locked
Virus changed product key, (win7) same key as hundreds of others RRS feed

  • Question

  • Here is my report from MGAD tool:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010300.0.0.003
    ID: {59C542ED-E9FA-45F2-9CFF-499847A98CFF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7600.win7_rtm.090713-1255
    TTS Error: T:20120805133807670-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 102
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
    Default Browser: C:\Users\g\AppData\Local\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{59C542ED-E9FA-45F2-9CFF-499847A98CFF}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3893164015-2604046476-4221055654</SID><SYSTEM><Manufacturer>Gateway        </Manufacturer><Model>NV54 Series                    </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.30          </Version><SMBIOSVersion major="2" minor="5"/><Date>20091025000000.000000+000</Date></BIOS><HWID>27BA3607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800006-02-1033-7600.0000-2182012
    Installation ID: 009874819352621314275230436254457310043106904856427964
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 8/8/2012 5:46:31 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C533
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 7:25:2012 13:01
    ActiveX: Not Registered - 0x80040154
    Admin Service: Not Registered - 0x80040154
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAEAAQABAAIAAAABAAAAAwABAAEA6GHEVYLDVOAY/1AhPlISitKO0kUMmUbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            PTLTD              APIC  
      FACP            INTEL         CRESTLNE
      HPET            INTEL         CRESTLNE
      BOOT            PTLTD         $SBFTBL$
      MCFG            INTEL         CRESTLNE
      SLIC            ACRSYS        ACRPRDCT
      SSDT            BrtRef        DD01BRT
      SSDT            BrtRef        DD01BRT
    --------------------------------------------------------------------------------------------------END OF REPORT---

    On a license finding program I get:Resource Type    Key    User Name    Company Name    Key 1
    Microsoft Internet Explorer    xxxxX-xxxxx-WJ2H8-R6B6D-7QJB7            
    Microsoft Windows NT CurrentVersion DefaultProductKey    xxxxx-xxxxH-74XYM-BH4JX-XM76F            
    Windows 7 Home Premium    xxxxx-xxxxx-WJ2H8-R6B6D-7QJB7            
    Windows PID    00359-OEM-8992687-00006/  Windows Product ID:00359-OEM-8992687-00006(same as others infectd)
    Windows Product Key    Vxxxx-xxxxx-WJ2H8-R6B6D-7QJB7            Windows 7 Home Premium x64 (OEM:SLP)

    -----------------------------------------------------------END-------------

    NOW:  My NV54 Gateway is made by Acer and I bought it new with product key on bottom of laptop still well readable. I got an FBI ransom virus and Hiloti A and D virus and whatever else I got rid of with a whole lot of work and programs and days.

         So during the second day no matter what I did the virus kept coming back. It would give a black screen (after the FBI fake page) and say this copy of windows is not genuine (at the bottom right corner)  I got pop ups to activate my windows and I put my real paid for and owned product key from the sticker under my laptop. Then it would not take the key.

        At some point I got to call Microsoft's phone activation and got a bunch of numbers to enter into the window to activate, like dozens in groups of numbers only..  But before I could get that far the windows would pop up again and I could never access the first window to enter the given numbers over the phone. 

         Since then I have removed the virus and of course exhausted all of my restore points before I did that so none of them worked as they only went as far back as four weeks.  All the other older ones vanished.

         I have transferred all of my documents, pics and stuff out of it into safe external storage but am scared to try a 'reset to factory condition' because the product key might not work.  The virus is gone as of this morning and I know because before I could not get the black screen to change to windows 7 default with the logo and my laptop logo on it, only to a solid blue.  But after I did a number of malware and rkill and ms stuff and registry manual clean and more it rebooted like normal.  Except the product key and I'm sure a few other things.

    I might have picked it up in Afghanistan where I recently returned from last month because the restore points before that were deleted. Who knows?  Yes it runs now but how to make sure if I set to factory default that it might be missing something that it needs to open product key proper activation?  I wrote down everything just in case one might work.

         The only way I got it to go to activation status was to run a license checker program and found the bogus prod key. Research online shows a lot of people have that same key generated by a virus. Cannot do a clean install as I don't have the disc nor the knowledge of how to make an ISO and it might cause more problems for me than trying the factory reset.

         [FBI warning made me laugh as I am a goody two shoes and never did what they said I did like child porn or copywritten material distribution]  But wouldn't anyone like to be with whomever is responsible alone? I sure would like to meet the idiot(s) and teach them how much aggravation they cause others unnecessarily.

         Because I saw so much change in the registry I thought it should be reset to factory.  Plus it's not my prod key and who knows what could happen with it broadcasting this other key? And probably the real product key got sent via the viral program to the culprits so they can do a lot with that? Clone into my system? Thanks much ahead of due time for your valuable work and time to help and advise me.  I do appreciate it.

    Thank you America and ENJOY YOUR FREEDOM !!!




    Wednesday, August 8, 2012 10:13 PM

Answers

  • The recovery disks are equivalent to doing a factory reset from the recovery partition.  However, your Windows is licensed.

    License Status: Licensed

    so I think you are running ahead of yourself.  I don't know what "correct product key" you have been entering but the product key in your report is the key embedded by Gateway at the time the computer was manufactured.  The recovery media has the same PK baked in.  It is not a unique key and is blocked on the Microsoft activation servers.  Instead that key interacts with the Acer/Gateway codes in the SLIC table in the BIOS to self-activate Windows. 

    SLIC            ACRSYS        ACRPRDCT

    The same key is used on all Gateway computers that had Windows 7 Home Premium installed at the factory.  That product key cannot be used to manually activate, so if that's what you are trying to enter you are wasting your time.  The manufacturer has provided another product key, which is unique and is printed on the COA sticker affixed to the bottom of your laptop or in the battery compartment.  That key can be used to manually activate Windows should the embedded key fail to self-activate for some reason.  However, your copy of Windows is self-activated according to your report.

    Don't be concerned about the file mismatches in your report.  They simply indicate that you have not installed the WAT update.  That does not cause your Windows to show a non-genuine message.

    The error from your report to be concerned about is:

    HrOnline: 0xC004C533

    Unfortunately it is a very generic message and just indicates that some data is messed up.  Try rebuilding the licensing store:

    1) Click Start button.
    2) Type: CMD.exe into the 'Search programs and files' field
    3) Right-Click on CMD.exe and select 'Run as Administrator'
    4) Type: net stop sppsvc   (It may ask you if you are sure, select yes)
    Note: the Software Protection service may not be running, this is ok.
    5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
    6) Type: rename tokens.dat tokens.bar
    7) Type: cd %windir%\system32
    8) Type: net start sppsvc
    9) Type: slui.exe
    10) After a couple of seconds Windows Activation dialog will appear. It's most likely that Activation will occur automatically but you may be asked to re-enter your product key and/or to reactivate.  You will need to use the COA product key if you are asked to enter one.


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 8GB ram.


    Thursday, August 9, 2012 1:32 AM
    Answerer
  • That all looks pretty much fine - you should be able to get rid of the residual errors simply by visiting teh Validation pages at www.microsoft.com/genuine/validate

    When it passes, you'll be offered IE9 and MSE - you don't have to take either, unless you want them.(you'll need to use IE or Chrome for the visit - FF barfs on ActiveX usually)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, August 9, 2012 10:58 PM
    Moderator
  • Your COA sticker Key will activate your Windows installation - if it's for the same edition of windows as isinstalled.

    You will probably, however, need to use telephone activation.

    Change the Key to the one on the sticker using the Change Product Key link on the System properties page, and then use the telephone activation option if offered.

    If it's not offered, use the following procedure

    telephone activation (operator calls)

     Click on the Start button

    in the Search box, type

    SLUI 4

     and hit the Enter key

    follow the instructions, but when asked which service you require by the telephone ansafone, do NOT reply - this should force an operator to respond, who can deal with you 


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Thursday, August 9, 2012 7:40 AM
    Moderator

All replies

  • Wednesday, August 8, 2012 11:08 PM
    Moderator
  • Thank you Carey, I have read those and that is my line of thinking about it all. Entering my correct product key while viral probably went straight to the source hacker files. It popped up while offline so I don't know how that works. Do you know if the E-recovery disc is the same as factory reset? The description says it sets it to factory conditions. Hate to be 'punked' by something that is stupid as a hackers' dream come true.

    Has anyone else seen this product key or mismatch files?  Seems the product key is all over search engines.  Must be an easily solvable problem.  If I find it first I will post what I accomplished.

    Thursday, August 9, 2012 12:17 AM
  • The recovery disks are equivalent to doing a factory reset from the recovery partition.  However, your Windows is licensed.

    License Status: Licensed

    so I think you are running ahead of yourself.  I don't know what "correct product key" you have been entering but the product key in your report is the key embedded by Gateway at the time the computer was manufactured.  The recovery media has the same PK baked in.  It is not a unique key and is blocked on the Microsoft activation servers.  Instead that key interacts with the Acer/Gateway codes in the SLIC table in the BIOS to self-activate Windows. 

    SLIC            ACRSYS        ACRPRDCT

    The same key is used on all Gateway computers that had Windows 7 Home Premium installed at the factory.  That product key cannot be used to manually activate, so if that's what you are trying to enter you are wasting your time.  The manufacturer has provided another product key, which is unique and is printed on the COA sticker affixed to the bottom of your laptop or in the battery compartment.  That key can be used to manually activate Windows should the embedded key fail to self-activate for some reason.  However, your copy of Windows is self-activated according to your report.

    Don't be concerned about the file mismatches in your report.  They simply indicate that you have not installed the WAT update.  That does not cause your Windows to show a non-genuine message.

    The error from your report to be concerned about is:

    HrOnline: 0xC004C533

    Unfortunately it is a very generic message and just indicates that some data is messed up.  Try rebuilding the licensing store:

    1) Click Start button.
    2) Type: CMD.exe into the 'Search programs and files' field
    3) Right-Click on CMD.exe and select 'Run as Administrator'
    4) Type: net stop sppsvc   (It may ask you if you are sure, select yes)
    Note: the Software Protection service may not be running, this is ok.
    5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
    6) Type: rename tokens.dat tokens.bar
    7) Type: cd %windir%\system32
    8) Type: net start sppsvc
    9) Type: slui.exe
    10) After a couple of seconds Windows Activation dialog will appear. It's most likely that Activation will occur automatically but you may be asked to re-enter your product key and/or to reactivate.  You will need to use the COA product key if you are asked to enter one.


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 8GB ram.


    Thursday, August 9, 2012 1:32 AM
    Answerer
  • Colin!  Hello and thank you.  I was just about to post those exact ten steps you did.  I completed them and went onto ms site and it did say my windows is GENUINE.  Yeah .  ..  But..  I am now using a different key. I think they call it OEM - SLP key.  That is some generic for the recovery which I never used.  It just got changed all by itself during the viral war.  I won the war but now want to change back to what is on the sticker on the bottom of my machine.

         Seems that the SLP is a universal key and can't that be harmful since anyone can clone somehow to my OS using identity sharing?

    I know not to sweat the small stuff but it changed without my interaction and I just wanted to know if there was any way of reverting back to the legitimate product key code that I own.  If security institutions can use that to identify customer profile systems then anyone with passwords can hack into accounts cloning themselves off as me since their OEM - SLP product key is the same as mine.

         I mean, if a scumbag can make a system control itself like that without my intervention and change important settings and more then for certain it can clone identity theft that way.

           I'll have to post later after I restart my system to see if the update thingamajig is wanting to holler out or not.  Let's see what it will do after a restart.  Any updates I should be getting to help with all of this?

    Ok. Now restarted: Updates works again.  Should I see about getting the KB/971033 update?

    LATEST EDIT:      Glad I'm a speed reader because I have learned about OEM SLP and COA keys.  It seems that I am fine as you both have posted so well.  I did not know that the COA key on the sticker is used to verify if needed in the future for activation, update or whenever needed by MS. 

    Still scared to do a system reset although I have cleaned out my files.  I removed so much junk and cleaned out so much of the registry that I think it might be best.  I know I don't have the finest computer available but this is my baby and sooner or later I will have the i20 65mhz 3D screen with all the bells and whistles on it when it comes out in a few years. By then all this will be just a blur.  Just a blurr.

         Thanks to all and problem is solved outstandingly.

    Thursday, August 9, 2012 2:03 AM
  • The recovery disks are equivalent to doing a factory reset from the recovery partition.  However, your Windows is licensed.

    License Status: Licensed

    so I think you are running ahead of yourself.  I don't know what "correct product key" you have been entering but the product key in your report is the key embedded by Gateway at the time the computer was manufactured.  The recovery media has the same PK baked in.  It is not a unique key and is blocked on the Microsoft activation servers.  Instead that key interacts with the Acer/Gateway codes in the SLIC table in the BIOS to self-activate Windows. 

    SLIC            ACRSYS        ACRPRDCT

    The same key is used on all Gateway computers that had Windows 7 Home Premium installed at the factory.  That product key cannot be used to manually activate, so if that's what you are trying to enter you are wasting your time.  The manufacturer has provided another product key, which is unique and is printed on the COA sticker affixed to the bottom of your laptop or in the battery compartment.  That key can be used to manually activate Windows should the embedded key fail to self-activate for some reason.  However, your copy of Windows is self-activated according to your report.

    Don't be concerned about the file mismatches in your report.  They simply indicate that you have not installed the WAT update.  That does not cause your Windows to show a non-genuine message.

    The error from your report to be concerned about is:

    HrOnline: 0xC004C533

    Unfortunately it is a very generic message and just indicates that some data is messed up.  Try rebuilding the licensing store:

    1) Click Start button.
    2) Type: CMD.exe into the 'Search programs and files' field
    3) Right-Click on CMD.exe and select 'Run as Administrator'
    4) Type: net stop sppsvc   (It may ask you if you are sure, select yes)
    Note: the Software Protection service may not be running, this is ok.
    5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
    6) Type: rename tokens.dat tokens.bar
    7) Type: cd %windir%\system32
    8) Type: net start sppsvc
    9) Type: slui.exe
    10) After a couple of seconds Windows Activation dialog will appear. It's most likely that Activation will occur automatically but you may be asked to re-enter your product key and/or to reactivate.  You will need to use the COA product key if you are asked to enter one.


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 8GB ram.


    so if that's what you are trying to enter you are wasting your time.   

    But I did use that one after I used 'SIWPortable'to locate the license window and found the SLP keyMy COA sticker key would not activate windows.  That's where I got all tangled up in sweat. 

         There's just so little time in life with all that we do daily to keep abreast of all the things that changed since the Texas Instruments TI-99/4A a while back.  I had one of those and others after that.  I used to write my commands instead of what we have now.

    As I have stated below; It will all be just a blurr not too long from now.   :)

    Thursday, August 9, 2012 2:57 AM
  • Your COA sticker Key will activate your Windows installation - if it's for the same edition of windows as isinstalled.

    You will probably, however, need to use telephone activation.

    Change the Key to the one on the sticker using the Change Product Key link on the System properties page, and then use the telephone activation option if offered.

    If it's not offered, use the following procedure

    telephone activation (operator calls)

     Click on the Start button

    in the Search box, type

    SLUI 4

     and hit the Enter key

    follow the instructions, but when asked which service you require by the telephone ansafone, do NOT reply - this should force an operator to respond, who can deal with you 


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Thursday, August 9, 2012 7:40 AM
    Moderator
  • Thanks for the excellent information Noel. I learn so much here.

    I always wondered what would happen if you gave the SLP key as the confirmation or the COA one to verify.  Why didn't my computer recognize the COA sticker's input at the time of the virus?

    Maybe just blocking the key recognition files.  So is it true that the COA key is simply a verification key and the SLP is the generic one used?  But when asked to activate windows and I copied and pasted my SLP key it said activation successful.  Then a pop up box came up a day later and it had a telephone code already in it without me doing anything.

    I phoned and got the looooooong set of numbers but the virus reappeared before I could enter them into my system.  That's when the viruses were found.  And I used MB, SSD, Windef, rkill, and a host of others.  The only one that caught some of the virus was Windef.  Then the only one after that to catch the rest was Microsoft scanner and some other tools.  I also removed reg files. 

    What would entering the numbers they gave me have done?  The same as what I have now? Activation?  It seems that the SLP is only different from manuf. BRANDS so I guess it's a bit helpful to MS to control piracy.

    Thursday, August 9, 2012 6:22 PM
  • RECENT UPDATE ::

    I just went to system properties to play with the change key thingamajig and it said windows not activated.  While staring in wonderment with jaw dropped suddenly out of the blue the '3 days till activation' sentence appeared.  So I clicked on the light blue font and user control verify and entered my COA sticker's product key from under the laptop.  Then it processed verification and said my windows is activated.

    Ok.  SO I have not done anything for the past 3 days so why now does it start the 3 day limit on verification?  I did do the ten step process as described in one of the above postsMust have reset the thing.

    Is the virus still hiding?  I was shocked because checks yesterday showed the windows activated.  Thought all this was over but it might just be beginning again.

    Thursday, August 9, 2012 6:36 PM
  • Please post a new MGADiag report so we can see if anything has changed.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, August 9, 2012 9:52 PM
    Moderator
  • I did not think of rechecking it and glad you requested it.  Here is the new report:

    -------------------------------------------------------------------------------------------------------------------------------------------

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-Y8VQ9-4FQCH-86DRK
    Windows Product Key Hash: Euk1bSxqbyuys5my8wMH8Inaaqc=
    Windows Product ID: 00359-OEM-9803861-42808
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7600.2.00010300.0.0.003
    ID: {59C542ED-E9FA-45F2-9CFF-499847A98CFF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7600.win7_rtm.090713-1255
    TTS Error: T:20120805133807670-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 102
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
    Default Browser: C:\Users\g\AppData\Local\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{59C542ED-E9FA-45F2-9CFF-499847A98CFF}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-86DRK</PKey><PID>00359-OEM-9803861-42808</PID><PIDType>8</PIDType><SID>S-1-5-21-3893164015-2604046476-4221055654</SID><SYSTEM><Manufacturer>Gateway        </Manufacturer><Model>NV54 Series                    </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.30          </Version><SMBIOSVersion major="2" minor="5"/><Date>20091025000000.000000+000</Date></BIOS><HWID>27BA3607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: 5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00196-038-642808-02-1033-7600.0000-2222012
    Installation ID: 002516964511485843744695285276475531202876126624469624
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 86DRK
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 8/9/2012 6:41:38 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C533
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 7:25:2012 13:01
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEA6GHEVYLDVOAY/1AhPlISitKO0kVGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            PTLTD              APIC  
      FACP            INTEL         CRESTLNE
      HPET            INTEL         CRESTLNE
      BOOT            PTLTD         $SBFTBL$
      MCFG            INTEL         CRESTLNE
      SLIC            ACRSYS        ACRPRDCT
      SSDT            BrtRef        DD01BRT
      SSDT            BrtRef        DD01BRT
    --------------------------------------------------END OF REPORT---------------------------------------------------------------------

    So what can you find that has changed?  I might do a reset to factory in a day or two just to reset everything.  And I might add that I am thankful for all of your support (EVERYONE) and I do very much respect and appreciate it!

    Thursday, August 9, 2012 10:45 PM
  • That all looks pretty much fine - you should be able to get rid of the residual errors simply by visiting teh Validation pages at www.microsoft.com/genuine/validate

    When it passes, you'll be offered IE9 and MSE - you don't have to take either, unless you want them.(you'll need to use IE or Chrome for the visit - FF barfs on ActiveX usually)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, August 9, 2012 10:58 PM
    Moderator
  •      I did all that thanks to you Noel.  It did confirm and send me to that product page.  So funny.  But you know.... I kind of was licking my lips at that Security Essentials offer.

         I thank you all so very much.  God bless everyone and please pray for the unfortunate in every corner of our world.

    Friday, August 10, 2012 3:38 AM
  • Greetings Mr Barnhorst

    Your instructions and shared knowledge is soaked in and appreciated.  You have offered the following:

    The error from your report to be concerned about is:

    HrOnline: 0xC004C533

    ------------------------------------

    But that similar line is also found in the after viral removal (supposedly) posted here.  So do you think there still might be a problem with my system?  Wonder what a reset to factory conditions would reveal? 

    (I wish they would call it baseline your windows.)

    Friday, August 10, 2012 3:55 AM
  • That error message is cched by the system and only removed when you again validate teh system - if you post a new report now, it should have gone.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 10, 2012 7:41 AM
    Moderator
  • Well that's strange Noel.  It's gone!  But I posted the last report after I activated and nothing in between then and now.  Yet is is gone when I ran it and put it on notepad.

    You gurus must be magicians.  Don't know how it all works but I am happy of course.  Plus I learned a great deal.

    God bless all and thanks for everything.  All is fixed. 

    Friday, August 10, 2012 10:24 AM
  • Like I said - the validation site visit updated that area of the report :)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 10, 2012 10:38 AM
    Moderator