Answered by:
Windows 7 showing as not genuine (but it is!)

Question
-
Bought and installed windows 7 (upgraded from genuine Windows Vista that came with the computer) as part of the Microsoft Student Offer.
Has been running without any issues since September 2010. Suddenly it's showing that my windows is not genuine and when I run the "slui.exe 4" and chose "Go online and resolve". It shows up as "Windows validation was interrupted. The validation service is not available at this time. Please try validation again later." I didn't get the option to choose my country and phone an agent.
Searched up online and found people talking about running the Microsoft Genuine Advantage diagnostic tool. Here's the diagnostic report.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G
Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=
Windows Product ID: 00371-153-6216204-85958
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {A55987CB-AABF-4B85-AE3E-D05973DD3665}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7600.win7_gdr.101026-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A55987CB-AABF-4B85-AE3E-D05973DD3665}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PF98G</PKey><PID>00371-153-6216204-85958</PID><PIDType>5</PIDType><SID>S-1-5-21-2465600432-425639871-9859183</SID><SYSTEM><Manufacturer>ACER</Manufacturer><Model>Aspire M1640</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-B4</Version><SMBIOSVersion major="2" minor="5"/><Date>20080911000000.000000+000</Date></BIOS><HWID>29BA3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>62ACA3BC2FA4D86</Val><Hash>OEN30C9r7K+ibEK9M3u714GFOIA=</Hash><Pid>89388-707-1421247-65951</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-153-621620-01-1033-7600.0000-0502011
Installation ID: 005790818052911491948490451413167331943685246280868770
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: PF98G
License Status: Unlicensed
Remaining Windows rearm count: 3
Trusted time: 2/19/2011 10:43:38 PMWindows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:8:2011 21:57
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAEAAgADAAAAAQABAAEAeqj6CxRp7MU6E/Iw1PAWsJK8ilJwyhXx6UsqhQ==OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 091108 APIC1058
FACP 091108 FACP1058
HPET 091108 OEMHPET0
MCFG 091108 OEMMCFG
WDRT 091108 NV-WDRT
SLIC ACRSYS ACRPRDCT
OEMB 091108 OEMB1058
NVHD 091108 NVHDCP
AWMI 091108 OEMB1058
SSDT DpgPmm CpuPmPlease help me! Thanks in advance.
Sunday, February 20, 2011 6:56 AM
Answers
-
"wowo9" wrote in message news:b4094bde-fec9-49c0-a6a7-e4f64474bd0a...
Bought and installed windows 7 (upgraded from genuine Windows Vista that came with the computer) as part of the Microsoft Student Offer.
Has been running without any issues since September 2010. Suddenly it's showing that my windows is not genuine and when I run the "slui.exe 4" and chose "Go online and resolve". It shows up as "Windows validation was interrupted. The validation service is not available at this time. Please try validation again later." I didn't get the option to choose my country and phone an agent.
Searched up online and found people talking about running the Microsoft Genuine Advantage diagnostic tool. Here's the diagnostic report.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G
Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=
Windows Product ID: 00371-153-6216204-85958
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
Please help me! Thanks in advance.
It would appear that somehow your apparently-genuine installation has been affected by a hacker's Loader program (that's the 0xC004C4A8 error) - also called by MS an Activation Exploit. Such a program is usually used to fool the computer into working with an OEM license from a different manufacturer to the original one, or a machine from a different range to the original one.
As such it would indicate that something may have got past your security software (although most security software appears not to look for Loaders).
Your key is apparently genuine (Darin can confirm/deny that when he gets a chance to look at it), and since it's retail, it doesn't need a hack to be able to load into any machine.
I suggest that you use phone an Activation Center and ask for assistance - use one of the numbers in this list
http://www.microsoft.com/licensing/existing-customers/activation-centers.aspx
(they are for Volume licensing - but they will assist you) explain your problem to them, and see if they can help.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked as answer by wowo9 Sunday, February 20, 2011 10:05 PM
Sunday, February 20, 2011 10:50 AMModerator
All replies
-
"wowo9" wrote in message news:b4094bde-fec9-49c0-a6a7-e4f64474bd0a...
Bought and installed windows 7 (upgraded from genuine Windows Vista that came with the computer) as part of the Microsoft Student Offer.
Has been running without any issues since September 2010. Suddenly it's showing that my windows is not genuine and when I run the "slui.exe 4" and chose "Go online and resolve". It shows up as "Windows validation was interrupted. The validation service is not available at this time. Please try validation again later." I didn't get the option to choose my country and phone an agent.
Searched up online and found people talking about running the Microsoft Genuine Advantage diagnostic tool. Here's the diagnostic report.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G
Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=
Windows Product ID: 00371-153-6216204-85958
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
Please help me! Thanks in advance.
It would appear that somehow your apparently-genuine installation has been affected by a hacker's Loader program (that's the 0xC004C4A8 error) - also called by MS an Activation Exploit. Such a program is usually used to fool the computer into working with an OEM license from a different manufacturer to the original one, or a machine from a different range to the original one.
As such it would indicate that something may have got past your security software (although most security software appears not to look for Loaders).
Your key is apparently genuine (Darin can confirm/deny that when he gets a chance to look at it), and since it's retail, it doesn't need a hack to be able to load into any machine.
I suggest that you use phone an Activation Center and ask for assistance - use one of the numbers in this list
http://www.microsoft.com/licensing/existing-customers/activation-centers.aspx
(they are for Volume licensing - but they will assist you) explain your problem to them, and see if they can help.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked as answer by wowo9 Sunday, February 20, 2011 10:05 PM
Sunday, February 20, 2011 10:50 AMModerator -
I was digging around looking for answers on this forum and I think I found out why. I was upgrading from a 32bit Vista to a 64bit Windows 7. During installation it advised me to do an "Custom Install" instead of doing an "Upgrade" as the 32bit cannot be upgraded to 64bit version directly. Therefore I believe Windows 7 was flagged as a "Clean install" but my CD-key was actually just for an upgrade.
I followed the instructions on the link at the second last post. http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/a5e74b50-95a9-4da9-a86c-11e71ad82e73/
Here's the latest diagnostic report. Can you guys please verify that it's all a-okay now? Thanks.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G
Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=
Windows Product ID: 00371-153-6216204-85818
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {A55987CB-AABF-4B85-AE3E-D05973DD3665}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7600.win7_rtm.090713-1255
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A55987CB-AABF-4B85-AE3E-D05973DD3665}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PF98G</PKey><PID>00371-153-6216204-85818</PID><PIDType>5</PIDType><SID>S-1-5-21-2465600432-425639871-9859183</SID><SYSTEM><Manufacturer>ACER</Manufacturer><Model>Aspire M1640</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-B4</Version><SMBIOSVersion major="2" minor="5"/><Date>20080911000000.000000+000</Date></BIOS><HWID>29BA3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>62ACA3BC2FA4D86</Val><Hash>OEN30C9r7K+ibEK9M3u714GFOIA=</Hash><Pid>89388-707-1421247-65951</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-153-621620-01-1033-7600.0000-0512011
Installation ID: 006572459104027132522201395673250246498072932186362820
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: PF98G
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 2/20/2011 12:43:40 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:8:2011 21:57
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAEAAgADAAAAAQABAAEAJJT6CxRpOhPsxfIw1PCSvBawilJwyhXx6UsqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 091108 APIC1058
FACP 091108 FACP1058
HPET 091108 OEMHPET0
MCFG 091108 OEMMCFG
WDRT 091108 NV-WDRT
SLIC ACRSYS ACRPRDCT
OEMB 091108 OEMB1058
NVHD 091108 NVHDCP
AWMI 091108 OEMB1058
SSDT DpgPmm CpuPm
Sunday, February 20, 2011 8:43 PM -
"wowo9" wrote in message news:3139830b-672a-4751-be83-8de588750422...
I was digging around looking for answers on this forum and I think I found out why. I was upgrading from a 32bit Vista to a 64bit Windows 7. During installation it advised me to do an "Custom Install" instead of doing an "Upgrade" as the 32bit cannot be upgraded to 64bit version directly. Therefore I believe Windows 7 was flagged as a "Clean install" but my CD-key was actually just for an upgrade.
I followed the instructions on the link at the second last post. http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/a5e74b50-95a9-4da9-a86c-11e71ad82e73/
Here's the latest diagnostic report. Can you guys please verify that it's all a-okay now? Thanks.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G
Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=
Windows Product ID: 00371-153-6216204-85818
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
Your error message would NOT have been caused simply by the problems you say - there was a definite indication of the presence of a Hack.That seems to have gone, with the reinstall (which has also reset the rearm count)You need to visit the Validation site to reset the WAT system - which should get rid of the two file mismatches above - http://www.microsoft.com/genuine/validateand then post back with another MGADiag report.You need to be aware that there is a high probability that your installation of Office is non-genuine - it's an edition that is sold only in bulk to organisations for use on their own PC's.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothSunday, February 20, 2011 9:02 PMModerator -
Thanks for the help. I agree it's possible that the re-install got rid of the hack. As for the re-arm count, what exactly is a "re-arm"?
Yes I'm aware of my Office as I got a copy from my workplace. (I know I should get my own :P)
Here's the latest diagnostic report and it did get rid of the file mismatches.
Really appreciate all the help! :)
Diagnostic Report (1.9.0027.0):-----------------------------------------Windows Validation Data-->
Validation Code: 0Cached Online Validation Code: 0x0Windows Product Key: *****-*****-JGRW4-VMFY2-PF98GWindows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=Windows Product ID: 00371-153-6216204-85818Windows Product ID Type: 5Windows License Type: RetailWindows OS version: 6.1.7600.2.00010100.0.0.048ID: {A55987CB-AABF-4B85-AE3E-D05973DD3665}(3)Is Admin: YesTestCab: 0x0LegitcheckControl ActiveX: N/A, hr = 0x80070002Signed By: N/A, hr = 0x80070002Product Name: Windows 7 ProfessionalArchitecture: 0x00000009Build lab: 7600.win7_rtm.090713-1255TTS Error:Validation Diagnostic:Resolution Status: N/A
Vista WgaER Data-->ThreatID(s): N/A, hr = 0x80070002Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->Cached Result: N/A, hr = 0x80070002File Exists: NoVersion: N/A, hr = 0x80070002WgaTray.exe Signed By: N/A, hr = 0x80070002WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->Cached Result: N/A, hr = 0x80070002Version: N/A, hr = 0x80070002OGAExec.exe Signed By: N/A, hr = 0x80070002OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->Office Status: 100 GenuineMicrosoft Office Enterprise 2007 - 100 GenuineOGA Version: N/A, 0x80070002Signed By: N/A, hr = 0x80070002Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->Proxy settings: N/AUser Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exeDownload signed ActiveX controls: PromptDownload unsigned ActiveX controls: DisabledRun ActiveX controls and plug-ins: AllowedInitialize and script ActiveX controls not marked as safe: DisabledAllow scripting of Internet Explorer Webbrowser control: DisabledActive scripting: AllowedScript ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->Office Details: <GenuineResults><MachineData><UGUID>{A55987CB-AABF-4B85-AE3E-D05973DD3665}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PF98G</PKey><PID>00371-153-6216204-85818</PID><PIDType>5</PIDType><SID>S-1-5-21-2465600432-425639871-9859183</SID><SYSTEM><Manufacturer>ACER</Manufacturer><Model>Aspire M1640</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-B4</Version><SMBIOSVersion major="2" minor="5"/><Date>20080911000000.000000+000</Date></BIOS><HWID>29BA3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>62ACA3BC2FA4D86</Val><Hash>OEN30C9r7K+ibEK9M3u714GFOIA=</Hash><Pid>89388-707-1421247-65951</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, Professional editionDescription: Windows Operating System - Windows(R) 7, RETAIL channelActivation ID: e838d943-63ed-4a0b-9fb1-47152908acc9Application ID: 55c92734-d682-4d71-983e-d6ec3f16059fExtended PID: 00371-00170-153-621620-01-1033-7600.0000-0512011Installation ID: 006572459104027132522201395673250246498072932186362820Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340Partial Product Key: PF98GLicense Status: LicensedRemaining Windows rearm count: 2Trusted time: 2/20/2011 1:11:18 PM
Windows Activation Technologies-->HrOffline: 0x00000000HrOnline: 0x00000000HealthStatus: 0x0000000000000000Event Time Stamp: 2:20:2011 13:09ActiveX: Registered, Version: 7.1.7600.16395Admin Service: Registered, Version: 7.1.7600.16395HealthStatus Bitmask Output:
HWID Data-->HWID Hash Current: NAAAAAEAAgABAAEAAgADAAAAAQABAAEAJJT6CxRpOhPsxfIw1PCSvBawilJwyhXx6UsqhQ==
OEM Activation 1.0 Data-->N/A
OEM Activation 2.0 Data-->BIOS valid for OA 2.0: yesWindows marker version: 0x0OEMID and OEMTableID Consistent: yesBIOS Information:ACPI Table Name OEMID Value OEMTableID ValueAPIC 091108 APIC1058FACP 091108 FACP1058HPET 091108 OEMHPET0MCFG 091108 OEMMCFGWDRT 091108 NV-WDRTSLIC ACRSYS ACRPRDCTOEMB 091108 OEMB1058NVHD 091108 NVHDCPAWMI 091108 OEMB1058SSDT DpgPmm CpuPm
Sunday, February 20, 2011 9:15 PM -
"wowo9" wrote in message news:e0402d48-7b05-41ef-a959-bdd816d7a701...Thanks for the help. I agree it's possible that the re-install got rid of the hack. As for the re-arm count, what exactly is a "re-arm"?
Yes I'm aware of my Office as I got a copy from my workplace. (I know I should get my own :P)
Here's the latest diagnostic report and it did get rid of the file mismatches.
Really appreciate all the help! :)
Diagnostic Report (1.9.0027.0):-----------------------------------------Windows Validation Data-->
Validation Code: 0Cached Online Validation Code: 0x0Windows Product Key: *****-*****-JGRW4-VMFY2-PF98GWindows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=Windows Product ID: 00371-153-6216204-85818Windows Product ID Type: 5Windows License Type: RetailWindows OS version: 6.1.7600.2.00010100.0.0.048
OK - all is looking good.What you need to do is to thoroughly check your system for malware, since often the Key Hacks come with very-much-unwanted hangers-on.I would suggest an online scan with at least two AV's and a full system scan with Malwarebytes Anti-Malware in safe mode.The re-arm count is the number of times you can delay a non-genuine notification for the standard time delay (usually 30 days).
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothSunday, February 20, 2011 9:42 PMModerator -
The antivirus that's running is MSE. Doing a scan now and will check for malware and do additional scans as advised.
Thanks again for the help!
Sunday, February 20, 2011 10:05 PM -
To answer your question about the rearm count, the initial 30 day evaluation period can be extended up to 3 times. That is called rearming. Your system has been rearmed once, leaving two more times availaible. Once activated there is little reason to rearm so don't be concerned about it.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.Sunday, February 20, 2011 10:09 PMAnswerer