locked
Windows Genuine Advantage error RRS feed

  • Question

  • I bought my computer from Best Buy about 4-5 years ago and have had no problems with licensing. I started getting the pop up windows saying 'This computer is not running genuine Windows.' I havent recently installed anything and looked around for what to do. I saw someone run the Windows Diagnostic Tool so I downloaded it from  http://go.microsoft.com/fwlink/?linkid=52012 . I ran it and got results shown below. Not sure where to go from here. 

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-*****-*****-CCRXV

    Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=

    Windows Product ID: 55041-089-8916164-86999

    Windows Product ID Type: 6

    Windows License Type: Volume MAK

    Windows OS version: 6.1.7601.2.00010100.1.0.048

    ID: {66784CDB-47B2-4275-8DDA-B64FDB051511}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Professional

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.110622-1506

    TTS Error: 

    Validation Diagnostic: 

    Resolution Status: N/A

     

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

     

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Users\PapaProg\AppData\Local\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{66784CDB-47B2-4275-8DDA-B64FDB051511}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-089-8916164-86999</PID><PIDType>6</PIDType><SID>S-1-5-21-4092467384-3037088290-3243251233</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301   </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS><HWID>21A13A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

     

    Spsys.log Content: 0x80070002

     

    Licensing Data-->

    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.

    Error: 0x8002801D 

     

    Windows Activation Technologies-->

    HrOffline: 0x8004FE22

    HrOnline: N/A

    HealthStatus: 0x0000000000000800

    Event Time Stamp: 1:2:2012 07:54

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

     

     

    HWID Data-->

    HWID Hash Current: NgAAAAIABAABAAEAAgABAAAAAQABAAEAvOkcQPziX5qMJka8aGWENGwCQBIKgI3vlCJA1uqC

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x0

    OEMID and OEMTableID Consistent: yes

    BIOS Information: 

      ACPI Table Name OEMID Value OEMTableID Value

      APIC 092110 APIC1203

      FACP 092110 FACP1203

      HPET 092110 OEMHPET 

      MCFG 092110 OEMMCFG 

      OEMB 092110 OEMB1203

      OSFR 092110 OEMOSFR 

      SSDT DpgPmm CpuPm

      SLIC _ASUS_ Notebook

     

     

    Monday, January 2, 2012 1:25 PM

Answers

  • "PapaWu69" wrote in message news:c51fd18a-a5d7-4d15-98e0-2721cca91546...

    I just got the genuine Windows pop up message again. So it looks like the virus was not the cause. Please let me know how to continue to try and resolve the tampered file in the MGADiag report. I just ran the MGADiag  again to get a report while the message is still open.

     

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->


    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-*****-*****-CCRXV

    Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=

    Windows Product ID: 55041-089-8916164-86999

    Windows Product ID Type: 6

    Windows License Type: Volume MAK

     

    Still no change :(
    I think at this point it would be best for you to go to WGA Support for assistance – I suspect that this problem needs more hands-on assistance than we can provide in a forum context..
    WGA Support can be found here-
    North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4

    Outside North America:
    http://support.microsoft.com/contactus/?ws=support#tab0

    Please let us know if (and how) MS manage to repair the problem without a repair install of the OS - it would be useful for future reference!
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, January 4, 2012 8:22 AM
    Moderator

All replies

  • "PapaWu69" wrote in message news:aaa3837d-7f13-4739-a668-95f5402f000e...

    I bought my computer from Best Buy about 4-5 years ago and have had no problems with licensing. I started getting the pop up windows saying 'This computer is not running genuine Windows.' I havent recently installed anything and looked around for what to do. I saw someone run the Windows Diagnostic Tool so I downloaded it from  http://go.microsoft.com/fwlink/?linkid=52012 .. I ran it and got results shown below. Not sure where to go from here.

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-*****-*****-CCRXV

    Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=

    Windows Product ID: 55041-089-8916164-86999

    Windows Product ID Type: 6

    Windows License Type: Volume MAK

    Windows OS version: 6.1.7601.2.00010100.1.0.048

     

    Other data-->

    SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301   </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS

    Licensing Data-->

    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.

    Error: 0x8002801D 

     

    Windows Activation Technologies-->

    HrOffline: 0x8004FE22

    HrOnline: N/A

    HealthStatus: 0x0000000000000800

    Event Time Stamp: 1:2:2012 07:54

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x0

    OEMID and OEMTableID Consistent: yes

      SLIC _ASUS_ Notebook

     

     

     
     
     
    The License on this machine is a Volume license – which cannot be sold to the general public.
    The motherboard appears to be a Retail one – but has an ASUS SLIC table for Vista, and is dated long after Windows 7 was released (which could simply be because of BIOS updates).
     
    I suspect that this installation is non-genuine
     
    Please look for the COA sticker on the machine – what version and edition of Windows does it say the computer is licensed for?
    How did you upgrade to Windows 7? – If your license came from a purchase, it was a counterfeit.
    If your license came from your company, you should contact them for assistance.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Monday, January 2, 2012 1:35 PM
    Moderator
  • Well, since it was so long ago when this first started happening it may have started after I got a newer version of Windows from my school. The sticker on the side of the machine is for Windows Vista Home Premium but I updated it to Windows 7 Professional. It is definitely a valid license but does this error mean that I can only have Vista Home Premium on here?
    Monday, January 2, 2012 1:43 PM
  • "PapaWu69" wrote in message news:149fb11a-2425-4a21-966e-da9b64a65e56...
    Well, since it was so long ago when this first started happening it may have started after I got a newer version of Windows from my school. The sticker on the side of the machine is for Windows Vista Home Premium but I updated it to Windows 7 Professional. It is definitely a valid license but does this error mean that I can only have Vista Home Premium on here?
     
    It means that you need to
    1) fix the problem with the Tampered file in the report
    2) if fixing that doesn’t fix the non-genuine status, then you should ask the school for assistance.
    If both of the above fail, then you should reinstall Windows Vista, and then attempt a new upgrade to Win7 with the same Key you are currently using.
     
    Let’s try fixing the current problems -
    Unfortunately, you indicate that you’ve been getting the error for a long time, which rules out the easy solution of a System Restore back to before the problem arose, so we’ll have to try a few obvious tricks first.
     
    You have two error messages relevant – one of which is rare (the ‘0x8002801D'  one), and the other which can be a pain to track down, if it’s possible at all.
     
    I suspect that the solutions are related, but I’m  not sure where to start.
     
    Are you by any chance using Kaspersky as Anti-Virus?
    If so try uninstalling it, and see if the problem goes away.
    If not – what other malware/AV programs do you have installed?
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Monday, January 2, 2012 4:15 PM
    Moderator
  • I have Avast Internet Security running which was installed before the issue began. I also have Spybot S&D and Ad Aware which are constantly running (in sys tray). Occasionally I do a scan with Malwarebytes as well but I keep the system pretty clean so dont usually find much outside of cookies. 
    Monday, January 2, 2012 6:53 PM
  • "PapaWu69" wrote in message news:7035bcca-4c18-4d85-ae2a-1862f58ab39b...
    I have Avast Internet Security running which was installed before the issue began. I also have Spybot S&D and Ad Aware which are constantly running (in sys tray). Occasionally I do a scan with Malwarebytes as well but I keep the system pretty clean so dont usually find much outside of cookies.
     
    If you have all three of those running in the background, you have a case of overkill!
    Please first Uninstall AdAware  - IMHO it was one of the best pieces of anti-malware a few years ago, but is merely an also-ran nowadays. Reboot at least twice, and run another MGADiag report – check for the errors again.
     
    If no change, then uninstall Spybot, after disabling whatever protections you have enabled, reboot twice and check the MGADiag report again.
     
    If still no change, uninstall Avast, reboot twice and retest.
     
    If *still* no change, do the following
     
    Click on the Start button
    type in the Search box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator
    - the Elevated Command Prompt window should pop up
    At the Command prompt, type
    CHKDSK C: /R
    and hit the Enter key
    You will be told that the drive is locked, and the CHKDSK will run at he next boot - hit the Y key, and then reboot. The chkdsk will take a few hours depending on the size of the drive, so be patient!

    After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) - then run the SFC

    SFC -System File Checker - Instructions
    Click on the Start button
    type in the Search box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator
    - the Elevated Command Prompt window should pop up
    At the Command prompt, type

    SFC /SCANNOW

    and hit the Enter key
    Wait for the scan to finish - make a note of any error messages - and then reboot.

    run another MGADiag report, and post the results.
     
    You can then reinstall Avast ONLY until we have some kind of solution.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Monday, January 2, 2012 7:14 PM
    Moderator
  • ok so I uninstalled Ad Aware, rebooted twice and so far so good. I am going to be out for a few hours but will leave my computer on and see if the message pops up again. I am posting the MGADiag report which seems to show the same errors but we will see... if i see it when I return I will continue through your steps you previously stated (in order). Thanks in advance.

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-*****-*****-CCRXV

    Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=

    Windows Product ID: 55041-089-8916164-86999

    Windows Product ID Type: 6

    Windows License Type: Volume MAK

    Windows OS version: 6.1.7601.2.00010100.1.0.048

    ID: {66784CDB-47B2-4275-8DDA-B64FDB051511}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Professional

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.110622-1506

    TTS Error: 

    Validation Diagnostic: 

    Resolution Status: N/A

     

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

     

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Users\PapaProg\AppData\Local\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{66784CDB-47B2-4275-8DDA-B64FDB051511}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-089-8916164-86999</PID><PIDType>6</PIDType><SID>S-1-5-21-4092467384-3037088290-3243251233</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301   </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS><HWID>21A13A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

     

    Spsys.log Content: 0x80070002

     

    Licensing Data-->

    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.

    Error: 0x8002801D 

     

    Windows Activation Technologies-->

    HrOffline: 0x8004FE22

    HrOnline: N/A

    HealthStatus: 0x0000000000000800

    Event Time Stamp: 1:2:2012 07:54

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

     

     

    HWID Data-->

    HWID Hash Current: NgAAAAIABAABAAEAAgABAAAAAQABAAEAvOkcQPziX5qMJka8aGWENGwCQBIKgI3vlCJA1uqC

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x0

    OEMID and OEMTableID Consistent: yes

    BIOS Information: 

      ACPI Table Name OEMID Value OEMTableID Value

      APIC 092110 APIC1203

      FACP 092110 FACP1203

      HPET 092110 OEMHPET 

      MCFG 092110 OEMMCFG 

      OEMB 092110 OEMB1203

      OSFR 092110 OEMOSFR 

      SSDT DpgPmm CpuPm

      SLIC _ASUS_ Notebook

     

     

    Monday, January 2, 2012 8:44 PM
  • ok so I did all the things that you said and it seems I didnt find the cause yet. dskchk finished and didnt find anything, sfc "did not any integrity violations".  My last  MGADiag report is below and I think it is same as previous;y posted.

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->


    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-*****-*****-CCRXV

    Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=

    Windows Product ID: 55041-089-8916164-86999

    Windows Product ID Type: 6

    Windows License Type: Volume MAK

    Windows OS version: 6.1.7601.2.00010100.1.0.048

    ID: {66784CDB-47B2-4275-8DDA-B64FDB051511}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Professional

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.110622-1506

    TTS Error: 

    Validation Diagnostic: 

    Resolution Status: N/A


    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002


    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002


    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002


    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3


    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Users\PapaProg\AppData\Local\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed


    File Scan Data-->


    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{66784CDB-47B2-4275-8DDA-B64FDB051511}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-089-8916164-86999</PID><PIDType>6</PIDType><SID>S-1-5-21-4092467384-3037088290-3243251233</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301   </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS><HWID>21A13A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  


    Spsys.log Content: 0x80070002


    Licensing Data-->

    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.

    Error: 0x8002801D 


    Windows Activation Technologies-->

    HrOffline: 0x8004FE22

    HrOnline: N/A

    HealthStatus: 0x0000000000000800

    Event Time Stamp: 1:2:2012 07:54

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration



    HWID Data-->

    HWID Hash Current: NgAAAAIABAABAAEAAgABAAAAAQABAAEAvOkcQPziX5qMJka8aGWENGwCQBIKgI3vlCJA1uqC


    OEM Activation 1.0 Data-->

    N/A


    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x0

    OEMID and OEMTableID Consistent: yes

    BIOS Information: 

      ACPI Table Name OEMID Value OEMTableID Value

      APIC 092110 APIC1203

      FACP 092110 FACP1203

      HPET 092110 OEMHPET 

      MCFG 092110 OEMMCFG 

      OEMB 092110 OEMB1203

      OSFR 092110 OEMOSFR 

      SSDT DpgPmm CpuPm

      SLIC _ASUS_ Notebook


     

    Tuesday, January 3, 2012 10:19 AM
  • "PapaWu69" wrote in message news:876cfe4a-5ed6-430c-9cec-685d0f2c3ea6...

    ok so I did all the things that you said and it seems I didnt find the cause yet. dskchk finished and didnt find anything, sfc "did not any integrity violations".  My last  MGADiag report is below and I think it is same as previous;y posted.

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->


    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-*****-*****-CCRXV

    Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=

    Windows Product ID: 55041-089-8916164-86999

    Windows Product ID Type: 6

    Windows License Type: Volume MAK

    Windows OS version: 6.1.7601.2.00010100.1.0.048

     
     
    Unfortunately, you’re correct :(
     
    I take it that you’ve uninstalled all three security programs?
    please reinstall Avast, only for the moment.
     
    The Tampered file is probably the cause of the problem – please run the following commands and we’ll see if they bring anything to light
     
    ICACLS C:\Windows\System32\slui.exe
    ICACLS C:\Windows\System32\slui.exe.mui
     
    post the results....
     
    The fact that the file doesn’t appear in the File Mismatch list as well as the Tampered file list tends to indicate that there is no problem with the file itself – which is supported by the fact that SFC shows no problems.
    This means that either there is a permissions problem with one of the two files, or that a registry entry for it is pointing somewhere it shouldn’t.
    The commands should tell us about the permissions – we need to find any registry entries that pertain.
     
    The most obvious entries are in the following registry Keys
    HKLM\SOFTWARE\Classes\AppID\slui.exe
    HKLM\SOFTWARE\Classes\Wow6432Node\AppID\slui.exe
    HKCR\AppID\slui.exe
    HKCR\Wow6432Node\AppID\slui.exe
    In all cases, the Key contains a Value ‘AppID’ with the data {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
     
    please check that this is correct
     
    Please export the content of the Keys
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}
    HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}
    HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}
    HKCR\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}
    HKCR\Wow6432Node\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}
     
    and post the results in your response
    Hopefully, that will track things down!
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Proposed as answer by Darin Smith MS Tuesday, January 3, 2012 11:08 PM
    Tuesday, January 3, 2012 11:01 AM
    Moderator
  • ok so here is what I have done.. (rebooted twice after each step as u recommended). 
    i followed all the uninstall instructions you recommended including Avast I.S.  (temp no AV installed but Windows Defender was on & Action Center (in sys tray) had message that AV is needed) - MGADiag report no change
    I decided to run ESET AV online scanner next and it found a virus which I cannot remember name of but it was something to do with web/internet games which I had no idea was there and in a Program Files(x86) dir. --- MGADiag report had no change.
    Editfound the ESET AV log I saved:
    C:\Program Files (x86)\hkVJbNV\04X1h23E.cpl a variant of Win32/Sefnit.AO trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\Retrogamer_2zEI\Installr\1.bin\2zEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    I have not yet seen the genuine windows notification pop up after virus removal but the MGADiag still shows has no change
    ------------------------------------------------------------------------------------------------------
    Next I ran your commands with these results:
    ------------------------------------------------------------------------------------------------------
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
    C:\Windows\system32>ICACLS c:\Windows\System32\slui.exe
    c:\Windows\System32\slui.exe NT SERVICE\TrustedInstaller:(F)
                                 BUILTIN\Administrators:(RX)
                                 NT AUTHORITY\SYSTEM:(RX)
                                 BUILTIN\Users:(RX)
    Successfully processed 1 files; Failed processing 0 files
    C:\Windows\system32>ICACLS c:\Windows\System32\slui.exe.mui
    c:\Windows\System32\slui.exe.mui: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files
    C:\Windows\system32>
    ------------------------------------------------------------------------------------------------------
    Key values checked (through regedit) for Value ‘AppID’ with the data {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
    HKLM\SOFTWARE\Classes\AppID\slui.exe -------------------------------- Y
    HKLM\SOFTWARE\Classes\Wow6432Node\AppID\slui.exe --------------  Y
    HKCR\AppID\slui.exe ------------------------------------------------------- Y
    HKCR\Wow6432Node\AppID\slui.exe ------------------------------------- Y
    ------------------------------------------------------------------------------------------------------
    Exported key content
    (exported locally  opened & copied with notepad)
    ------------------------------------------------------------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}]
    @="sppui"
    "AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\
      00,00,02,00,30,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,\
      05,0a,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\
      01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\
      00,00,00,20,02,00,00
    "LaunchPermission"=hex:01,00,04,80,30,00,00,00,40,00,00,00,00,00,00,00,14,00,\
      00,00,02,00,1c,00,01,00,00,00,00,00,14,00,1f,00,00,00,01,01,00,00,00,00,00,\
      01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,\
      00,00,00,05,20,00,00,00,20,02,00,00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}]
    @="sppui"
    "AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\
      00,00,02,00,30,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,\
      05,0a,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\
      01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\
      00,00,00,20,02,00,00
    "LaunchPermission"=hex:01,00,04,80,30,00,00,00,40,00,00,00,00,00,00,00,14,00,\
      00,00,02,00,1c,00,01,00,00,00,00,00,14,00,1f,00,00,00,01,01,00,00,00,00,00,\
      01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,\
      00,00,00,05,20,00,00,00,20,02,00,00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}]
    @="sppui"
    "AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\
      00,00,02,00,30,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,\
      05,0a,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\
      01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\
      00,00,00,20,02,00,00
    "LaunchPermission"=hex:01,00,04,80,30,00,00,00,40,00,00,00,00,00,00,00,14,00,\
      00,00,02,00,1c,00,01,00,00,00,00,00,14,00,1f,00,00,00,01,01,00,00,00,00,00,\
      01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,\
      00,00,00,05,20,00,00,00,20,02,00,00
    [HKEY_CLASSES_ROOT\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}]
    @="sppui"
    "AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\
      00,00,02,00,30,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,\
      05,0a,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\
      01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\
      00,00,00,20,02,00,00
    "LaunchPermission"=hex:01,00,04,80,30,00,00,00,40,00,00,00,00,00,00,00,14,00,\
      00,00,02,00,1c,00,01,00,00,00,00,00,14,00,1f,00,00,00,01,01,00,00,00,00,00,\
      01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,\
      00,00,00,05,20,00,00,00,20,02,00,00                  
    [HKEY_CLASSES_ROOT\Wow6432Node\AppID\{CCFDD24D-CEAB-458B-A4F1-F884973395DF}]
    @="sppui"
    "AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\
      00,00,02,00,30,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,\
      05,0a,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\
      01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\
      00,00,00,20,02,00,00
    "LaunchPermission"=hex:01,00,04,80,30,00,00,00,40,00,00,00,00,00,00,00,14,00,\
      00,00,02,00,1c,00,01,00,00,00,00,00,14,00,1f,00,00,00,01,01,00,00,00,00,00,\
      01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,\
      00,00,00,05,20,00,00,00,20,02,00,00
    Avast I.S. re-installed
    Latest report for record: (no change from previous) but have not yet seen the genuine Windows message (after virus removal) even though tampered file
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-*****-*****-CCRXV
    Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=
    Windows Product ID: 55041-089-8916164-86999
    Windows Product ID Type: 6
    Windows License Type: Volume MAK
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {66784CDB-47B2-4275-8DDA-B64FDB051511}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\PapaProg\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{66784CDB-47B2-4275-8DDA-B64FDB051511}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-089-8916164-86999</PID><PIDType>6</PIDType><SID>S-1-5-21-4092467384-3037088290-3243251233</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301   </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS><HWID>21A13A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  
    Spsys.log Content: 0x80070002
    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.
    Error: 0x8002801D 
    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 1:2:2012 07:54
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    HWID Data-->
    HWID Hash Current: NgAAAAIABAABAAEAAgABAAAAAQABAAEAvOkcQPziX5qMJka8aGWENGwCQBIKgI3vlCJA1uqC
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC 092110 APIC1203
      FACP 092110 FACP1203
      HPET 092110 OEMHPET 
      MCFG 092110 OEMMCFG 
      OEMB 092110 OEMB1203
      OSFR 092110 OEMOSFR 
      SSDT DpgPmm CpuPm
      SLIC _ASUS_ Notebook
    Hopefully I posted & bolded everything here to make it easy to understand. I have not seen the genuine Windows msg for an hour or so but I will post this, reboot and then see if I get it as i wait for your response...



    • Edited by PapaWu69 Tuesday, January 3, 2012 9:22 PM
    Tuesday, January 3, 2012 9:08 PM
  • I just got the genuine Windows pop up message again. So it looks like the virus was not the cause. Please let me know how to continue to try and resolve the tampered file in the MGADiag report. I just ran the MGADiag  again to get a report while the message is still open.

     

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->


    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-*****-*****-CCRXV

    Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=

    Windows Product ID: 55041-089-8916164-86999

    Windows Product ID Type: 6

    Windows License Type: Volume MAK

    Windows OS version: 6.1.7601.2.00010100.1.0.048

    ID: {66784CDB-47B2-4275-8DDA-B64FDB051511}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Professional

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.110622-1506

    TTS Error: 

    Validation Diagnostic: 

    Resolution Status: N/A


    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002


    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002


    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002


    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3


    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Users\PapaProg\AppData\Local\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed


    File Scan Data-->


    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{66784CDB-47B2-4275-8DDA-B64FDB051511}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-089-8916164-86999</PID><PIDType>6</PIDType><SID>S-1-5-21-4092467384-3037088290-3243251233</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1301   </Version><SMBIOSVersion major="2" minor="5"/><Date>20100921000000.000000+000</Date></BIOS><HWID>21A13A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  


    Spsys.log Content: 0x80070002


    Licensing Data-->

    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8002801D' to display the error text.

    Error: 0x8002801D 


    Windows Activation Technologies-->

    HrOffline: 0x8004FE22

    HrOnline: N/A

    HealthStatus: 0x0000000000000800

    Event Time Stamp: 1:3:2012 22:04

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration



    HWID Data-->

    HWID Hash Current: OAAAAAIABAABAAEAAgABAAAAAgABAAEAvOkcQPziX5qMJka8aGWENGwCQBIKgI3vlCJA1nm36oI=


    OEM Activation 1.0 Data-->

    N/A


    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x0

    OEMID and OEMTableID Consistent: yes

    BIOS Information: 

      ACPI Table Name OEMID Value OEMTableID Value

      APIC 092110 APIC1203

      FACP 092110 FACP1203

      HPET 092110 OEMHPET 

      MCFG 092110 OEMMCFG 

      OEMB 092110 OEMB1203

      OSFR 092110 OEMOSFR 

      SSDT DpgPmm CpuPm

      SLIC _ASUS_ Notebook


     

     

    Wednesday, January 4, 2012 3:09 AM
  • "PapaWu69" wrote in message news:c51fd18a-a5d7-4d15-98e0-2721cca91546...

    I just got the genuine Windows pop up message again. So it looks like the virus was not the cause. Please let me know how to continue to try and resolve the tampered file in the MGADiag report. I just ran the MGADiag  again to get a report while the message is still open.

     

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->


    Validation Code: 0x8004FE22

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-*****-*****-CCRXV

    Windows Product Key Hash: dCSbnnmXJeuw1geAiZfVTcnLYrA=

    Windows Product ID: 55041-089-8916164-86999

    Windows Product ID Type: 6

    Windows License Type: Volume MAK

     

    Still no change :(
    I think at this point it would be best for you to go to WGA Support for assistance – I suspect that this problem needs more hands-on assistance than we can provide in a forum context..
    WGA Support can be found here-
    North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4

    Outside North America:
    http://support.microsoft.com/contactus/?ws=support#tab0

    Please let us know if (and how) MS manage to repair the problem without a repair install of the OS - it would be useful for future reference!
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, January 4, 2012 8:22 AM
    Moderator
  • I will work with them and let you know. I also read about how it could be because of some race condition between two AV progs (or one AV and one spyware prog aka Windows Defender) so I removed Avast and ran it for a while without. I still got message and same diagnosic report. I installed a dif AV prog (ESET Smart SEcurity 5) same result...
    Wednesday, January 4, 2012 10:23 PM
  • "PapaWu69" wrote in message news:a6f2a6a3-6fc9-441e-91fc-a1b25fa200ab...
    I will work with them and let you know. I also read about how it could be because of some race condition between two AV progs (or one AV and one spyware prog aka Windows Defender) so I removed Avast and ran it for a while without. I still got message and same diagnosic report. I installed a dif AV prog (ESET Smart SEcurity 5) same result...
     
    Your problem is not a race condition – such beasts will disappear after a reboot, and then return (or not) at random. They also tend not to give constant errors in the MGADiag report.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, January 4, 2012 10:41 PM
    Moderator