locked
Windows 7 not genuine Error RRS feed

  • Question

  • Hi,

    I'm having suddenly problems with Windows 7, saying that it's not genuine. Additionally, Office package says also that it can't "verify the licence of this product".

    It's a Dell Latitude 6320 Laptop, and was received from Dell with this Windows 7 installation. No major hardware or software changes were made recently.

    Windows activation is not available, if I run "slui.exe 4" I get error code 0x80070005.

    I have also been running CHKDSK and SFC, and no errors where detected.   

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x80070005
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: ftp=192.168.0.210:81;gopher=;http=192.168.0.210:80;https=192.168.0.210:81;socks=192.168.0.210:1080
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-47747328-3537192400-3719232431</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6320</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A18</Version><SMBIOSVersion major="2" minor="6"/><Date>20130628000000.000000+000</Date></BIOS><HWID>D5CB3907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text.
    Error: 0x46

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:19:2013 12:34
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NgAAAAEAAAABAAEAAgADAAAABAABAAEA6GHcKnvZHKxoQ9azrL4s4ia0J5TAHw6L6AOSvi5z

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    CBX3  
      FACP   DELL    CBX3  
      HPET   A M I    PCHHPET
      BOOT   DELL    CBX3   
      MCFG   DELL    SNDYBRDG
      TCPA     
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      DMAR   INTEL   SNB
      SLIC   DELL    CBX3  

    Tuesday, November 26, 2013 1:31 PM

Answers

  • It's possible - and would be the next thing to try after this.

    Please attempt a System Restore back to before the 22/11/13  - with luck this will replace the file and correct registry entries associated with it.

    If that fails, then rename the file to NTUSER.OLD and reboot - Windows should sort itself out a new copy :)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, December 2, 2013 4:27 PM
    Moderator

All replies

  • Open an Elevated Command Prompt, and run the following commands

    sc sdshow plugplay
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18" /S
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19" /S
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20" /S

    Copy and paste the results to your reply

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, November 26, 2013 6:14 PM
    Moderator
  • Thanks Noel!

    This is the result of the query:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\wolfgang.voit>sc sdshow plugplay

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
    RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    C:\Users\wolfgang.voit> REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
     NT\CurrentVersion\ProfileList\S-1-5-18" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-18
        Flags    REG_DWORD    0xc
        State    REG_DWORD    0x0
        RefCount    REG_DWORD    0x1
        Sid    REG_BINARY    010100000000000512000000
        ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprof
    ile


    C:\Users\wolfgang.voit> REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
     NT\CurrentVersion\ProfileList\S-1-5-19" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-19
        ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService

        Flags    REG_DWORD    0x0
        State    REG_DWORD    0x0


    C:\Users\wolfgang.voit> REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
     NT\CurrentVersion\ProfileList\S-1-5-20" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-20
        ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkServi
    ce
        Flags    REG_DWORD    0x0
        State    REG_DWORD    0x0

    I have a few more profiles in the profile list, that should be the query for the one that I'm using:

    C:\Users\wolfgang.voit>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\ProfileList\S-1-5-21-15498824-2062722521-1763149965-2295" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-21-15498824-2062722521-1763149965-2295
        ProfileImagePath    REG_EXPAND_SZ    C:\Users\wolfgang.voit
        Flags    REG_DWORD    0x0
        State    REG_DWORD    0x100
        Sid    REG_BINARY    010500000000000515000000487EEC00D9A5F27A8D881769F708000
    0
        Guid    REG_SZ    {6233de99-97e9-4bef-a88d-4bf90a3780b1}
        ProfileLoadTimeLow    REG_DWORD    0x0
        ProfileLoadTimeHigh    REG_DWORD    0x0
        RefCount    REG_DWORD    0x1
        RunLogonScriptSync    REG_DWORD    0x0
        NextLogonCacheable    REG_DWORD    0x0


    Tuesday, November 26, 2013 7:50 PM
  • Those results are all normal.

    That eliminates the 'usual' causes (missing service profiles, or bad service permissions)

       Please run the following command from an Elevated Command Prompt window(1)

    Copy and paste set of commands below into the window – once completed, hit the Enter Key to ensure that the last command has run (2)

    REG QUERY HKU

    REG QUERY HKU\S-1-5-20

    REG QUERY HKU\S-1-5-20\Environment

    REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"

    Copy the whole output to your response(3)   


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, November 26, 2013 8:54 PM
    Moderator
  • Here is the result of these commands:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\wolfgang.voit>REG QUERY HKU

    HKEY_USERS\.DEFAULT
    HKEY_USERS\S-1-5-19
    HKEY_USERS\S-1-5-21-15498824-2062722521-1763149965-2295
    HKEY_USERS\S-1-5-21-15498824-2062722521-1763149965-2295_Classes
    HKEY_USERS\S-1-5-18

    C:\Users\wolfgang.voit>
    C:\Users\wolfgang.voit>REG QUERY HKU\S-1-5-20
    ERROR: The system was unable to find the specified registry key or value.

    C:\Users\wolfgang.voit>
    C:\Users\wolfgang.voit>REG QUERY HKU\S-1-5-20\Environment
    ERROR: The system was unable to find the specified registry key or value.

    C:\Users\wolfgang.voit>
    C:\Users\wolfgang.voit>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVers
    ion\ProfileList"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
        ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
        Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
        Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
        ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-18
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-19
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-20
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-21-15498824-2062722521-1763149965-2295
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-21-15498824-2062722521-1763149965-4636
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-21-1993962763-436374069-839522115-1234
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-21-1993962763-436374069-839522115-2111
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-21-47747328-3537192400-3719232431-500

    C:\Users\wolfgang.voit>

    Tuesday, November 26, 2013 9:27 PM
  • That explains it then -- the NetworkService profile isn't being loaded.

    Now we have to work out why.

    Please run the following commands and post the results.

    DIR C:\Windows\ServiceProfiles\NetworkService

    ATTRIB C:\Windows\ServiceProfiles\NetworkService

    ICACLS C:\Windows\ServiceProfiles\NetworkService

    ICACLS C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

    ATTRIB C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, November 26, 2013 9:56 PM
    Moderator
  • I got following results:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\wolfgang.voit>DIR C:\Windows\ServiceProfiles\NetworkService
     Volume in drive C is OS
     Volume Serial Number is E2F8-306A

     Directory of C:\Windows\ServiceProfiles\NetworkService

    03/16/2012  10:37 AM    <DIR>          .
    03/16/2012  10:37 AM    <DIR>          ..
    07/14/2009  05:34 AM    <DIR>          Desktop
    07/14/2009  05:34 AM    <DIR>          Documents
    07/14/2009  05:34 AM    <DIR>          Downloads
    07/14/2009  05:34 AM    <DIR>          Favorites
    07/14/2009  05:34 AM    <DIR>          Links
    07/14/2009  05:34 AM    <DIR>          Music
    07/14/2009  05:34 AM    <DIR>          Pictures
    07/14/2009  05:34 AM    <DIR>          Saved Games
    07/14/2009  05:34 AM    <DIR>          Videos
                   0 File(s)              0 bytes
                  11 Dir(s)   2,044,395,520 bytes free

    C:\Users\wolfgang.voit>
    C:\Users\wolfgang.voit>ATTRIB C:\Windows\ServiceProfiles\NetworkService
                 C:\Windows\ServiceProfiles\NetworkService

    C:\Users\wolfgang.voit>
    C:\Users\wolfgang.voit>ICACLS C:\Windows\ServiceProfiles\NetworkService
    C:\Windows\ServiceProfiles\NetworkService NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                              BUILTIN\Administrators:(OI)(CI)(F)
                                              NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(
    F)

    Successfully processed 1 files; Failed processing 0 files

    C:\Users\wolfgang.voit>
    C:\Users\wolfgang.voit>ICACLS C:\Windows\ServiceProfiles\NetworkService\NTUSER.D
    AT
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT NT AUTHORITY\SYSTEM:(I)(F)
                                                         BUILTIN\Administrators:(I)(
    F)
                                                         NT AUTHORITY\NETWORK SERVIC
    E:(I)(F)

    Successfully processed 1 files; Failed processing 0 files

    C:\Users\wolfgang.voit>
    C:\Users\wolfgang.voit>ATTRIB C:\Windows\ServiceProfiles\NetworkService\NTUSER.D
    AT
    A  SH   I    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

    C:\Users\wolfgang.voit>

    Tuesday, November 26, 2013 10:30 PM
  • I'm not sure whether the NTUSER.DAT file should have the System Attribute - my main system doesn't, but my VM does :)

    Please run the following command - which should allow us to see the date and size of the files

    DIR C:\Windows\ServiceProfiles\NetworkService /AH


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, November 26, 2013 11:00 PM
    Moderator
  • I get following response: (BTW, I don't know if it could be related, but 11/22/2013 might have been the date when the problems started...)

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\wolfgang.voit>DIR C:\Windows\ServiceProfiles\NetworkService /AH
     Volume in drive C is OS
     Volume Serial Number is E2F8-306A

     Directory of C:\Windows\ServiceProfiles\NetworkService

    04/03/2011  04:47 AM    <DIR>          AppData
    11/22/2013  06:12 PM           262,144 NTUSER.DAT
    07/14/2009  08:18 AM             1,024 NTUSER.DAT.LOG
    11/22/2013  06:12 PM           226,304 NTUSER.DAT.LOG1
    07/14/2009  05:34 AM                 0 NTUSER.DAT.LOG2
    09/08/2011  09:24 AM            65,536 NTUSER.DAT{24dda9dc-d9f0-11e0-a24a-806e6f
    6e6963}.TM.blf
    09/08/2011  09:24 AM           524,288 NTUSER.DAT{24dda9dc-d9f0-11e0-a24a-806e6f
    6e6963}.TMContainer00000000000000000001.regtrans-ms
    09/08/2011  09:24 AM           524,288 NTUSER.DAT{24dda9dc-d9f0-11e0-a24a-806e6f
    6e6963}.TMContainer00000000000000000002.regtrans-ms
    07/14/2009  05:47 AM            65,536 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0b
    cd1824}.TM.blf
    07/14/2009  05:47 AM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0b
    cd1824}.TMContainer00000000000000000001.regtrans-ms
    07/14/2009  05:47 AM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0b
    cd1824}.TMContainer00000000000000000002.regtrans-ms
    03/15/2012  03:26 PM            65,536 NTUSER.DAT{6d41bd1f-6e96-11e1-a492-1c659d
    f79ae6}.TM.blf
    03/15/2012  03:26 PM           524,288 NTUSER.DAT{6d41bd1f-6e96-11e1-a492-1c659d
    f79ae6}.TMContainer00000000000000000001.regtrans-ms
    03/15/2012  03:26 PM           524,288 NTUSER.DAT{6d41bd1f-6e96-11e1-a492-1c659d
    f79ae6}.TMContainer00000000000000000002.regtrans-ms
    03/16/2012  06:05 PM            65,536 NTUSER.DAT{c1f140a4-6f47-11e1-b9db-1c659d
    f79ae6}.TM.blf
    03/16/2012  06:05 PM           524,288 NTUSER.DAT{c1f140a4-6f47-11e1-b9db-1c659d
    f79ae6}.TMContainer00000000000000000001.regtrans-ms
    03/16/2012  06:05 PM           524,288 NTUSER.DAT{c1f140a4-6f47-11e1-b9db-1c659d
    f79ae6}.TMContainer00000000000000000002.regtrans-ms
                  16 File(s)      4,945,920 bytes
                   1 Dir(s)   2,037,395,456 bytes free

    C:\Users\wolfgang.voit>

    Tuesday, November 26, 2013 11:36 PM
  • So the file is present, but for whatever reason, is not being loaded into the registry. Its permissions are apparently correct, and it's not marked as 'read-only'. The proper registry entries are there for it to be loaded.

    It's a long time since I saw a similar error, and if I remember right that was in Vista - I'll have to trawl through my records and see if I can find the relevant threads.

    Back later - shout if you don't hear from me by Friday!


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, November 27, 2013 7:45 AM
    Moderator
  • Thanks a lot for you help so far, Noel!

    I have already started to back up all my data, in case the only way is to re-install Windows... But of course it would be nice if you can find some solution to it, would save me a lot of work and trouble :)

    Wednesday, November 27, 2013 7:09 PM
  • Finally found it :) - it was in the Vista forum, but a lot further back than I thought - Feb 2012.

    Please open an Elevated Command Prompt, and run the following commands.

    REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist

    reg load HKU\Test "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"

    reg query hku\test\environment

    reg unload HKU\Test

    with any luck, that'll isolate the problem.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, November 29, 2013 9:00 PM
    Moderator
  • JUst for grins - here's the thread I was referring to... http://social.microsoft.com/Forums/pl-PL/b4c34d7a-ae6d-4c68-9410-441f2d002964/error-0x80070426

    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, November 29, 2013 9:01 PM
    Moderator
  • Sorry for the late reply, I had been ill during the weekend...

    This is the response on the commands:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\>REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
        \REGISTRY\MACHINE\HARDWARE    REG_SZ
        \REGISTRY\MACHINE\BCD00000000    REG_SZ    \Device\HarddiskVolume2\Boot\BCD
        \REGISTRY\MACHINE\SYSTEM    REG_SZ    \Device\HarddiskVolume3\Windows\System
    32\config\SYSTEM
        \REGISTRY\MACHINE\SOFTWARE    REG_SZ    \Device\HarddiskVolume3\Windows\Syst
    em32\config\SOFTWARE
        \REGISTRY\USER\.DEFAULT    REG_SZ    \Device\HarddiskVolume3\Windows\System3
    2\config\DEFAULT
        \REGISTRY\MACHINE\SECURITY    REG_SZ    \Device\HarddiskVolume3\Windows\Syst
    em32\config\SECURITY
        \REGISTRY\MACHINE\SAM    REG_SZ    \Device\HarddiskVolume3\Windows\System32\
    config\SAM
        \REGISTRY\USER\S-1-5-19    REG_SZ    \Device\HarddiskVolume3\Windows\Service
    Profiles\LocalService\NTUSER.DAT
        \Registry\User\S-1-5-21-15498824-2062722521-1763149965-2295    REG_SZ    \De
    vice\HarddiskVolume3\Users\wolfgang.voit\NTUSER.DAT
        \Registry\User\S-1-5-21-15498824-2062722521-1763149965-2295_Classes    REG_S
    Z    \Device\HarddiskVolume3\Users\wolfgang.voit\AppData\Local\Microsoft\Windows
    \UsrClass.dat


    C:\>
    C:\>
    C:\>reg load HKU\Test "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"
    ERROR: The system has attempted to load or restore a file into the registry, but
     the specified file is not in a registry file format.

    C:\>
    C:\>reg query hku\test\environment
    ERROR: The system was unable to find the specified registry key or value.

    C:\>
    C:\>reg unload HKU\Test
    ERROR: The parameter is incorrect.

    C:\>

    I also had a look at the "NTUSER.DAT" in C:\Windows\ServiceProfiles\NetworkService, and the time stamp is still "11/22/2013  06:12 PM" (which possibly might be the time when everything started). So it seems that it is somehow corrupted, as it doesn't update, do I see this right?

    What whould you recommend as the next step (I was browsing through the old post, but I'm not sure if I read everything that was relevant)? Should I rename the NTUSER.DAT and see if it's re-constructed during startup, or should I copy it right away from the Default profile?

              


    • Edited by Wolfgang V Monday, December 2, 2013 11:22 AM
    Monday, December 2, 2013 11:21 AM
  • We've found the cause of the problem at least - the entry for the service is missing from the hivelist key.

    Whether the file is in the proper format or not remains to be seen :)

    I've uploaded a file - NWShivelist.zip - to my SkyDrive at Noel's SkyDrive

    Please download and save it to your desktop.

    Right-click on the saved file and select Extract all...

    Save it to the default location

    This should create a file NWShivelist.reg

     right-click on the file, and select Merge

    Accept the warnings, - you should then get a 'Success' message.

    Close all windows, and reboot twice.

    Run another MGADiag report, and post the results.



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Monday, December 2, 2013 11:54 AM
    Moderator
  • Nope, I don't think it changed anything...

    It seems that the entry in the hivelist key disappeared again after rebooting. But I realized also that you added it with "HarddiskVolume2"; shouldn't it be "HarddiskVolume3" in my case?

    In any case, this is the latest MGADiag report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x80070005
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: ftp=192.168.0.210:81;gopher=;http=192.168.0.210:80;https=192.168.0.210:81;socks=192.168.0.210:1080
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-47747328-3537192400-3719232431</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6320</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A18</Version><SMBIOSVersion major="2" minor="6"/><Date>20130628000000.000000+000</Date></BIOS><HWID>D5CB3907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text.
    Error: 0x46

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:19:2013 12:34
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NgAAAAEAAAABAAEAAgADAAAABAABAAEA6GHcKnvZHKxoQ9azrL4s4ia0J5TAHw6L6AOSvi5z

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    CBX3  
      FACP   DELL    CBX3  
      HPET   A M I    PCHHPET
      BOOT   DELL    CBX3   
      MCFG   DELL    SNDYBRDG
      TCPA     
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      DMAR   INTEL   SNB
      SLIC   DELL    CBX3  

    Monday, December 2, 2013 12:59 PM
  • Ooops!

    well spotted :)

    Yes - I've modified the .reg file to correct this and re-uploaded it as MWShivelist2.zip

    Same procedure, please - it should over-write the old one.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, December 2, 2013 1:42 PM
    Moderator
  • I've tried the modified file now, but it seems that it didn't change anything. The entry is missing again after rebooting the system, and still the same error messages.

    Could it be that the missing entry in the hivelist key is rather a symptom than the cause? Should I try to delete/rename the NTUSER.DAT in the ServiceProfiles>NetworkService, or copy it from the Default profile, in case it might be corrupted?

    Monday, December 2, 2013 3:10 PM
  • It's possible - and would be the next thing to try after this.

    Please attempt a System Restore back to before the 22/11/13  - with luck this will replace the file and correct registry entries associated with it.

    If that fails, then rename the file to NTUSER.OLD and reboot - Windows should sort itself out a new copy :)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, December 2, 2013 4:27 PM
    Moderator
  • Yeah, success! :-) everything seems to be fixed now!

    Obviously the NTUSER.DAT was really corrupted in some way. What I did was renaming the current NTUSER.DAT in C:\Windows\ServiceProfiles\NetworkService to NTUSER.COPY (I did that actually in the Windows Explorer, after un-hiding the protected system files in Tools > Folder Options). After rebooting, Windows created a new copy of NTUSER.DAT, as you said, and the “Windows not genuine” message was gone.

    I saw that the previously missing HKEY_USERS\S-1-5-20 key appeared now, and also the corresponding key in the hivelist was there. However, after the initial reboot I found out that there was still an error when starting Office programs, which was a further symptom that I had since the problems started. So I added (as described in the old post) the missing Network Service to the HKEY_USERS\S-1-5-20 key as a user with Full Control, using Permissions in Regedit. And finally, after an additional reboot everything seems to be working as it should.

    Just out of curiosity: Was the error when starting Office programs really connected to the missing “Network Service” user in the S-1-5-20 key, or would that have fixed itself after a second reboot? Is it important to have Network Service having full control over that key?

    Thanks a lot, Noel, for your help in identifying and fixing the problems! I was really afraid I would have to go through the hassle of re-installing the whole system…

    Tuesday, December 3, 2013 9:33 AM
  • Here is also the latest MGADiag report of the current system, when everything appears to be fine to me:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: ftp=192.168.0.210:81;gopher=;http=192.168.0.210:80;https=192.168.0.210:81;socks=192.168.0.210:1080
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-47747328-3537192400-3719232431</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6320</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A18</Version><SMBIOSVersion major="2" minor="6"/><Date>20130628000000.000000+000</Date></BIOS><HWID>D5CB3907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700524-02-1033-7600.0000-0922011
    Installation ID: 008136990973353750929012191295423154242720747632328103
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 733WD
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 12/3/2013 10:33:59 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:19:2013 12:34
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NgAAAAEAAAABAAEAAgADAAAABAABAAEA6GHcKnvZHKxoQ9azrL4s4ia0J5TAHw6L6AOSvi5z

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    CBX3  
      FACP   DELL    CBX3  
      HPET   A M I    PCHHPET
      BOOT   DELL    CBX3   
      MCFG   DELL    SNDYBRDG
      TCPA     
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      DMAR   INTEL   SNB
      SLIC   DELL    CBX3  

    Tuesday, December 3, 2013 9:39 AM
  • Hmmm - I never noticed the rather odd Proxies you have set up, before (although they've been there all the time)

    Proxy settings: ftp=192.168.0.210:81;gopher=;http=192.168.0.210:80;https=192.168.0.210:81;socks=192.168.0.210:1080
    

    Other than that, the new report looks fine.

    Permissions on the HKU\S-1-5-20 key should include Network Service  - Full and Read

     - otherwise the service can't configure itself as required :)

    This may impact on later Office releases, since they use different activation/validation mechanisms to earlier versions. 


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, December 3, 2013 12:02 PM
    Moderator
  • I think the proxy settings are ok, they are only used when I'm logging into a certain network here, otherwise I'm manually disabling the proxy server anyway.

    By the way, I've never tried to do a System Restore, as there were only some very recent restore points listed (after 22/11/13), and then only the restore point of the original configuration in 2011. Strange though, I thought I've had seen that it was generating restore points earlier...

    But anyway, really good that it worked out with renaming & re-generating the NTUSER.DAT file :-) 

    Thanks again for your help!

    Tuesday, December 3, 2013 12:52 PM
  • You're welcome - good luck!

    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, December 4, 2013 4:29 PM
    Moderator