Answered by:
activated windows 7 pro, but I keep receiving not genuine popup

Question
-
I've been enduring this for over a month (not enough time to troubleshoot this really).
After some malware cleanup, my windows seems to be corrupted and I keep receiving a popup saying my windows is not Genuine.
It's a Dell Pc with an OEM license. Before I call Microsoft, I would like to attempt fixing this problem.
Here is my WGA diag report:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-FXPMT-QBY4W-XQPQP
Windows Product Key Hash: YLN1grJ67kurKkmTVv1FBR2Dgu0=
Windows Product ID: 00371-OEM-9307556-68500
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {EAAF4052-1A6D-4C33-98C1-0CAA1B847622}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.110622-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Visio Standard 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EAAF4052-1A6D-4C33-98C1-0CAA1B847622}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XQPQP</PKey><PID>00371-OEM-9307556-68500</PID><PIDType>8</PIDType><SID>S-1-5-21-2468002021-1565611871-1121760091</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 980 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20100911000000.000000+000</Date></BIOS><HWID>D5CF3507018400FC</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B11K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90530409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Standard 2003</Name><Ver>11</Ver><Val>B941F251107F500</Val><Hash>7LZ3zVFS7Ae2Nr/tRqtUCzci3DU=</Hash><Pid>72090-640-5383844-55576</Pid><PidType>14</PidType></Product></Products><Applications><App Id="53" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
Activation ID: da22eadd-46dc-4056-a287-f5041c852470
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00186-075-568500-02-4105-7600.0000-2922012
Installation ID: 009783256143671551062445167995905700090672018095262035
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XQPQP
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 19/10/2012 11:42:50 AM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000003EFFF
Event Time Stamp: 10:14:2012 22:26
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\wat\watadminsvc.exe
Tampered File: %systemroot%\system32\wat\watweb.dll
Tampered File: %systemroot%\system32\wat\npwatweb.dll
Tampered File: %systemroot%\system32\wat\watux.exe
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
Tampered File: %systemroot%\system32\drivers\spldr.sys
HWID Data-->
HWID Hash Current: LgAAAAIAAAABAAIAAQABAAAAAQABAAEA6GHUHnhGdxak/6bMhFXSjUTbSqdcXQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B11K
FACP DELL B11K
HPET DELL B11K
BOOT DELL B11K
MCFG DELL B11K
SSDT DELL st_ex
ASF! DELL B11K
TCPA DELL B11K
____ DELL B11K
SLIC DELL B11K
SSDT DELL st_ex
Friday, October 19, 2012 3:45 PM
Answers
-
Ok, fixed the problem.
I used the following software: Windows repair all-in-one from www.tweaking.com (not allowed to insert the link) skipped the 4 first step (optional and tried those already).
Here is the list I checked (probably too much, but didn't feel like trying all of them one by one).
-reset registry permissions
-reset file permissions
-register system files
-repair WMI
-repair internet explorer
-repair MDAC/MS Jet
-remove policies set by infections
-repair windows updates
-set windows services to default startup
-repair MSI (Windows Installer)
-repair windows snipping toolAfter it finished, I did a reboot, and got that windows is not Genuine windows again. I ran the commands you told me earlier (REGSVR32)
reboot again
and everything worked fine after that.
thanks again for your time :D- Proposed as answer by Noel D PatonModerator Friday, October 26, 2012 10:59 AM
- Marked as answer by Noel D PatonModerator Friday, November 2, 2012 11:30 AM
Tuesday, October 23, 2012 5:00 PM
All replies
-
Open a Command Prompt window and run the following commands
REGSVR32 WINTRUST.DLL
C:\Windows\SysWOW64\regsvr32 C:\Windows\SysWOW64\wintrust.dll
You should get Success popups after each one.
reboot, and post another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Saturday, October 20, 2012 9:09 AMModerator -
Ok, I installed SP1, then I ran your command line (replacing SysWOW64 by system32 since I'm running a 32 bits version of windows 7).
I didn't receive any genuine popup since last friday, so that's a good thing, but I still can't do windows update. There is still something wrong.
Did a reboot, and here is the new MGA log
thanks for your time.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-FXPMT-QBY4W-XQPQP
Windows Product Key Hash: YLN1grJ67kurKkmTVv1FBR2Dgu0=
Windows Product ID: 00371-OEM-9307556-68500
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {EAAF4052-1A6D-4C33-98C1-0CAA1B847622}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Visio Standard 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EAAF4052-1A6D-4C33-98C1-0CAA1B847622}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XQPQP</PKey><PID>00371-OEM-9307556-68500</PID><PIDType>8</PIDType><SID>S-1-5-21-2468002021-1565611871-1121760091</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 980 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20100911000000.000000+000</Date></BIOS><HWID>D5CF3507018400FC</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B11K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90530409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Standard 2003</Name><Ver>11</Ver><Val>B941F251107F500</Val><Hash>7LZ3zVFS7Ae2Nr/tRqtUCzci3DU=</Hash><Pid>72090-640-5383844-55576</Pid><PidType>14</PidType></Product></Products><Applications><App Id="53" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
Activation ID: da22eadd-46dc-4056-a287-f5041c852470
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00186-075-568500-02-4105-7600.0000-2922012
Installation ID: 009783256143671551062445167995905700090672018095262035
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XQPQP
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 22/10/2012 11:34:01 AM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000003EFFF
Event Time Stamp: 10:21:2012 23:42
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\wat\watadminsvc.exe
Tampered File: %systemroot%\system32\wat\watweb.dll
Tampered File: %systemroot%\system32\wat\npwatweb.dll
Tampered File: %systemroot%\system32\wat\watux.exe
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
Tampered File: %systemroot%\system32\drivers\spldr.sys
HWID Data-->
HWID Hash Current: LgAAAAIAAAABAAIAAQABAAAAAQABAAEA6GHUHnhGdxak/6bMhFXSjUTbSqdcXQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B11K
FACP DELL B11K
HPET DELL B11K
BOOT DELL B11K
MCFG DELL B11K
SSDT DELL st_ex
ASF! DELL B11K
TCPA DELL B11K
____ DELL B11K
SLIC DELL B11K
SSDT DELL st_ex
Monday, October 22, 2012 3:38 PM -
Still the same :(
Let's check something before I go into some fairly esoteric fixes and hunt-and-peck mode.
Please run the following commands in an Elevated Command Prompt one at a time, and just make a note of the number of files at the end of each listing. (note that they could each take a couple of minutes, but may also be very quick!)
DIR C:\Windows /AR /S
DIR C:\Windows\System32 /AR /S
DIR C:\Windows\winsxs /AR /S
DIR C:\Windows\ServiceProfiles /AR /S
DIR C:\Windows\SoftwareDistribution /AR /S
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, October 22, 2012 3:55 PMModerator -
There you go:
DIR C:\Windows /AR /S
1965 files
182 dirDIR C:\Windows\System32 /AR /S
32 files
29 dirDIR C:\Windows\winsxs /AR /S
I get the following message in the command prompt:
Volume in C: drive is OS
Volume serial number is B827-CDDF
File Not foundSo, I looked at the folder manually and there is 2 files and 9705 dir
DIR C:\Windows\ServiceProfiles /AR /S
0 file
66 dirDIR C:\Windows\SoftwareDistribution /AR /S
save message as the winsxs folder, 1 file 8 dirMonday, October 22, 2012 5:18 PM -
This almost identical to another machine I'm helping with elsewhere - I'd love to find out if thre's anything in common between the two.....
Please open MSINFO32 and use File Save to produce a report, then upload the file to your public SkyDrive and post a link.
Please open an Elevated Command Prompt, and run the following command - it will create a file on the desktop (flist.txt).
please upload that to your skydrive as well.
DIR C:\Windows /AR /S >%userprofile%\desktop\flist.txtNoel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, October 22, 2012 6:00 PMModerator -
Never mind - I have discovered why there are such a large number of files:)
The vast majority are in the C:\Windows\Installer tree - on my main system
that amounts to 2257 files out of 2279!I wish I'd checked before, now :)
I'll have a tink and get back to you.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, October 22, 2012 7:23 PMModerator -
Ok, fixed the problem.
I used the following software: Windows repair all-in-one from www.tweaking.com (not allowed to insert the link) skipped the 4 first step (optional and tried those already).
Here is the list I checked (probably too much, but didn't feel like trying all of them one by one).
-reset registry permissions
-reset file permissions
-register system files
-repair WMI
-repair internet explorer
-repair MDAC/MS Jet
-remove policies set by infections
-repair windows updates
-set windows services to default startup
-repair MSI (Windows Installer)
-repair windows snipping toolAfter it finished, I did a reboot, and got that windows is not Genuine windows again. I ran the commands you told me earlier (REGSVR32)
reboot again
and everything worked fine after that.
thanks again for your time :D- Proposed as answer by Noel D PatonModerator Friday, October 26, 2012 10:59 AM
- Marked as answer by Noel D PatonModerator Friday, November 2, 2012 11:30 AM
Tuesday, October 23, 2012 5:00 PM -
Odd that you weren't allowed to insert the link - I did so a couple of weeks back with no problems!
Thank you VERY much for your feedback! and good luck.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Tuesday, October 23, 2012 6:22 PMModerator