locked
This copy of Windows 7 is not genuine RRS feed

  • Question

  • Hi, can you help? I know a lot of people have had the same problem. We were attacked by a Trojan Horse, detected by Avast! which seemed to do its stuff. However, we are left with this message, although Windows seems to be working fine. I am pasting the diagnostics report below

    Jim Newmark

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-788W3-H689G-6P6GT
    Windows Product Key Hash: yr8OHoeXhbT4dc6MxGYjdAStSPY=
    Windows Product ID: 00371-OEM-8992671-00008
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {655E9C06-1A78-45E2-91F7-D22205E779D1}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.101026-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{655E9C06-1A78-45E2-91F7-D22205E779D1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6P6GT</PKey><PID>00371-OEM-8992671-00008</PID><PIDType>2</PIDType><SID>S-1-5-21-698169385-1383733380-16757918</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>SLIC-CPC</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>6.05</Version><SMBIOSVersion major="2" minor="6"/><Date>20100812000000.000000+000</Date></BIOS><HWID>BDBA3607018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>73DAD1BB8B79ED2</Val><Hash>WXj2Eum8rANicGInMl3f8ZKsDg0=</Hash><Pid>81599-873-1833661-65881</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700008-02-1033-7600.0000-2052009
    Installation ID: 021994491586614341490231449915843250711324257432084444
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 6P6GT
    License Status: Notification
    Notification Reason: 0xC004F057.
    Remaining Windows rearm count: 2
    Trusted time: 12/04/2011 20:26:51

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C533
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 4:12:2011 07:53
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJRKqPB1fhJI5Kp2gjto7Ii3BtdiiUbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   HPQOEM  SLIC-CPC
      FACP   HPQOEM  SLIC-CPC
      HPET   HPQOEM  SLIC-CPC
      MCFG   HPQOEM  SLIC-CPC
      OEMB   HPQOEM  SLIC-CPC
      GSCI   HPQOEM  SLIC-CPC
      SSDT   HPQOEM  SLIC-CPC

     

    Tuesday, April 12, 2011 7:40 PM

Answers

  • For one thing you are using a volume license copy of Office.  If you are not associated with an enterprise that provided this software you need to remove it and replace it with a retail copy.

    Microsoft Office Enterprise 2007 - 100 Genuine

    Your OEM SLP copy of Windows 7 Professional

    Windows Product ID: 00371-OEM-8992671-00008
    Windows Product ID Type: 2
    Windows License Type: OEM SLP

    is not in sync with the SLIC table in the BIOS

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table

    The malware may have messed your licensing store.

    Recreate the Licensing Store
    1) Click Start button.
    2) Type: CMD.exe into the 'Search programs and files' field
    3) Right-Click on CMD.exe and select Run as Administrator
    4) Type: net stop sppsvc (It may ask you if you are sure, select yes)
    Note: the Software Protection service may not be running, this is ok.
    5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
    6) Type: rename tokens.dat tokens.bar
    7) Type: cd %windir%\system32
    8) Type: net start sppsvc
    9) Type: slui.exe
    10) After a couple of seconds Windows Activation dialog will appear. You may be asked to re-activate and/or re-enter your product key or Activation may occur automatically.

    Run MGADiag again, and post the report

    If this copy of Windows did not ship on this computer replace it.  If the motherboard on this computer has been upgraded then you need to purchase a retail copy of Windows.  If it is the original copy of Windows then try reactivating with the COA SLP product key printed on the label affixed to the computer.  Click Start and type slui.exe 4 in the Search/Run box to activate by phone.


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    • Proposed as answer by Darin Smith MS Wednesday, April 13, 2011 11:12 PM
    • Marked as answer by Darin Smith MS Thursday, April 14, 2011 9:21 PM
    Tuesday, April 12, 2011 8:27 PM
    Answerer