Answered by:
Need help with Office 2007 validation

Question
-
My parents' computer is having probleme. They've installed some things they shouldn't have, like Ascentive products, and other things. I've done a vast amount of cleaning up and am now just trying to set them up with MS Security Essentials and MalwareBytes AntiMalware. They are running XP SP3. XP passes validation but the MS Security Essentials chokes on the Office validation. I am not even sure if they have MS office installed...or at least I can't find any signs of it. Here's the goods. Any help would be greatly appreciated.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {4CA31524-886F-423E-97A4-7B3A7AE34B64}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A
Version: N/AWindows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.5.540.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: MicrosoftOGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4CA31524-886F-423E-97A4-7B3A7AE34B64}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-286753017-2256804234-34295901</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 2400 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20030919000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>3CAE314F01842052</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Computer Corporation</name><model>Dell DIMENSION DIM2400</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.5.540.0"/><File Name="WgaLogon.dll" Version="1.5.540.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Licensing Data-->
N/AWindows Activation Technologies-->
N/AHWID Data-->
N/AOEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1B34C:Dell Inc|1B34C:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell SystemOEM Activation 2.0 Data-->
N/AWednesday, September 1, 2010 12:41 PM
Answers
-
Hello veek61,
The mgadiag report has no signs of any Office installation whatsoever.
It does show that the WGA Notifications Utility is woefully out of date, perhaps updating that will cure the problem with MSE validating.
Download from here: http://support.microsoft.com/kb/905474
Buy Office 2007 Now, Get Office 2010 Free http://office2010.microsoft.com/en-us/tech-guarantee/microsoft-office-2010-technology-guarantee-FX101825695.aspx?CTT=97- Marked as answer by Darin Smith MS Wednesday, September 1, 2010 10:11 PM
Wednesday, September 1, 2010 4:26 PM
All replies
-
Removing malware is difficult if not impossible, all the hours and head scratching typically are not worth it. On a deeply infected computer, unless absolutely not possible it is best to "format and forget". That said, if you want to continue your endeavor then I suggest running the system file checker http://support.microsoft.com/kb/310747 to try to repair any unseen damage.
If you can't get both validation and MSE working and believe it is a WGA issue then you can ask the people at http://support.microsoft.com/gp/contactwga, however, as I said, it may not be possible or just not worth it when you consider all of the hours spent and hair lost over some malware, if it were me I would have them back up their photos and other files and do a factory restoration using the media that came with the computer.
Wednesday, September 1, 2010 1:22 PM -
Hello veek61,
The mgadiag report has no signs of any Office installation whatsoever.
It does show that the WGA Notifications Utility is woefully out of date, perhaps updating that will cure the problem with MSE validating.
Download from here: http://support.microsoft.com/kb/905474
Buy Office 2007 Now, Get Office 2010 Free http://office2010.microsoft.com/en-us/tech-guarantee/microsoft-office-2010-technology-guarantee-FX101825695.aspx?CTT=97- Marked as answer by Darin Smith MS Wednesday, September 1, 2010 10:11 PM
Wednesday, September 1, 2010 4:26 PM -
I have to agree with Carl_OH. This is my own personal (non-Microsoft) opinion, but if it was my computer, the only way I could be sure my computer was no longer compromised, would be to do a clean install.
Darin MSWednesday, September 1, 2010 10:16 PM