locked
I'm frequently getting notified of widows7 not being genuine. what should I do? RRS feed

  • Question

  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-KHGCQ-7DDY6-TF7CD
    Windows Product Key Hash: YTcSHmTpekJgEHsEqFbudB5IfdE=
    Windows Product ID: 00426-OEM-8992662-00015
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {0BDC392F-B43F-4893-A63B-5E5A28EBEC52}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 103 Blocked VLK
    Microsoft Office Professional Plus 2007 - 103 Blocked VLK
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16384], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16384], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{0BDC392F-B43F-4893-A63B-5E5A28EBEC52}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-TF7CD</PKey><PID>00426-OEM-8992662-00015</PID><PIDType>2</PIDType><SID>S-1-5-21-545268622-1551009658-526275922</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>3259B69</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>H0ET35WW (1.17 )</Version><SMBIOSVersion major="2" minor="7"/><Date>20120725000000.000000+000</Date></BIOS><HWID>95223F07018400FE</HWID><UserLCID>4009</UserLCID><SystemLCID>0804</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-H0   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>84B9C24ED082586</Val><Hash>tyiZ/dcb+zqWe0jHG65uncl8TX8=</Hash><Pid>89409-707-0366501-65272</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600015-02-2052-7601.0000-2442012
    Installation ID: 013261368301378191729995513463286886783950469234884595
    Partial Product Key: TF7CD
    License Status: Licensed

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C533
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:21:2012 06:26
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAgABAAEAAAABAAAAAgABAAEAJJQK61D5HC8wIOCOxLc+/eSlPFoucw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC LENOVO TP-H0   
      FACP LENOVO TP-H0   
      HPET LENOVO TP-H0   
      MCFG LENOVO TP-H0   
      SLIC LENOVO TP-H0   
      SSDT LENOVO SataAhci
      SSDT LENOVO SataAhci
      FPDT LENOVO TP-H0   
      ASF! LENOVO TP-H0   
      SSDT LENOVO SataAhci
      SSDT LENOVO SataAhci
      UEFI LENOVO TP-H0   
      UEFI LENOVO TP-H0   
      POAT LENOVO TP-H0   
      UEFI LENOVO TP-H0   

    Monday, January 21, 2013 4:52 AM

Answers

  • Your installation is counterfeit.

    You have a Samsung OEM_SLP Key on a Lenovo computer, that is showing as having been activated - this simply cannot happen without a hacker's Activation Exploit being present.

    You are showing signs of the presence of RemoveWAT - an hacker's tool to circumvent activation and validation.

     

     Best way to fix it now (since we don't know which version of RemoveWAT was used) is to run WATFix....

     

    Download WATFix - make sure that you UNTICK the box for the 'download manager, and click on the link on the left of the page, not the big shiny button on the right (which is an ad for the download manager!!) - and use that - extraxt the .exe file, and run it, then reboot.

     

     Post back with another MGADiag report, and we'll then see what we can do.

    For what version and edition of Windows is the computer licensed, according to the COA sticker on the case??


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, January 21, 2013 11:04 AM
    Moderator