Answered by:
Got a worm / virus now Windows 7 says it isn't genuine

Question
-
Two days ago I was browsing reddit when MSE popped up and warned of a virus threat (turns out I was not the only one, as evidenced by this notice by the reddit webmaster: http://www.reddit.com/r/announcements/comments/e7988/a_number_of_reddit_users_have_reported_finding/ )
After MSE scrubbed my system - also cleaning up win23.generic worm - I have gotten the notice that my copy of windows is not genuine - which can't be the case, since I had it (pre)ordered from Amazon before it came out - my MGA diagnostic is below - any insight would be much appreciated!
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0x80070424
Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
Windows Product ID: 00371-152-6913745-85203
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{61063159-DC7C-440F-9D6A-5CF08B5E15E2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XYD3X</PKey><PID>00371-152-6913745-85203</PID><PIDType>5</PIDType><SID>S-1-5-21-1018102580-3443348336-2581077052</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20100205000000.000000+000</Date></BIOS><HWID>08143507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070424' to display the error text.
Error: 0x80070424
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:18:2010 14:49
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070424
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: PAAAAAIABgABAAEAAAADAAAAAgABAAEAonbu60R49MMMNUa85L+ENAiFwo/EixwhYj0qzz31sl52d0bK
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
EUDS GBT
TAMG GBT GBT B0
SSDT PmRef CpuPm
Friday, November 19, 2010 4:52 PM
Answers
-
Type cmd in the search box of the start menu, right click on the icon that appears and select run as administrator. At the prompt type SFC /SCANNOW and follow the prompts, reboot if neccesary and let us know of any errors or messages you recieve. After rebooting visit www.microsoft.com/genuine and attempt to validate.
if that does not work try the following
Type system restore in the search box, click on the relulting program, follow the wizards instructions to restore, choose a restore point prior to your non-genuine status by atleast a day or two. BE CAREFUL that you do not restore to a point that you may have been infected.
If that does not work go to the following link and start a no cost support incident. http://support.microsoft.com/gp/contactwga
I have a suspicion that you will end up using the third option of creating a no cost support incident.
- Proposed as answer by Darin Smith MS Friday, November 19, 2010 7:57 PM
- Marked as answer by Darin Smith MS Wednesday, November 24, 2010 11:21 PM
Friday, November 19, 2010 6:29 PM
All replies
-
Type cmd in the search box of the start menu, right click on the icon that appears and select run as administrator. At the prompt type SFC /SCANNOW and follow the prompts, reboot if neccesary and let us know of any errors or messages you recieve. After rebooting visit www.microsoft.com/genuine and attempt to validate.
if that does not work try the following
Type system restore in the search box, click on the relulting program, follow the wizards instructions to restore, choose a restore point prior to your non-genuine status by atleast a day or two. BE CAREFUL that you do not restore to a point that you may have been infected.
If that does not work go to the following link and start a no cost support incident. http://support.microsoft.com/gp/contactwga
I have a suspicion that you will end up using the third option of creating a no cost support incident.
- Proposed as answer by Darin Smith MS Friday, November 19, 2010 7:57 PM
- Marked as answer by Darin Smith MS Wednesday, November 24, 2010 11:21 PM
Friday, November 19, 2010 6:29 PM -
"TKildren" wrote in message news:b82e417c-af7e-461a-8d06-c48e6c7e8196...
Two days ago I was browsing reddit when MSE popped up and warned of a virus threat (turns out I was not the only one, as evidenced by this notice by the reddit webmaster: http://www.reddit.com/r/announcements/comments/e7988/a_number_of_reddit_users_have_reported_finding/ )
After MSE scrubbed my system - also cleaning up win23.generic worm - I have gotten the notice that my copy of windows is not genuine - which can't be the case, since I had it (pre)ordered from Amazon before it came out - my MGA diagnostic is below - any insight would be much appreciated!
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0x80070424
Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
Windows Product ID: 00371-152-6913745-85203
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070424' to display the error text.
Error: 0x80070424
Your problem is caused by the error message above - which translates as 'The specified service does not exist as an installed service' - which doesn't tell us a whole lot.Since there's no File Mismatches, or any other obvious signs of corruption, it may be that one of the Windows Services has been removed from the running services somehow, by your virus.Please open the Services Control panel and see that the following services are present, and set to run in the right way :-Software Protection Service - Automatic, delayed startSPP Notification Service - ManualBoth should be running.If both are present and running, please try using he System File Checker to see if that can fix your problem.System File Checker - Instructions
Click on the Start button
type in the Search box
CMD.EXE
right-click on the only file that is found
Select Run as Administrator
- the Elevated Command Prompt window should pop up
At the Command prompt, type
SFC /SCANNOW
and hit the Enter key
Wait for the scan to finish - make a note of any error messages - and then reboot
Visit the Validation site http://www.microsoft.com/genuine and attempt to Validate Windows - again, make a note of error messages.
Reboot.
Run MGADiag again, and post the report, and error messages in your reply.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Proposed as answer by Darin Smith MS Friday, November 19, 2010 7:57 PM
Friday, November 19, 2010 6:32 PMModerator -
Hi Carl,
SFC/ scannow did not return any errors - sys restore looks like its missing a service, am taking route 3, am I emailing / calling customer service? should I include the same info as above?
Thanks for your help!
T.
Saturday, November 20, 2010 2:41 PM -
Hi Noel,
Tried your first suggestion - the service Software Protection Service isn't even listed (SPP is, and is as it should be)
sfc/scannow yielded nothing
Saturday, November 20, 2010 2:44 PM -
Yes, option three is the only thing I can suggest at this time. Refer them to this thread and the fact that software protection is not listed as a service.Saturday, November 20, 2010 4:55 PM
-
ok, so why after 3 months, a complete re-install, would I be plagues with this YET AGAIN?? Watermark just reappeared again!Friday, January 21, 2011 2:59 AM
-
"TKildren" wrote in message news:d51146e4-493e-4beb-9987-0e18960a068a...ok, so why after 3 months, a complete re-install, would I be plagues with this YET AGAIN?? Watermark just reappeared again!
Please post a new MGADiag report.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothFriday, January 21, 2011 8:58 AMModerator -
here is the result:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070057
Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
Windows Product ID: 00371-152-6913745-85692
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{61063159-DC7C-440F-9D6A-5CF08B5E15E2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XYD3X</PKey><PID>00371-152-6913745-85692</PID><PIDType>5</PIDType><SID>S-1-5-21-1018102580-3443348336-2581077052</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20100205000000.000000+000</Date></BIOS><HWID>08143507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Error: 0x5 Access denied: the requested action requires elevated privileges
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:25:2010 12:04
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070424
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: PAAAAAIABgABAAEAAAADAAAAAgABAAEAonbu60R49MMMNUa85L+ENAiFwo/EixwhYj0qzz31sl52d0bK
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
EUDS GBT
TAMG GBT GBT B0
SSDT PmRef CpuPm
Friday, January 21, 2011 1:05 PM -
"TKildren" wrote in message news:cdf40324-8733-47e6-a193-c3b68faff4cd...
here is the result:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070057
Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
Windows Product ID: 00371-152-6913745-85692
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
Is Admin: Yes
TestCab: 0x0
Licensing Data-->
Error: 0x5 Access denied: the requested action requires elevated privileges
You would appear to have run this in a Limited User account? If not, then you have permissions problems from somewhere.Silly question #1: Are you using, or have you EVER used a Registry cleaner/optimiser on this system since the reinstall?Silly question #2: What Security software are you running? (I don't *think* it'd be an issue, but....)
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothFriday, January 21, 2011 2:16 PMModerator -
I do use glary utilities - mostly for cleaning disk space - its on a schedule, one button cleaning solution - assume it has a reg cleaner in it. Also, I use MS Security Essentials for day to day stuff, Malwarebytes Anti-Malware for the occasional in depth scan.
Guessing you're going to suggest stop using reg-cleaner, is there one you recommend?
Friday, January 21, 2011 2:27 PM -
"TKildren" wrote in message news:412b25ef-ab2a-4828-b54b-099731c2d3d4...
I do use glary utilities - mostly for cleaning disk space - its on a schedule, one button cleaning solution - assume it has a reg cleaner in it. Also, I use MS Security Essentials for day to day stuff, Malwarebytes Anti-Malware for the occasional in depth scan.
Guessing you're going to suggest stop using reg-cleaner, is there one you recommend?
UNDO anything that Glary has done to your registry! (I sincerely hope it keeps backups?), then reboot a couple of times and see if the MGADiag report changes. Then UNINSTALL Glary, and learn how to maintain your system for yourself.A couple of minutes a day spent maintaining the system is a lot less hassle than repairing the screw-ups made by snake-oil products such as registry clesners. There's almost nothing in Glary that isn't already present in Windows, or available in better form for free elsewhere.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothFriday, January 21, 2011 2:50 PMModerator -
ok done - new mga:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0x80070057
Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
Windows Product ID: 00371-152-6913745-85692
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{61063159-DC7C-440F-9D6A-5CF08B5E15E2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XYD3X</PKey><PID>00371-152-6913745-85692</PID><PIDType>5</PIDType><SID>S-1-5-21-1018102580-3443348336-2581077052</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20100205000000.000000+000</Date></BIOS><HWID>08143507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Error: 0x5 Access denied: the requested action requires elevated privileges
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:25:2010 12:04
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070424
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: PAAAAAIABgABAAEAAAADAAAAAgABAAEAonbu60R49MMMNUa85L+ENAiFwo/EixwhYj0qzz31sl52d0bK
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
EUDS GBT
TAMG GBT GBT B0
SSDT PmRef CpuPm
Friday, January 21, 2011 4:02 PM -
"TKildren" wrote in message news:bec1442d-73ae-4efd-83b4-d024f5248e4a...
ok done - new mga:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0x80070057
Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
Windows Product ID: 00371-152-6913745-85692
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
Licensing Data-->
Error: 0x5 Access denied: the requested action requires elevated privileges
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:25:2010 12:04
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070424
HealthStatus Bitmask Output:
Unfortunately, nothing seems to have changed - and this is an error I've not come across before, so I'm groping in the dark (Google is unusually devoid of references as well!)try this....Try going to Programs - Installed Updates.Look for the WAT update KB971033 - uninstall it.Then go to Windows Updates, check for updates, and you should be offered 971033 again - install it, and try and re-validate your machine at http://www.microsoft.com/genuine/validate - then run another MGADiag report.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothFriday, January 21, 2011 5:10 PMModerator -
got nothing-
Files that Windows needs to work properly have been modified, removed, or disabled. To resolve, you need to install genuine Windows. Not to worry, we can help you with that.
here is the new MGA:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0x80070057
Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
Windows Product ID: 00371-152-6913745-85692
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{61063159-DC7C-440F-9D6A-5CF08B5E15E2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XYD3X</PKey><PID>00371-152-6913745-85692</PID><PIDType>5</PIDType><SID>S-1-5-21-1018102580-3443348336-2581077052</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20100205000000.000000+000</Date></BIOS><HWID>08143507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Error: 0x5 Access denied: the requested action requires elevated privileges
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 1:21:2011 17:12
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc
HWID Data-->
HWID Hash Current: PAAAAAIABgABAAEAAAADAAAAAgABAAEAonbu60R49MMMNUa85L+ENAiFwo/EixwhYj0qzz31sl52d0bK
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
EUDS GBT
TAMG GBT GBT B0
SSDT PmRef CpuPm
Friday, January 21, 2011 11:25 PM -
"TKildren" wrote in message news:10c0bc03-869c-432d-b66b-55797e5b56ef...got nothing-
Files that Windows needs to work properly have been modified, removed, or disabled. To resolve, you need to install genuine Windows. Not to worry, we can help you with that.
here is the new MGA:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0x80070057
Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
Windows Product ID: 00371-152-6913745-85692
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
Licensing Data-->
Error: 0x5 Access denied: the requested action requires elevated privileges
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 1:21:2011 17:12
Hmmm - disappointing! Let's see if the System File Checker can help -System File Checker - Instructions
Click on the Start button
type in the Search box
CMD.EXE
right-click on the only file that is found
Select Run as Administrator - the Elevated Command Prompt window should pop up
At the Command prompt, type
SFC /SCANNOW
and hit the Enter key
Wait for the scan to finish - make a note of any error messages - and then reboot.
Visit the Validation site http://www.microsoft.com/genuine/validate and attempt to Validate Windows - again, make a note of error messages.
Run MGADiag again, and see if it's managed to clear the error - if not, post back with a new report, and we'll take another look.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothSaturday, January 22, 2011 8:23 AMModerator -
same error msg on validate - new mga:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0x80070057
Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
Windows Product ID: 00371-152-6913745-85692
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{61063159-DC7C-440F-9D6A-5CF08B5E15E2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XYD3X</PKey><PID>00371-152-6913745-85692</PID><PIDType>5</PIDType><SID>S-1-5-21-1018102580-3443348336-2581077052</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20100205000000.000000+000</Date></BIOS><HWID>08143507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Error: 0x5 Access denied: the requested action requires elevated privileges
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 1:21:2011 17:12
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc
HWID Data-->
HWID Hash Current: PAAAAAIABgABAAEAAAADAAAAAgABAAEAonbu60R49MMMNUa85L+ENAiFwo/EixwhYj0qzz31sl52d0bK
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
EUDS GBT
TAMG GBT GBT B0
SSDT PmRef CpuPm
Saturday, January 22, 2011 2:17 PM -
sfc gave windows resource protection did not find any integrity violationsSaturday, January 22, 2011 2:18 PM
-
"TKildren" wrote in message news:cbe8a5f4-94cf-46ef-b655-a71a4c8c33c7...sfc gave windows resource protection did not find any integrity violations
I hate to say it, but I'm out of ideas.I can only suggest that you open a WGA support incident with MS and see if they can help.You appear to be in the US - so use this linkGood Luck - and let us know how you get it fixed in the end, please?
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothSaturday, January 22, 2011 3:34 PMModerator -
For some reason I keep getting pushed around to different departments, and I am NOT wasting my minutes (like I did last time) to do a re-install.
If I do a re-install, will I have any problem activating?
Tuesday, January 25, 2011 1:31 PM -
"TKildren" wrote in message news:be2477af-fee7-45e1-aa16-178eafa93a44...
For some reason I keep getting pushed around to different departments, and I am NOT wasting my minutes (like I did last time) to do a re-install.
If I do a re-install, will I have any problem activating?
You will need to do a full reformat/reinstall to be sure that you got rid of everything that the virus brought with it.To do that, first back up ALL your data, and program installation files, (and their product keys) to external media (CD/DVD/HDD).Then use the Recovery system from your OEM - which should NOT require you to enter a Product Key during the Win7 installation process.Once you have the OS reinstalled, the first thing to do is update it using Windows Updates, then install an effective Anti-Virus, and then you can begin bringing your data back onto the system, after scanning carefully with your AV, and also preferably with a decent anti-malware program.The re-install your applications, and check that you can open all your data files without any problems.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothTuesday, January 25, 2011 9:56 PMModerator