locked
activated windows 7 pro, but I keep receiving not genuine popup RRS feed

  • Question

  • I've been enduring this for over a month (not enough time to troubleshoot this really).

    After some malware cleanup, my windows seems to be corrupted and I keep receiving a popup saying my windows is not Genuine.

    It's a Dell Pc with an OEM license. Before I call Microsoft, I would like to attempt fixing this problem.

    Here is my WGA diag report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-FXPMT-QBY4W-XQPQP
    Windows Product Key Hash: YLN1grJ67kurKkmTVv1FBR2Dgu0=
    Windows Product ID: 00371-OEM-9307556-68500
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {EAAF4052-1A6D-4C33-98C1-0CAA1B847622}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.110622-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Visio Standard 2003 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{EAAF4052-1A6D-4C33-98C1-0CAA1B847622}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XQPQP</PKey><PID>00371-OEM-9307556-68500</PID><PIDType>8</PIDType><SID>S-1-5-21-2468002021-1565611871-1121760091</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 980                 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20100911000000.000000+000</Date></BIOS><HWID>D5CF3507018400FC</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>B11K   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90530409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Standard 2003</Name><Ver>11</Ver><Val>B941F251107F500</Val><Hash>7LZ3zVFS7Ae2Nr/tRqtUCzci3DU=</Hash><Pid>72090-640-5383844-55576</Pid><PidType>14</PidType></Product></Products><Applications><App Id="53" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-075-568500-02-4105-7600.0000-2922012
    Installation ID: 009783256143671551062445167995905700090672018095262035
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: XQPQP
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 19/10/2012 11:42:50 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 10:14:2012 22:26
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: LgAAAAIAAAABAAIAAQABAAAAAQABAAEA6GHUHnhGdxak/6bMhFXSjUTbSqdcXQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            DELL          B11K   
      FACP            DELL          B11K   
      HPET            DELL          B11K   
      BOOT            DELL          B11K   
      MCFG            DELL          B11K   
      SSDT            DELL        st_ex
      ASF!            DELL          B11K   
      TCPA            DELL          B11K   
      ____            DELL          B11K   
      SLIC            DELL          B11K   
      SSDT            DELL        st_ex

    Friday, October 19, 2012 3:45 PM

Answers

  • Ok, fixed the problem.

    I used the following software: Windows repair all-in-one from www.tweaking.com (not allowed to insert the link) skipped the 4 first step (optional and tried those already).

    Here is the list I checked (probably too much, but didn't feel like trying all of them one by one).

    -reset registry permissions
    -reset file permissions
    -register system files
    -repair WMI
    -repair internet explorer
    -repair MDAC/MS Jet
    -remove policies set by infections
    -repair windows updates
    -set windows services to default startup
    -repair MSI (Windows Installer)
    -repair windows snipping tool

    After it finished, I did a reboot, and got that windows is not Genuine windows again. I ran the commands you told me earlier (REGSVR32)
    reboot again
    and everything worked fine after that.

    thanks again for your time :D

    Tuesday, October 23, 2012 5:00 PM

All replies

  • Open a Command Prompt window and run the following commands

    REGSVR32  WINTRUST.DLL

    C:\Windows\SysWOW64\regsvr32 C:\Windows\SysWOW64\wintrust.dll

    You should get Success popups after each one.

    reboot, and post another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, October 20, 2012 9:09 AM
    Moderator
  • Ok, I installed SP1, then I ran your command line (replacing SysWOW64 by system32 since I'm running a 32 bits version of windows 7).

    I didn't receive any genuine popup since last friday, so that's a good thing, but I still can't do windows update. There is still something wrong.

    Did a reboot, and here is the new MGA log

    thanks for your time.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-FXPMT-QBY4W-XQPQP
    Windows Product Key Hash: YLN1grJ67kurKkmTVv1FBR2Dgu0=
    Windows Product ID: 00371-OEM-9307556-68500
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {EAAF4052-1A6D-4C33-98C1-0CAA1B847622}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Visio Standard 2003 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{EAAF4052-1A6D-4C33-98C1-0CAA1B847622}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XQPQP</PKey><PID>00371-OEM-9307556-68500</PID><PIDType>8</PIDType><SID>S-1-5-21-2468002021-1565611871-1121760091</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 980                 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20100911000000.000000+000</Date></BIOS><HWID>D5CF3507018400FC</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>B11K   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90530409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Standard 2003</Name><Ver>11</Ver><Val>B941F251107F500</Val><Hash>7LZ3zVFS7Ae2Nr/tRqtUCzci3DU=</Hash><Pid>72090-640-5383844-55576</Pid><PidType>14</PidType></Product></Products><Applications><App Id="53" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-075-568500-02-4105-7600.0000-2922012
    Installation ID: 009783256143671551062445167995905700090672018095262035
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: XQPQP
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 22/10/2012 11:34:01 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 10:21:2012 23:42
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: LgAAAAIAAAABAAIAAQABAAAAAQABAAEA6GHUHnhGdxak/6bMhFXSjUTbSqdcXQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            DELL          B11K   
      FACP            DELL          B11K   
      HPET            DELL          B11K   
      BOOT            DELL          B11K   
      MCFG            DELL          B11K   
      SSDT            DELL        st_ex
      ASF!            DELL          B11K   
      TCPA            DELL          B11K   
      ____            DELL          B11K   
      SLIC            DELL          B11K   
      SSDT            DELL        st_ex

    Monday, October 22, 2012 3:38 PM
  • Still the same :(

    Let's check something before I go into some fairly esoteric fixes and hunt-and-peck mode.

    Please run the following commands in an Elevated Command Prompt one at a time, and just make a note of the number of files at the end of each listing. (note that they could each take a couple of minutes, but may also be very quick!)

    DIR C:\Windows /AR /S

    DIR C:\Windows\System32 /AR /S

    DIR C:\Windows\winsxs /AR /S

    DIR C:\Windows\ServiceProfiles /AR /S

    DIR C:\Windows\SoftwareDistribution /AR /S


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, October 22, 2012 3:55 PM
    Moderator
  • There you go:

    DIR C:\Windows /AR /S
    1965 files
    182 dir

    DIR C:\Windows\System32 /AR /S
    32 files
    29 dir

    DIR C:\Windows\winsxs /AR /S
    I get the following message in the command prompt:
    Volume in C: drive is OS
    Volume serial number is B827-CDDF
    File Not found

    So, I looked at the folder manually and there is 2 files and 9705 dir

    DIR C:\Windows\ServiceProfiles /AR /S
    0 file
    66 dir

    DIR C:\Windows\SoftwareDistribution /AR /S
    save message as the winsxs folder, 1 file 8 dir

    Monday, October 22, 2012 5:18 PM
  • This almost identical to another machine I'm helping with elsewhere - I'd love to find out if thre's anything in common between the two.....

    Please open MSINFO32 and use File Save to produce a report, then upload the file to your public SkyDrive and post a link.

    Please open an Elevated Command Prompt, and run the following command - it will create a file on the desktop  (flist.txt).
    please upload that to your skydrive as well.

    DIR C:\Windows /AR /S >%userprofile%\desktop\flist.txt


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, October 22, 2012 6:00 PM
    Moderator
  • Never mind -  I have discovered why there are such a large number of files:)

    The vast majority are in the C:\Windows\Installer tree - on my main system
    that amounts to 2257 files out of 2279!

    I wish I'd checked before, now :)

    I'll have a tink and get back to you.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, October 22, 2012 7:23 PM
    Moderator
  • Ok, fixed the problem.

    I used the following software: Windows repair all-in-one from www.tweaking.com (not allowed to insert the link) skipped the 4 first step (optional and tried those already).

    Here is the list I checked (probably too much, but didn't feel like trying all of them one by one).

    -reset registry permissions
    -reset file permissions
    -register system files
    -repair WMI
    -repair internet explorer
    -repair MDAC/MS Jet
    -remove policies set by infections
    -repair windows updates
    -set windows services to default startup
    -repair MSI (Windows Installer)
    -repair windows snipping tool

    After it finished, I did a reboot, and got that windows is not Genuine windows again. I ran the commands you told me earlier (REGSVR32)
    reboot again
    and everything worked fine after that.

    thanks again for your time :D

    Tuesday, October 23, 2012 5:00 PM
  • Odd that you weren't allowed to insert the link - I did so a couple of weeks back with no problems!

    Thank you VERY much for your feedback! and good luck.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, October 23, 2012 6:22 PM
    Moderator