MGA report on xp box

[tns1]

This PC has gone thru the ringer over the years - viruses, replaced parts, reinstalls, phone validations. At times I was plagued with unexplained slow operation. I do not believe it has any licensing issues, but you tell me.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-TR399-49BVB-3CWWY
Windows Product Key Hash: mKGqw6Yk//yM57UkzI+mWUYZCrs=
Windows Product ID: 55277-OEM-2116301-36016
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {D846748C-5CCE-4828-8CB7-E3F515FF3CBB}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D846748C-5CCE-4828-8CB7-E3F515FF3CBB}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3CWWY</PKey><PID>55277-OEM-2116301-36016</PID><PIDType>3</PIDType><SID>S-1-5-21-1454471165-299502267-682003330</SID><SYSTEM><Manufacturer>ECS</Manufacturer><Model>M863</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080010 </Version><SMBIOSVersion major="2" minor="3"/><Date>20050330000000.000000+000</Date></BIOS><HWID>B84E39370184A05F</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65107</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>  

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 5960:Compaq Computer Corporation|17B4C:Elitegroup Computer Systems Co Ltd
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

 

[torchwood]

I can tell you that your MS Office is non-genuine its going to a blocked VLK (volumn license key).
Uninstall it it might speed up your comp.
Plenty of free ones out there if you dont want to buy a licence.

Roy

 

[tns1]

Libre Office seems like a suitable replacement. Does the fact this key is blocked mean that the office install itself has been altered, or that some other process is running and blocking access to the key? Any number of malware/virus scans says the system is clean but maybe they just do not look at this.

As far as the OS goes the report says 'genuine', but are there cases where it says this but it is still not legit?

 

[torchwood]

Hi Tns,
Your OS and Office suite keys are both checked by MS.
The office Enterprise Keys are issued to either companies or Educational establishments, and are "controlled" by them and then MS.
Thats why i said remove it, your System Builder key should be fine.

Your last statement is also correct. Pirates use what they call Loaders, to circumvent the Activation system.

Roy

 

[tns1]

Hi Tns,
Your OS and Office suite keys are both checked by MS.
The office Enterprise Keys are issued to either companies or Educational establishments, and are "controlled" by them and then MS.
Thats why i said remove it, your System Builder key should be fine.

Your last statement is also correct. Pirates use what they call Loaders, to circumvent the Activation system.

Roy

Do loaders ever show up in malware scans (msse, malwarebytes, etc)? If not, any thoughts as to why not?

 

[torchwood]

Hi TNS,
No they dont show up in AV scans, even Avast's PreBoot.
The definition is that they are loaded upon BOOT, but not as standard .exe's, they use DOS commands before hand, ie pre windows loading.

Roy

 

[tns1]

If there were some foolproof method to evade virus scanners, don't you think every virus would be using it? This clearly is not the case. It is more believable that the scanners are just not targeting these loaders/hacks. Got to wonder about that.