, 2012 10:23 PM
-
"PapaWu69" wrote in message news:a6f2a6a3-6fc9-441e-91fc-a1b25fa200ab...I will work with them and let you know. I also read about how it could be because of some race condition between two AV progs (or one AV and one spyware prog aka Windows Defender) so I removed Avast and ran it for a while without. I still got message and same diagnosic report. I installed a dif AV prog (ESET Smart SEcurity 5) same result...Your problem is not a race condition – such beasts will disappear after a reboot, and then return (or not) at random. They also tend not to give constant errors in the MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, January 4, 2012 10:41 PMModerator
