Answered by:
Windows7 Ultimate validated, but not genuine?

Question
-
One of our users in our company is now getting errors that his copy of Windows 7 Ultimate is not genuine. We are an MS Partner and have the MAPS for development subscription, and that is the source for his installation and key.
All was working fine for close to a year (I don't remember exactly when I scrubbed and installed Windows 7 on this machine), but he recently upgraded to IE9 and that's when this issue began happening.
Here is the output from his diagnostics:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-X92GV-V7DCV-P4K27
Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s=
Windows Product ID: 00426-OEM-8992662-00400
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {867F7AD3-0AAF-4A6F-A984-43C497B3A4A8}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Project Professional 2003 - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{867F7AD3-0AAF-4A6F-A984-43C497B3A4A8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-3424212136-1012510239-988375917</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7666AA6</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7NETC1WW (2.21 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20091009000000.000000+000</Date></BIOS><HWID>05DF3707018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{903B0409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Project Professional 2003</Name><Ver>11</Ver><Val>AD90850103CADD4</Val><Hash>IU8PRGR3LKbx0NzkTRQ74sxDKZI=</Hash><Pid>72077-746-1889754-55014</Pid><PidType>1</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>5D65FE14D58F586</Val><Hash>BAoDbPc0n8rFHidSDI0n88MWyd0=</Hash><Pid>89388-707-0270147-65625</Pid><PidType>14</PidType></Product></Products><Applications><App Id="3B" Version="11" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:27:2011 09:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070005
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: OgAAAAMAAgABAAIAAgABAAAAAwABAAEAeqiMOTw8LcWA4hjs/JCWJxJt9nDe1lrUnGiXKrAH2hEqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-7N
FACP LENOVO TP-7N
HPET LENOVO TP-7N
BOOT LENOVO TP-7N
MCFG LENOVO TP-7N
SSDT LENOVO TP-7N
ECDT LENOVO TP-7N
TCPA LENOVO TP-7N
SLIC DELL QA09
ASF! LENOVO TP-7N
SSDT LENOVO TP-7N
SSDT LENOVO TP-7N
SSDT LENOVO TP-7N
SSDT LENOVO TP-7N
SSDT LENOVO TP-7N
Any assistance would be GREATLY appreciated.
Mike
Friday, May 27, 2011 1:31 PM
Answers
-
looks like a pirated copy of windows.
This is a Lenovo computer with a Dell OEM SLP key. An OEM SLP key must be installed at the factory at the time of manufacture. This wasn't.
You also have a Dell slic table. This indicates this install was done using a hackers loader program.
You will have to purchase and install a legitimate windows or revert to the windows the computer came with.
- Marked as answer by Darin Smith MS Friday, May 27, 2011 9:29 PM
Friday, May 27, 2011 1:53 PMAnswerer -
Lovely. Just had him look and the COA is missing. So, the company that sold it to us must have peeled it.
So, I gave him the bad news that he must give it up to me for a few days so I can reinstall. Onward and upward. At least we know what's wrong now.
Thanks for your assistance! You may close this out.
- Marked as answer by Darin Smith MS Friday, May 27, 2011 9:28 PM
Friday, May 27, 2011 8:00 PM
All replies
-
looks like a pirated copy of windows.
This is a Lenovo computer with a Dell OEM SLP key. An OEM SLP key must be installed at the factory at the time of manufacture. This wasn't.
You also have a Dell slic table. This indicates this install was done using a hackers loader program.
You will have to purchase and install a legitimate windows or revert to the windows the computer came with.
- Marked as answer by Darin Smith MS Friday, May 27, 2011 9:29 PM
Friday, May 27, 2011 1:53 PMAnswerer -
Holy cow! That's crazy! I see it now that it's not the key I used to build it. Our key ends with JWKHP.
Is there any way that malware could have done this? I'm quite certain I scrubbed and reloaded this machine when we purchased it as it was a used replacement for one that was stolen out of our employee's car and I would have used the MAPS key, and I'm quite certain it came with Vista when I got it, not Windows 7. And, I highly doubt our employee did anything with it as he calls me (frequently) whenever he has problems.
Thanks for the quick response as well!
Friday, May 27, 2011 4:20 PM -
No malware does not do this. It is done by using a Hackers loader program. This is not done accidently.
Friday, May 27, 2011 5:08 PMAnswerer -
Do you know of a way that I can input the correct key that we have as a part of our MAPS subscription like it should be in there? I'd rather not have to reinstall the OS and all the applications. And I could swear that I scrubbed this when we received it as it should have come with Windows XP.
I'm completely baffled.
Friday, May 27, 2011 5:51 PM -
I think you should reinstall. The presence of the loader will likely be detected and will go bad sooner or later.
It is reasonable to assume this was done by the owner.
based on the bios date 10/09/2009 it may have been shipped with windows 7. (likely home premium.) For what version of windows is on the COA?
Friday, May 27, 2011 6:40 PMAnswerer -
Lovely. Just had him look and the COA is missing. So, the company that sold it to us must have peeled it.
So, I gave him the bad news that he must give it up to me for a few days so I can reinstall. Onward and upward. At least we know what's wrong now.
Thanks for your assistance! You may close this out.
- Marked as answer by Darin Smith MS Friday, May 27, 2011 9:28 PM
Friday, May 27, 2011 8:00 PM