Remove From My Forums

Windows 7 Suddenly not genuine?!

Question
0

Sign in to vote

I am aware that there are lots of threads like this one, but it doesn't seem i can get any help from those. So my windows suddenly decided it wasn't genuine, after i deleted a certain file that AVG found as a Rootkit virus. It required me to delete it as a power user, after a computer restart.

("";"C:\Windows\system32\DRIVERS\oem-drv64.sys";"Inline hook xNtKrnl.exe MmGetPhysicalAddress -> oem-drv64.sys +0x33D4";"Moved to Virus Vault")
I don't know if it has anything to do with my copy of windows, but my windows 7 ultimate came preinstalled on my Dell n5110, and i've used it for quite a while before it said it wasn't genuine. I've also had a few problems with my windows, i changed the language from Russian to English and it still had a few text strings in Russian.
I've moved to another country with my laptop and i don't have anything left from my laptop box or windows here. Any help would be apreciated. To save some hassle here's the windows diagnostic log:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-X92GV-V7DCV-P4K27
Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s=
Windows Product ID: 00426-OEM-8992662-00400
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {A3821426-AC8B-4769-BD57-D2EB6DCE49F4}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3821426-AC8B-4769-BD57-D2EB6DCE49F4}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-428499284-2600081663-3270327660</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron N5110</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="6"/><Date>20110526000000.000000+000</Date></BIOS><HWID>9C993307018400FE</HWID><UserLCID>0809</UserLCID><SystemLCID>0419</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65094</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600400-02-1049-7601.0000-2202011
Installation ID: 010702648541901441520954186440484496133740897410620350
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: P4K27
License Status: Notification
Notification Reason: 0xC004F057.
Remaining Windows rearm count: 3
Trusted time: 13/09/2011 16:59:27

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004C533
HealthStatus: 0x0000000000000000
Event Time Stamp: 9:13:2011 16:03
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NAAAAAEAAQABAAIAAAACAAAABAABAAEA6GGynAr1Bobq9ZzGCqe8xK/Mxp7QVMbyFAsucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name    OEMID Value    OEMTableID Value
APIC            DELL        WN09
FACP            DELL        WN09
HPET            DELL        WN09
MCFG            DELL        WN09
SSDT            TrmRef        PtidDevc
SSDT            TrmRef        PtidDevc
SSDT            TrmRef        PtidDevc
SSDT            TrmRef        PtidDevc
SSDT            TrmRef        PtidDevc
OSFR            DELL         M08

Tuesday, September 13, 2011 3:59 PM

Answers

0

Sign in to vote
Reactivate using the COA Product Key printed on the sticker affixed to your computer (it may be in the battery compartment of a recent laptop).

Click Start and type "slui.exe 3" and hit Enter. Follow the instructions.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
- Marked as answer by Darin Smith MS Tuesday, September 13, 2011 6:04 PM
Tuesday, September 13, 2011 5:31 PM

Answerer

All replies

0

Sign in to vote

Download and install Dell Inspiron N5110 System BIOS Update Version A07 and then restart your computer.
Carey Frisch

Tuesday, September 13, 2011 4:17 PM

Moderator
0

Sign in to vote

Download and install Dell Inspiron N5110 System BIOS Update Version A07 and then restart your computer.
Carey Frisch
Done that, still says it's not genuine
Thanks, Sergiu.

Tuesday, September 13, 2011 4:57 PM
0

Sign in to vote
Reactivate using the COA Product Key printed on the sticker affixed to your computer (it may be in the battery compartment of a recent laptop).

Click Start and type "slui.exe 3" and hit Enter. Follow the instructions.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
- Marked as answer by Darin Smith MS Tuesday, September 13, 2011 6:04 PM
Tuesday, September 13, 2011 5:31 PM

Answerer
0

Sign in to vote

"sergiuung" wrote in message news:0759a176-f7c4-45de-9a2b-e3bc6f8fea4f...

I am aware that there are lots of threads like this one, but it doesn't seem i can get any help from those. So my windows suddenly decided it wasn't genuine, after i deleted a certain file that AVG found as a Rootkit virus. It required me to delete it as a power user, after a computer restart.

("";"C:\Windows\system32\DRIVERS\oem-drv64.sys";"Inline hook xNtKrnl.exe MmGetPhysicalAddress -> oem-drv64.sys +0x33D4";"Moved to Virus Vault")
I don't know if it has anything to do with my copy of windows, but my windows 7 ultimate came preinstalled on my Dell n5110, and i've used it for quite a while before it said it wasn't genuine. I've also had a few problems with my windows, i changed the language from Russian to English and it still had a few text strings in Russian.
I've moved to another country with my laptop and i don't have anything left from my laptop box or windows here. Any help would be apreciated. To save some hassle here's the windows diagnostic log:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-X92GV-V7DCV-P4K27
Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s=
Windows Product ID: 00426-OEM-8992662-00400
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3821426-AC8B-4769-BD57-D2EB6DCE49F4}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-428499284-2600081663-3270327660</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron N5110</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="6"/><Date>20110526000000.000000+000</Date></BIOS><HWID>9C993307018400FE</HWID><UserLCID>0809</UserLCID><SystemLCID>0419</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table

A quick search shows that the file removed is possibly part of a hack tool to circumvent licensing requirements.

For which edition of Windows is your computer licensed, according to the COA sticker on the case?

If it’s for Windows 7 Ultimate, then use the COA Key to activate – if it’s any other edition, then you will need either to purchase a new legitimate license for Ultimate, or revert back tot eh pre-installed OS using Dell’s recovery disks or partition.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, September 14, 2011 7:16 AM

Moderator
0

Sign in to vote
I will have a look. I'm not sure which one is the COA key tho, and some of the codes are partially covered by the computer's plastic shell, so i think i'll have to take it off.

Thanks, Sergiu.
- Edited by sergiuung Wednesday, September 14, 2011 3:50 PM
Wednesday, September 14, 2011 3:49 PM
1

Sign in to vote

The COA is the 25 character string printed on an orange sticker on the bottom of a laptop or inside the battery compartment. It is NOT under the main cover. It might be under the battery compartment cover but do not disassemble anything else. It should be obvious when you see it.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

Wednesday, September 14, 2011 4:38 PM

Answerer
1

Sign in to vote

Found it! It works! Thanks everyone!!
Thanks, Sergiu.

Thursday, September 15, 2011 9:22 PM
0

Sign in to vote

You're welcome.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

Thursday, September 15, 2011 9:47 PM

Answerer

Answered by:

Windows 7 Suddenly not genuine?!

Question

Answers

All replies