none
Windows7 Ultimate validated, but not genuine? RRS feed

  • Question

  • One of our users in our company is now getting errors that his copy of Windows 7 Ultimate is not genuine.  We are an MS Partner and have the MAPS for development subscription, and that is the source for his installation and key.

    All was working fine for close to a year (I don't remember exactly when I scrubbed and installed Windows 7 on this machine), but he recently upgraded to IE9 and that's when this issue began happening.

    Here is the output from his diagnostics:

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0

    Cached Online Validation Code: N/A, hr = 0xc004f012

    Windows Product Key: *****-*****-X92GV-V7DCV-P4K27

    Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s=

    Windows Product ID: 00426-OEM-8992662-00400

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.1.7601.2.00010100.1.0.001

    ID: {867F7AD3-0AAF-4A6F-A984-43C497B3A4A8}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Ultimate

    Architecture: 0x00000000

    Build lab: 7601.win7sp1_gdr.110408-1631

    TTS Error: 

    Validation Diagnostic: 

    Resolution Status: N/A

     

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: 2.0.48.0

    OGAExec.exe Signed By: Microsoft

    OGAAddin.dll Signed By: Microsoft

     

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Project Professional 2003 - 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: Registered, 2.0.48.0

    Signed By: Microsoft

    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{867F7AD3-0AAF-4A6F-A984-43C497B3A4A8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-3424212136-1012510239-988375917</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7666AA6</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7NETC1WW (2.21 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20091009000000.000000+000</Date></BIOS><HWID>05DF3707018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>QA09   </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{903B0409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Project Professional 2003</Name><Ver>11</Ver><Val>AD90850103CADD4</Val><Hash>IU8PRGR3LKbx0NzkTRQ74sxDKZI=</Hash><Pid>72077-746-1889754-55014</Pid><PidType>1</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>5D65FE14D58F586</Val><Hash>BAoDbPc0n8rFHidSDI0n88MWyd0=</Hash><Pid>89388-707-0270147-65625</Pid><PidType>14</PidType></Product></Products><Applications><App Id="3B" Version="11" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

     

    Spsys.log Content: 0x80070002

     

    Licensing Data-->

    Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

     

    Windows Activation Technologies-->

    HrOffline: 0x00000000

    HrOnline: 0x00000000

    HealthStatus: 0x0000000000000000

    Event Time Stamp: 5:27:2011 09:00

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Not Registered - 0x80070005

    HealthStatus Bitmask Output:

     

     

    HWID Data-->

    HWID Hash Current: OgAAAAMAAgABAAIAAgABAAAAAwABAAEAeqiMOTw8LcWA4hjs/JCWJxJt9nDe1lrUnGiXKrAH2hEqhQ==

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information: 

      ACPI Table Name OEMID Value OEMTableID Value

      APIC LENOVO TP-7N   

      FACP LENOVO TP-7N   

      HPET LENOVO TP-7N   

      BOOT LENOVO TP-7N   

      MCFG LENOVO TP-7N   

      SSDT LENOVO TP-7N   

      ECDT LENOVO TP-7N   

      TCPA LENOVO TP-7N   

      SLIC DELL   QA09   

      ASF! LENOVO TP-7N   

      SSDT LENOVO TP-7N   

      SSDT LENOVO TP-7N   

      SSDT LENOVO TP-7N   

      SSDT LENOVO TP-7N   

      SSDT LENOVO TP-7N   

     

    Any assistance would be GREATLY appreciated.

    Mike

    Friday, May 27, 2011 1:31 PM

Answers

  • looks like a pirated copy of windows.

     

    This is a Lenovo computer with a Dell OEM SLP key. An OEM SLP key must be installed at the factory at the time of manufacture. This wasn't.

    You also have a Dell slic table. This indicates this install was done using a hackers loader program.

     

    You will have to purchase and install a legitimate windows or revert to the windows the computer came with.


    Friday, May 27, 2011 1:53 PM
    Answerer
  • Lovely.  Just had him look and the COA is missing.  So, the company that sold it to us must have peeled it.

    So, I gave him the bad news that he must give it up to me for a few days so I can reinstall.  Onward and upward.  At least we know what's wrong now.

    Thanks for your assistance!  You may close this out.

    Friday, May 27, 2011 8:00 PM

All replies

  • looks like a pirated copy of windows.

     

    This is a Lenovo computer with a Dell OEM SLP key. An OEM SLP key must be installed at the factory at the time of manufacture. This wasn't.

    You also have a Dell slic table. This indicates this install was done using a hackers loader program.

     

    You will have to purchase and install a legitimate windows or revert to the windows the computer came with.


    Friday, May 27, 2011 1:53 PM
    Answerer
  • Holy cow!  That's crazy!  I see it now that it's not the key I used to build it.  Our key ends with JWKHP.

    Is there any way that malware could have done this?  I'm quite certain I scrubbed and reloaded this machine when we purchased it as it was a used replacement for one that was stolen out of our employee's car and I would have used the MAPS key, and I'm quite certain it came with Vista when I got it, not Windows 7.  And, I highly doubt our employee did anything with it as he calls me (frequently) whenever he has problems.

    Thanks for the quick response as well!

     

    Friday, May 27, 2011 4:20 PM
  • No malware does not do this. It is done by using a Hackers loader program. This is not done accidently.

     

    Friday, May 27, 2011 5:08 PM
    Answerer
  • Do you know of a way that I can input the correct key that we have as a part of our MAPS subscription like it should be in there?  I'd rather not have to reinstall the OS and all the applications.  And I could swear that I scrubbed this when we received it as it should have come with Windows XP.

    I'm completely baffled.

    Friday, May 27, 2011 5:51 PM
  • I think you should reinstall. The presence of the loader will likely be detected and will go bad sooner or later.

    It is reasonable to assume this was done by the owner.

     

    based on the bios date 10/09/2009 it may have been shipped with windows 7. (likely home premium.) For what version of windows is on the COA?

     

    Friday, May 27, 2011 6:40 PM
    Answerer
  • Lovely.  Just had him look and the COA is missing.  So, the company that sold it to us must have peeled it.

    So, I gave him the bad news that he must give it up to me for a few days so I can reinstall.  Onward and upward.  At least we know what's wrong now.

    Thanks for your assistance!  You may close this out.

    Friday, May 27, 2011 8:00 PM