locked
Got a worm / virus now Windows 7 says it isn't genuine RRS feed

  • Question

  • Two days ago I was browsing reddit when MSE popped up and warned of a virus threat (turns out I was not the only one, as evidenced by this notice by the reddit webmaster: http://www.reddit.com/r/announcements/comments/e7988/a_number_of_reddit_users_have_reported_finding/ )

    After MSE scrubbed my system  - also cleaning up win23.generic worm - I have gotten the notice that my copy of windows is not genuine - which can't be the case, since I had it (pre)ordered from Amazon before it came out - my MGA diagnostic is below - any insight would be much appreciated!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x80070424
    Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
    Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
    Windows Product ID: 00371-152-6913745-85203
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{61063159-DC7C-440F-9D6A-5CF08B5E15E2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XYD3X</PKey><PID>00371-152-6913745-85203</PID><PIDType>5</PIDType><SID>S-1-5-21-1018102580-3443348336-2581077052</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20100205000000.000000+000</Date></BIOS><HWID>08143507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070424' to display the error text.
    Error: 0x80070424

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:18:2010 14:49
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Not Registered - 0x80070424
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: PAAAAAIABgABAAEAAAADAAAAAgABAAEAonbu60R49MMMNUa85L+ENAiFwo/EixwhYj0qzz31sl52d0bK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            GBT           GBTUACPI
      FACP            GBT           GBTUACPI
      HPET            GBT           GBTUACPI
      MCFG            GBT           GBTUACPI
      EUDS            GBT          
      TAMG            GBT           GBT   B0
      SSDT            PmRef        CpuPm


     

    Friday, November 19, 2010 4:52 PM

Answers

  • Type cmd in the search box of the start menu, right click on the icon that appears and select run as administrator. At the prompt type SFC /SCANNOW and follow the prompts, reboot if neccesary and let us know of any errors or messages you recieve. After rebooting visit www.microsoft.com/genuine and attempt to validate.

    if that does not work try the following

    Type system restore in the search box, click on the relulting program, follow the wizards instructions to restore, choose a restore point prior to your non-genuine status by atleast a day or two. BE CAREFUL that you do not restore to a point that you may have been infected.

    If that does not work go to the following link and start a no cost support incident. http://support.microsoft.com/gp/contactwga

    I have a suspicion that you will end up using the third option of creating a no cost support incident.

    • Proposed as answer by Darin Smith MS Friday, November 19, 2010 7:57 PM
    • Marked as answer by Darin Smith MS Wednesday, November 24, 2010 11:21 PM
    Friday, November 19, 2010 6:29 PM

All replies

  • Type cmd in the search box of the start menu, right click on the icon that appears and select run as administrator. At the prompt type SFC /SCANNOW and follow the prompts, reboot if neccesary and let us know of any errors or messages you recieve. After rebooting visit www.microsoft.com/genuine and attempt to validate.

    if that does not work try the following

    Type system restore in the search box, click on the relulting program, follow the wizards instructions to restore, choose a restore point prior to your non-genuine status by atleast a day or two. BE CAREFUL that you do not restore to a point that you may have been infected.

    If that does not work go to the following link and start a no cost support incident. http://support.microsoft.com/gp/contactwga

    I have a suspicion that you will end up using the third option of creating a no cost support incident.

    • Proposed as answer by Darin Smith MS Friday, November 19, 2010 7:57 PM
    • Marked as answer by Darin Smith MS Wednesday, November 24, 2010 11:21 PM
    Friday, November 19, 2010 6:29 PM
  • "TKildren" wrote in message news:b82e417c-af7e-461a-8d06-c48e6c7e8196...

    Two days ago I was browsing reddit when MSE popped up and warned of a virus threat (turns out I was not the only one, as evidenced by this notice by the reddit webmaster: http://www.reddit.com/r/announcements/comments/e7988/a_number_of_reddit_users_have_reported_finding/ )

    After MSE scrubbed my system  - also cleaning up win23.generic worm - I have gotten the notice that my copy of windows is not genuine - which can't be the case, since I had it (pre)ordered from Amazon before it came out - my MGA diagnostic is below - any insight would be much appreciated!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x80070424
    Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
    Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
    Windows Product ID: 00371-152-6913745-85203
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048


    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070424' to display the error text.
    Error: 0x80070424


     


    Your problem is caused by the error message above - which translates as 'The specified service does not exist as an installed service' - which doesn't tell us a whole lot.
    Since there's no File Mismatches, or any other obvious signs of corruption, it may be that one of the Windows Services has been removed from the running services somehow, by your virus.
    Please open the Services Control panel and see that the following services are present, and set to run in the right way :-
    Software Protection Service - Automatic, delayed start
    SPP Notification Service - Manual
     
    Both should be running.
    If both are present and running, please try  using he System File Checker to see if that can fix your problem.
     
    System File Checker - Instructions
    Click on the Start button
    type in the Search  box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator
     - the Elevated Command Prompt window should pop up
    At the Command prompt, type
     
    SFC   /SCANNOW
     
    and hit the Enter key
    Wait for the scan to finish - make a note of any error messages - and then reboot
    Visit the Validation site  http://www.microsoft.com/genuine and attempt to Validate Windows - again, make a note of error messages.
    Reboot.
    Run MGADiag again, and post the report, and error messages in your reply.
     
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Proposed as answer by Darin Smith MS Friday, November 19, 2010 7:57 PM
    Friday, November 19, 2010 6:32 PM
    Moderator
  • Hi Carl,

    SFC/ scannow did not return any errors - sys restore looks like its missing a service, am taking route 3, am I emailing / calling customer service? should I include the same info as above?

     

    Thanks for your help!

    T.

     

    Saturday, November 20, 2010 2:41 PM
  • Hi Noel,

    Tried your first suggestion - the service Software Protection Service isn't even listed (SPP is, and is as it should be)

    sfc/scannow yielded nothing

    Saturday, November 20, 2010 2:44 PM
  • Yes, option three is the only thing I can suggest at this time. Refer them to this thread and the fact that software protection is not listed as a service.
    Saturday, November 20, 2010 4:55 PM
  • ok, so why after 3 months, a complete re-install, would I be plagues with this YET AGAIN?? Watermark just reappeared again!
    Friday, January 21, 2011 2:59 AM
  • "TKildren" wrote in message news:d51146e4-493e-4beb-9987-0e18960a068a...
    ok, so why after 3 months, a complete re-install, would I be plagues with this YET AGAIN?? Watermark just reappeared again!

    Please post a new MGADiag report.

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, January 21, 2011 8:58 AM
    Moderator
  • here is the result:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0x80070057
    Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
    Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
    Windows Product ID: 00371-152-6913745-85692
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{61063159-DC7C-440F-9D6A-5CF08B5E15E2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XYD3X</PKey><PID>00371-152-6913745-85692</PID><PIDType>5</PIDType><SID>S-1-5-21-1018102580-3443348336-2581077052</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20100205000000.000000+000</Date></BIOS><HWID>08143507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Error: 0x5 Access denied: the requested action requires elevated privileges

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:25:2010 12:04
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Not Registered - 0x80070424
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: PAAAAAIABgABAAEAAAADAAAAAgABAAEAonbu60R49MMMNUa85L+ENAiFwo/EixwhYj0qzz31sl52d0bK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            GBT           GBTUACPI
      FACP            GBT           GBTUACPI
      HPET            GBT           GBTUACPI
      MCFG            GBT           GBTUACPI
      EUDS            GBT          
      TAMG            GBT           GBT   B0
      SSDT            PmRef        CpuPm


    Friday, January 21, 2011 1:05 PM
  • "TKildren" wrote in message news:cdf40324-8733-47e6-a193-c3b68faff4cd...

    here is the result:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0x80070057
    Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
    Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
    Windows Product ID: 00371-152-6913745-85692
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
    Is Admin: Yes
    TestCab: 0x0


    Licensing Data-->
    Error: 0x5 Access denied: the requested action requires elevated privileges


    You would appear to have run this in a Limited User account? If not, then you have permissions problems from somewhere.
    Silly question #1: Are you using, or have you EVER used a Registry cleaner/optimiser on this system since the reinstall?
    Silly question #2: What Security software are you running? (I don't *think* it'd be an issue, but....)
     
     
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, January 21, 2011 2:16 PM
    Moderator
  • I do use glary utilities  - mostly for cleaning disk space - its on a schedule, one button cleaning solution - assume it has a reg cleaner in  it. Also, I use MS Security Essentials for day to day stuff, Malwarebytes Anti-Malware for the occasional in depth scan.

    Guessing you're going to suggest stop using reg-cleaner, is there one you recommend?

    Friday, January 21, 2011 2:27 PM
  • "TKildren" wrote in message news:412b25ef-ab2a-4828-b54b-099731c2d3d4...

    I do use glary utilities  - mostly for cleaning disk space - its on a schedule, one button cleaning solution - assume it has a reg cleaner in  it. Also, I use MS Security Essentials for day to day stuff, Malwarebytes Anti-Malware for the occasional in depth scan.

    Guessing you're going to suggest stop using reg-cleaner, is there one you recommend?


    UNDO anything that Glary has done to your registry! (I sincerely hope it keeps backups?), then reboot a couple of times and see if the MGADiag report changes. Then UNINSTALL Glary, and learn how to maintain your system for yourself.
    A couple of minutes a day spent maintaining the system is a lot less hassle than repairing the screw-ups made by snake-oil products such as registry clesners. There's almost nothing in Glary that isn't already present in Windows, or available in better form for free elsewhere.

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, January 21, 2011 2:50 PM
    Moderator
  • ok done - new mga:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x80070057
    Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
    Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
    Windows Product ID: 00371-152-6913745-85692
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{61063159-DC7C-440F-9D6A-5CF08B5E15E2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XYD3X</PKey><PID>00371-152-6913745-85692</PID><PIDType>5</PIDType><SID>S-1-5-21-1018102580-3443348336-2581077052</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20100205000000.000000+000</Date></BIOS><HWID>08143507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Error: 0x5 Access denied: the requested action requires elevated privileges

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:25:2010 12:04
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Not Registered - 0x80070424
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: PAAAAAIABgABAAEAAAADAAAAAgABAAEAonbu60R49MMMNUa85L+ENAiFwo/EixwhYj0qzz31sl52d0bK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            GBT           GBTUACPI
      FACP            GBT           GBTUACPI
      HPET            GBT           GBTUACPI
      MCFG            GBT           GBTUACPI
      EUDS            GBT          
      TAMG            GBT           GBT   B0
      SSDT            PmRef        CpuPm


    Friday, January 21, 2011 4:02 PM
  • "TKildren" wrote in message news:bec1442d-73ae-4efd-83b4-d024f5248e4a...

    ok done - new mga:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x80070057
    Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
    Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
    Windows Product ID: 00371-152-6913745-85692
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048

    Licensing Data-->
    Error: 0x5 Access denied: the requested action requires elevated privileges

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:25:2010 12:04
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Not Registered - 0x80070424
    HealthStatus Bitmask Output:



     Unfortunately, nothing seems to have changed - and this is an error I've not come across before, so I'm groping in the dark (Google is unusually devoid of references as well!)
    try this....
    Try going to Programs - Installed Updates.
    Look for the WAT update KB971033 - uninstall it.
    Then go to Windows Updates, check for updates, and you should be offered 971033 again - install it, and try and re-validate your machine at http://www.microsoft.com/genuine/validate - then run another MGADiag report.

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, January 21, 2011 5:10 PM
    Moderator
  • got nothing-

    Files that Windows needs to work properly have been modified, removed, or disabled. To resolve, you need to install genuine Windows. Not to worry, we can help you with that.

     

    here is the new MGA:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0x80070057
    Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
    Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
    Windows Product ID: 00371-152-6913745-85692
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{61063159-DC7C-440F-9D6A-5CF08B5E15E2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XYD3X</PKey><PID>00371-152-6913745-85692</PID><PIDType>5</PIDType><SID>S-1-5-21-1018102580-3443348336-2581077052</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20100205000000.000000+000</Date></BIOS><HWID>08143507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Error: 0x5 Access denied: the requested action requires elevated privileges

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 1:21:2011 17:12
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: PAAAAAIABgABAAEAAAADAAAAAgABAAEAonbu60R49MMMNUa85L+ENAiFwo/EixwhYj0qzz31sl52d0bK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            GBT           GBTUACPI
      FACP            GBT           GBTUACPI
      HPET            GBT           GBTUACPI
      MCFG            GBT           GBTUACPI
      EUDS            GBT          
      TAMG            GBT           GBT   B0
      SSDT            PmRef        CpuPm


    Friday, January 21, 2011 11:25 PM
  • "TKildren" wrote in message news:10c0bc03-869c-432d-b66b-55797e5b56ef...
    got nothing-

    Files that Windows needs to work properly have been modified, removed, or disabled. To resolve, you need to install genuine Windows. Not to worry, we can help you with that.

     

    here is the new MGA:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0x80070057
    Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
    Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
    Windows Product ID: 00371-152-6913745-85692
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048

    Licensing Data-->
    Error: 0x5 Access denied: the requested action requires elevated privileges

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 1:21:2011 17:12



     


    Hmmm - disappointing! Let's see if the System File Checker can help -
    System File Checker - Instructions
    Click on the Start button
    type in the Search  box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator - the Elevated Command Prompt window should pop up
    At the Command prompt, type
     
    SFC   /SCANNOW
     
    and hit the Enter key
    Wait for the scan to finish - make a note of any error messages - and then reboot.
     
    Visit the Validation site  http://www.microsoft.com/genuine/validate  and attempt to Validate Windows - again, make a note of error messages.
    Run MGADiag again, and see if it's managed to clear the error - if not, post back with a new report, and we'll take another look.
     
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, January 22, 2011 8:23 AM
    Moderator
  • same error msg on validate - new mga:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0x80070057
    Windows Product Key: *****-*****-9Q7QW-24TWK-XYD3X
    Windows Product Key Hash: AA1P2DNL4F+uaAWGAFKbmA+ElKw=
    Windows Product ID: 00371-152-6913745-85692
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {61063159-DC7C-440F-9D6A-5CF08B5E15E2}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{61063159-DC7C-440F-9D6A-5CF08B5E15E2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XYD3X</PKey><PID>00371-152-6913745-85692</PID><PIDType>5</PIDType><SID>S-1-5-21-1018102580-3443348336-2581077052</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20100205000000.000000+000</Date></BIOS><HWID>08143507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Error: 0x5 Access denied: the requested action requires elevated privileges

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 1:21:2011 17:12
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: PAAAAAIABgABAAEAAAADAAAAAgABAAEAonbu60R49MMMNUa85L+ENAiFwo/EixwhYj0qzz31sl52d0bK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            GBT           GBTUACPI
      FACP            GBT           GBTUACPI
      HPET            GBT           GBTUACPI
      MCFG            GBT           GBTUACPI
      EUDS            GBT          
      TAMG            GBT           GBT   B0
      SSDT            PmRef        CpuPm


    Saturday, January 22, 2011 2:17 PM
  • sfc gave windows resource protection did not find any integrity violations
    Saturday, January 22, 2011 2:18 PM
  • "TKildren" wrote in message news:cbe8a5f4-94cf-46ef-b655-a71a4c8c33c7...
    sfc gave windows resource protection did not find any integrity violations

    I hate to say it, but I'm out of ideas.
    I can only suggest that you open a WGA support incident with MS and see if they can help.
    You appear to be in the US - so use this link
     
    Good Luck - and let us know how you get it fixed in the end, please?

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, January 22, 2011 3:34 PM
    Moderator
  • For some reason I keep getting pushed around to different departments, and I am NOT wasting my minutes (like I did last time) to do a re-install.

    If I do a re-install, will I have any problem activating?

    Tuesday, January 25, 2011 1:31 PM
  • "TKildren" wrote in message news:be2477af-fee7-45e1-aa16-178eafa93a44...

    For some reason I keep getting pushed around to different departments, and I am NOT wasting my minutes (like I did last time) to do a re-install.

    If I do a re-install, will I have any problem activating?


    You will need to do a full reformat/reinstall to be sure that you got rid of everything that the virus brought with it.
    To do that, first back up ALL your data, and program installation files, (and their product keys) to external media (CD/DVD/HDD)
    .
    Then use the Recovery system from your OEM - which should NOT require you to enter a Product Key during the Win7 installation process.
     
    Once you have the OS reinstalled, the first thing to do is update it using Windows Updates, then install an effective Anti-Virus, and then you can begin bringing your data back onto the system, after scanning carefully with your AV, and also preferably with a decent anti-malware program.
    The re-install your applications, and check that you can open all your data files without any problems.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, January 25, 2011 9:56 PM
    Moderator