Remove From My Forums

Windows 7 not genuine Error

Question
0

Sign in to vote

Hi,

I'm having suddenly problems with Windows 7, saying that it's not genuine. Additionally, Office package says also that it can't "verify the licence of this product".

It's a Dell Latitude 6320 Laptop, and was received from Dell with this Windows 7 installation. No major hardware or software changes were made recently.

Windows activation is not available, if I run "slui.exe 4" I get error code 0x80070005.

I have also been running CHKDSK and SFC, and no errors where detected.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: N/A, hr = 0x80070005
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: ftp=192.168.0.210:81;gopher=;http=192.168.0.210:80;https=192.168.0.210:81;socks=192.168.0.210:1080
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-47747328-3537192400-3719232431</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6320</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A18</Version><SMBIOSVersion major="2" minor="6"/><Date>20130628000000.000000+000</Date></BIOS><HWID>D5CB3907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text.
Error: 0x46

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:19:2013 12:34
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NgAAAAEAAAABAAEAAgADAAAABAABAAEA6GHcKnvZHKxoQ9azrL4s4ia0J5TAHw6L6AOSvi5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC   DELL   CBX3
FACP   DELL   CBX3
HPET   A M I    PCHHPET
BOOT   DELL   CBX3
MCFG   DELL   SNDYBRDG
TCPA
SSDT   DELLTP  TPM
SSDT   DELLTP  TPM
SSDT   DELLTP  TPM
DMAR   INTEL   SNB
SLIC   DELL   CBX3

Tuesday, November 26, 2013 1:31 PM

Answers

0

Sign in to vote
It's possible - and would be the next thing to try after this.

Please attempt a System Restore back to before the 22/11/13 - with luck this will replace the file and correct registry entries associated with it.

If that fails, then rename the file to NTUSER.OLD and reboot - Windows should sort itself out a new copy :)

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Proposed as answer by Noel D PatonModerator Tuesday, December 3, 2013 12:03 PM
- Marked as answer by Wolfgang V Tuesday, December 3, 2013 12:52 PM
Monday, December 2, 2013 4:27 PM

Moderator

All replies

0

Sign in to vote

Open an Elevated Command Prompt, and run the following commands

sc sdshow plugplay
REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18" /S
REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19" /S
REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20" /S

Copy and paste the results to your reply

Here are some instructions to make life easier :)

1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.

2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.

3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Tuesday, November 26, 2013 6:14 PM

Moderator
0

Sign in to vote

Thanks Noel!

This is the result of the query:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\wolfgang.voit>sc sdshow plugplay

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Users\wolfgang.voit> REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\S-1-5-18" /S

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-18
    Flags    REG_DWORD    0xc
    State    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    Sid    REG_BINARY    010100000000000512000000
    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprof
ile

C:\Users\wolfgang.voit> REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\S-1-5-19" /S

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-19
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService

    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

C:\Users\wolfgang.voit> REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\S-1-5-20" /S

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-20
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkServi
ce
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

I have a few more profiles in the profile list, that should be the query for the one that I'm using:

C:\Users\wolfgang.voit>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\S-1-5-21-15498824-2062722521-1763149965-2295" /S

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-21-15498824-2062722521-1763149965-2295
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\wolfgang.voit
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x100
    Sid    REG_BINARY    010500000000000515000000487EEC00D9A5F27A8D881769F708000
0
    Guid    REG_SZ    {6233de99-97e9-4bef-a88d-4bf90a3780b1}
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    RunLogonScriptSync    REG_DWORD    0x0
    NextLogonCacheable    REG_DWORD    0x0

Tuesday, November 26, 2013 7:50 PM
0

Sign in to vote

Those results are all normal.

That eliminates the 'usual' causes (missing service profiles, or bad service permissions)

Please run the following command from an Elevated Command Prompt window(1)

Copy and paste set of commands below into the window – once completed, hit the Enter Key to ensure that the last command has run (2)

REG QUERY HKU

REG QUERY HKU\S-1-5-20

REG QUERY HKU\S-1-5-20\Environment

REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"

Copy the whole output to your response(3)

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Tuesday, November 26, 2013 8:54 PM

Moderator
0

Sign in to vote

Here is the result of these commands:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\wolfgang.voit>REG QUERY HKU

HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-21-15498824-2062722521-1763149965-2295
HKEY_USERS\S-1-5-21-15498824-2062722521-1763149965-2295_Classes
HKEY_USERS\S-1-5-18

C:\Users\wolfgang.voit>
C:\Users\wolfgang.voit>REG QUERY HKU\S-1-5-20
ERROR: The system was unable to find the specified registry key or value.

C:\Users\wolfgang.voit>
C:\Users\wolfgang.voit>REG QUERY HKU\S-1-5-20\Environment
ERROR: The system was unable to find the specified registry key or value.

C:\Users\wolfgang.voit>
C:\Users\wolfgang.voit>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVers
ion\ProfileList"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-21-15498824-2062722521-1763149965-2295
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-21-15498824-2062722521-1763149965-4636
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-21-1993962763-436374069-839522115-1234
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-21-1993962763-436374069-839522115-2111
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-21-47747328-3537192400-3719232431-500

C:\Users\wolfgang.voit>

Tuesday, November 26, 2013 9:27 PM
0

Sign in to vote

That explains it then -- the NetworkService profile isn't being loaded.

Now we have to work out why.

Please run the following commands and post the results.

DIR C:\Windows\ServiceProfiles\NetworkService

ATTRIB C:\Windows\ServiceProfiles\NetworkService

ICACLS C:\Windows\ServiceProfiles\NetworkService

ICACLS C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

ATTRIB C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Tuesday, November 26, 2013 9:56 PM

Moderator
0

Sign in to vote

I got following results:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\wolfgang.voit>DIR C:\Windows\ServiceProfiles\NetworkService
Volume in drive C is OS
Volume Serial Number is E2F8-306A

Directory of C:\Windows\ServiceProfiles\NetworkService

03/16/2012 10:37 AM    <DIR>          .
03/16/2012 10:37 AM    <DIR>          ..
07/14/2009 05:34 AM    <DIR>          Desktop
07/14/2009 05:34 AM    <DIR>          Documents
07/14/2009 05:34 AM    <DIR>          Downloads
07/14/2009 05:34 AM    <DIR>          Favorites
07/14/2009 05:34 AM    <DIR>          Links
07/14/2009 05:34 AM    <DIR>          Music
07/14/2009 05:34 AM    <DIR>          Pictures
07/14/2009 05:34 AM    <DIR>          Saved Games
07/14/2009 05:34 AM    <DIR>          Videos
               0 File(s)              0 bytes
              11 Dir(s)   2,044,395,520 bytes free

C:\Users\wolfgang.voit>
C:\Users\wolfgang.voit>ATTRIB C:\Windows\ServiceProfiles\NetworkService
             C:\Windows\ServiceProfiles\NetworkService

C:\Users\wolfgang.voit>
C:\Users\wolfgang.voit>ICACLS C:\Windows\ServiceProfiles\NetworkService
C:\Windows\ServiceProfiles\NetworkService NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                          BUILTIN\Administrators:(OI)(CI)(F)
                                          NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(
F)

Successfully processed 1 files; Failed processing 0 files

C:\Users\wolfgang.voit>
C:\Users\wolfgang.voit>ICACLS C:\Windows\ServiceProfiles\NetworkService\NTUSER.D
AT
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT NT AUTHORITY\SYSTEM:(I)(F)
                                                     BUILTIN\Administrators:(I)(
F)
                                                     NT AUTHORITY\NETWORK SERVIC
E:(I)(F)

Successfully processed 1 files; Failed processing 0 files

C:\Users\wolfgang.voit>
C:\Users\wolfgang.voit>ATTRIB C:\Windows\ServiceProfiles\NetworkService\NTUSER.D
AT
A SH   I    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

C:\Users\wolfgang.voit>

Tuesday, November 26, 2013 10:30 PM
0

Sign in to vote

I'm not sure whether the NTUSER.DAT file should have the System Attribute - my main system doesn't, but my VM does :)

Please run the following command - which should allow us to see the date and size of the files

DIR C:\Windows\ServiceProfiles\NetworkService /AH

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Tuesday, November 26, 2013 11:00 PM

Moderator
0

Sign in to vote

I get following response: (BTW, I don't know if it could be related, but 11/22/2013 might have been the date when the problems started...)

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\wolfgang.voit>DIR C:\Windows\ServiceProfiles\NetworkService /AH
Volume in drive C is OS
Volume Serial Number is E2F8-306A

Directory of C:\Windows\ServiceProfiles\NetworkService

04/03/2011 04:47 AM    <DIR>          AppData
11/22/2013 06:12 PM           262,144 NTUSER.DAT
07/14/2009 08:18 AM             1,024 NTUSER.DAT.LOG
11/22/2013 06:12 PM           226,304 NTUSER.DAT.LOG1
07/14/2009 05:34 AM                 0 NTUSER.DAT.LOG2
09/08/2011 09:24 AM            65,536 NTUSER.DAT{24dda9dc-d9f0-11e0-a24a-806e6f
6e6963}.TM.blf
09/08/2011 09:24 AM           524,288 NTUSER.DAT{24dda9dc-d9f0-11e0-a24a-806e6f
6e6963}.TMContainer00000000000000000001.regtrans-ms
09/08/2011 09:24 AM           524,288 NTUSER.DAT{24dda9dc-d9f0-11e0-a24a-806e6f
6e6963}.TMContainer00000000000000000002.regtrans-ms
07/14/2009 05:47 AM            65,536 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0b
cd1824}.TM.blf
07/14/2009 05:47 AM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0b
cd1824}.TMContainer00000000000000000001.regtrans-ms
07/14/2009 05:47 AM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0b
cd1824}.TMContainer00000000000000000002.regtrans-ms
03/15/2012 03:26 PM            65,536 NTUSER.DAT{6d41bd1f-6e96-11e1-a492-1c659d
f79ae6}.TM.blf
03/15/2012 03:26 PM           524,288 NTUSER.DAT{6d41bd1f-6e96-11e1-a492-1c659d
f79ae6}.TMContainer00000000000000000001.regtrans-ms
03/15/2012 03:26 PM           524,288 NTUSER.DAT{6d41bd1f-6e96-11e1-a492-1c659d
f79ae6}.TMContainer00000000000000000002.regtrans-ms
03/16/2012 06:05 PM            65,536 NTUSER.DAT{c1f140a4-6f47-11e1-b9db-1c659d
f79ae6}.TM.blf
03/16/2012 06:05 PM           524,288 NTUSER.DAT{c1f140a4-6f47-11e1-b9db-1c659d
f79ae6}.TMContainer00000000000000000001.regtrans-ms
03/16/2012 06:05 PM           524,288 NTUSER.DAT{c1f140a4-6f47-11e1-b9db-1c659d
f79ae6}.TMContainer00000000000000000002.regtrans-ms
              16 File(s)      4,945,920 bytes
               1 Dir(s)   2,037,395,456 bytes free

C:\Users\wolfgang.voit>

Tuesday, November 26, 2013 11:36 PM
0

Sign in to vote

So the file is present, but for whatever reason, is not being loaded into the registry. Its permissions are apparently correct, and it's not marked as 'read-only'. The proper registry entries are there for it to be loaded.

It's a long time since I saw a similar error, and if I remember right that was in Vista - I'll have to trawl through my records and see if I can find the relevant threads.

Back later - shout if you don't hear from me by Friday!

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Wednesday, November 27, 2013 7:45 AM

Moderator
0

Sign in to vote

Thanks a lot for you help so far, Noel!

I have already started to back up all my data, in case the only way is to re-install Windows... But of course it would be nice if you can find some solution to it, would save me a lot of work and trouble :)

Wednesday, November 27, 2013 7:09 PM
0

Sign in to vote

Finally found it :) - it was in the Vista forum, but a lot further back than I thought - Feb 2012.

Please open an Elevated Command Prompt, and run the following commands.

REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist

reg load HKU\Test "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"

reg query hku\test\environment

reg unload HKU\Test

with any luck, that'll isolate the problem.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Friday, November 29, 2013 9:00 PM

Moderator
0

Sign in to vote

JUst for grins - here's the thread I was referring to... http://social.microsoft.com/Forums/pl-PL/b4c34d7a-ae6d-4c68-9410-441f2d002964/error-0x80070426

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Friday, November 29, 2013 9:01 PM

Moderator
0

Sign in to vote
Sorry for the late reply, I had been ill during the weekend...

This is the response on the commands:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\>REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
    \REGISTRY\MACHINE\HARDWARE    REG_SZ
    \REGISTRY\MACHINE\BCD00000000    REG_SZ    \Device\HarddiskVolume2\Boot\BCD
    \REGISTRY\MACHINE\SYSTEM    REG_SZ    \Device\HarddiskVolume3\Windows\System
32\config\SYSTEM
    \REGISTRY\MACHINE\SOFTWARE    REG_SZ    \Device\HarddiskVolume3\Windows\Syst
em32\config\SOFTWARE
    \REGISTRY\USER\.DEFAULT    REG_SZ    \Device\HarddiskVolume3\Windows\System3
2\config\DEFAULT
    \REGISTRY\MACHINE\SECURITY    REG_SZ    \Device\HarddiskVolume3\Windows\Syst
em32\config\SECURITY
    \REGISTRY\MACHINE\SAM    REG_SZ    \Device\HarddiskVolume3\Windows\System32\
config\SAM
    \REGISTRY\USER\S-1-5-19    REG_SZ    \Device\HarddiskVolume3\Windows\Service
Profiles\LocalService\NTUSER.DAT
    \Registry\User\S-1-5-21-15498824-2062722521-1763149965-2295    REG_SZ    \De
vice\HarddiskVolume3\Users\wolfgang.voit\NTUSER.DAT
    \Registry\User\S-1-5-21-15498824-2062722521-1763149965-2295_Classes    REG_S
Z    \Device\HarddiskVolume3\Users\wolfgang.voit\AppData\Local\Microsoft\Windows
\UsrClass.dat

C:\>
C:\>
C:\>reg load HKU\Test "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"
ERROR: The system has attempted to load or restore a file into the registry, but
the specified file is not in a registry file format.

C:\>
C:\>reg query hku\test\environment
ERROR: The system was unable to find the specified registry key or value.

C:\>
C:\>reg unload HKU\Test
ERROR: The parameter is incorrect.

C:\>

I also had a look at the "NTUSER.DAT" in C:\Windows\ServiceProfiles\NetworkService, and the time stamp is still "11/22/2013 06:12 PM" (which possibly might be the time when everything started). So it seems that it is somehow corrupted, as it doesn't update, do I see this right?

What whould you recommend as the next step (I was browsing through the old post, but I'm not sure if I read everything that was relevant)? Should I rename the NTUSER.DAT and see if it's re-constructed during startup, or should I copy it right away from the Default profile?
- Edited by Wolfgang V Monday, December 2, 2013 11:22 AM
Monday, December 2, 2013 11:21 AM
0

Sign in to vote
We've found the cause of the problem at least - the entry for the service is missing from the hivelist key.

Whether the file is in the proper format or not remains to be seen :)

I've uploaded a file - NWShivelist.zip - to my SkyDrive at Noel's SkyDrive

Please download and save it to your desktop.

Right-click on the saved file and select Extract all...

Save it to the default location

This should create a file NWShivelist.reg

right-click on the file, and select Merge

Accept the warnings, - you should then get a 'Success' message.

Close all windows, and reboot twice.

Run another MGADiag report, and post the results.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Edited by Noel D PatonModerator Monday, December 2, 2013 12:22 PM correct filename typo
Monday, December 2, 2013 11:54 AM

Moderator
0

Sign in to vote

Nope, I don't think it changed anything...

It seems that the entry in the hivelist key disappeared again after rebooting. But I realized also that you added it with "HarddiskVolume2"; shouldn't it be "HarddiskVolume3" in my case?

In any case, this is the latest MGADiag report:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: N/A, hr = 0x80070005
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: ftp=192.168.0.210:81;gopher=;http=192.168.0.210:80;https=192.168.0.210:81;socks=192.168.0.210:1080
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-47747328-3537192400-3719232431</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6320</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A18</Version><SMBIOSVersion major="2" minor="6"/><Date>20130628000000.000000+000</Date></BIOS><HWID>D5CB3907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text.
Error: 0x46

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:19:2013 12:34
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NgAAAAEAAAABAAEAAgADAAAABAABAAEA6GHcKnvZHKxoQ9azrL4s4ia0J5TAHw6L6AOSvi5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC   DELL   CBX3
FACP   DELL   CBX3
HPET   A M I    PCHHPET
BOOT   DELL   CBX3
MCFG   DELL   SNDYBRDG
TCPA
SSDT   DELLTP  TPM
SSDT   DELLTP  TPM
SSDT   DELLTP  TPM
DMAR   INTEL   SNB
SLIC   DELL   CBX3

Monday, December 2, 2013 12:59 PM
0

Sign in to vote

Ooops!

well spotted :)

Yes - I've modified the .reg file to correct this and re-uploaded it as MWShivelist2.zip

Same procedure, please - it should over-write the old one.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Monday, December 2, 2013 1:42 PM

Moderator
0

Sign in to vote

I've tried the modified file now, but it seems that it didn't change anything. The entry is missing again after rebooting the system, and still the same error messages.

Could it be that the missing entry in the hivelist key is rather a symptom than the cause? Should I try to delete/rename the NTUSER.DAT in the ServiceProfiles>NetworkService, or copy it from the Default profile, in case it might be corrupted?

Monday, December 2, 2013 3:10 PM
0

Sign in to vote
It's possible - and would be the next thing to try after this.

Please attempt a System Restore back to before the 22/11/13 - with luck this will replace the file and correct registry entries associated with it.

If that fails, then rename the file to NTUSER.OLD and reboot - Windows should sort itself out a new copy :)

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Proposed as answer by Noel D PatonModerator Tuesday, December 3, 2013 12:03 PM
- Marked as answer by Wolfgang V Tuesday, December 3, 2013 12:52 PM
Monday, December 2, 2013 4:27 PM

Moderator
0

Sign in to vote

Yeah, success! :-) everything seems to be fixed now!

Obviously the NTUSER.DAT was really corrupted in some way. What I did was renaming the current NTUSER.DAT in C:\Windows\ServiceProfiles\NetworkService to NTUSER.COPY (I did that actually in the Windows Explorer, after un-hiding the protected system files in Tools > Folder Options). After rebooting, Windows created a new copy of NTUSER.DAT, as you said, and the “Windows not genuine” message was gone.

I saw that the previously missing HKEY_USERS\S-1-5-20 key appeared now, and also the corresponding key in the hivelist was there. However, after the initial reboot I found out that there was still an error when starting Office programs, which was a further symptom that I had since the problems started. So I added (as described in the old post) the missing Network Service to the HKEY_USERS\S-1-5-20 key as a user with Full Control, using Permissions in Regedit. And finally, after an additional reboot everything seems to be working as it should.

Just out of curiosity: Was the error when starting Office programs really connected to the missing “Network Service” user in the S-1-5-20 key, or would that have fixed itself after a second reboot? Is it important to have Network Service having full control over that key?

Thanks a lot, Noel, for your help in identifying and fixing the problems! I was really afraid I would have to go through the hassle of re-installing the whole system…

Tuesday, December 3, 2013 9:33 AM
0

Sign in to vote

Here is also the latest MGADiag report of the current system, when everything appears to be fine to me:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: ftp=192.168.0.210:81;gopher=;http=192.168.0.210:80;https=192.168.0.210:81;socks=192.168.0.210:1080
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3CD53F07-831F-4FF0-8E0E-6B881BAB52AC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-47747328-3537192400-3719232431</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6320</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A18</Version><SMBIOSVersion major="2" minor="6"/><Date>20130628000000.000000+000</Date></BIOS><HWID>D5CB3907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700524-02-1033-7600.0000-0922011
Installation ID: 008136990973353750929012191295423154242720747632328103
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 733WD
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 12/3/2013 10:33:59 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:19:2013 12:34
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NgAAAAEAAAABAAEAAgADAAAABAABAAEA6GHcKnvZHKxoQ9azrL4s4ia0J5TAHw6L6AOSvi5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC   DELL   CBX3
FACP   DELL   CBX3
HPET   A M I    PCHHPET
BOOT   DELL   CBX3
MCFG   DELL   SNDYBRDG
TCPA
SSDT   DELLTP  TPM
SSDT   DELLTP  TPM
SSDT   DELLTP  TPM
DMAR   INTEL   SNB
SLIC   DELL   CBX3

Tuesday, December 3, 2013 9:39 AM
0

Sign in to vote
Hmmm - I never noticed the rather odd Proxies you have set up, before (although they've been there all the time)

Proxy settings: ftp=192.168.0.210:81;gopher=;http=192.168.0.210:80;https=192.168.0.210:81;socks=192.168.0.210:1080

Other than that, the new report looks fine.

Permissions on the HKU\S-1-5-20 key should include Network Service - Full and Read

- otherwise the service can't configure itself as required :)

This may impact on later Office releases, since they use different activation/validation mechanisms to earlier versions.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
Tuesday, December 3, 2013 12:02 PM

Moderator
0

Sign in to vote

I think the proxy settings are ok, they are only used when I'm logging into a certain network here, otherwise I'm manually disabling the proxy server anyway.

By the way, I've never tried to do a System Restore, as there were only some very recent restore points listed (after 22/11/13), and then only the restore point of the original configuration in 2011. Strange though, I thought I've had seen that it was generating restore points earlier...

But anyway, really good that it worked out with renaming & re-generating the NTUSER.DAT file :-)

Thanks again for your help!

Tuesday, December 3, 2013 12:52 PM
0

Sign in to vote

You're welcome - good luck!

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Wednesday, December 4, 2013 4:29 PM

Moderator

Answered by:

Windows 7 not genuine Error

Question

Answers

All replies