locked
Windows 7 Professional reporting "This Computer is not running genuine Windows" RRS feed

  • Question

  • Like many others here my PC has started regularly advising me that "This Computer is not running genuine Windows".

    It began the day after installing the following updates:

    Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
    Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
    Definition Update for Windows Defender - KB915597 (Definition 1.189.1675.0)
    Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
    Update for Windows 7 for x64-based Systems (KB3004394)
    Windows Malicious Software Removal Tool x64 - December 2014 (KB890830)
    Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
    Security Update for Windows 7 for x64-based Systems (KB3013126)
    Update for Windows 7 for x64-based Systems (KB3014406)
    Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3008923)
    Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
    Update for Windows 7 for x64-based Systems (KB3009736)
    Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
    Update for Windows 7 for x64-based Systems (KB3006121)
    Update for Windows 7 for x64-based Systems (KB3006625)
    Update for Windows 7 for x64-based Systems (KB3013410)

    Following the "Resolve online now" option in the Windows Activation Technologies dialoge box results in arriving at the Microsoft.com website (slash)genuine(slash)validate(slash)?hrOffline=0x8004fe21 which successfully validates.  Was this a foolish thing to have done?

    Via the Microsoft.com website technical support area I eventually ended up eligible for free support and connected to an Answer Desk person.  They re-entered my activation code and said problem fixed.  No rocket science here.  They then went on to run autoruns.exe from sysinternals (seems odd), stating that the result showed I had a virus which they would fix for a cost!!!  Alarm bells rang for this and (in hindsight) a couple of other concerns.  I immediately ended the chat and ran Microsoft Safety Scanner (full scan) which removed HackTool:Win32/Keygen, rerunning says nothing detected now.

    Despite some this reading so much like a scam, I'm unsure if it is as the interaction resulted in a logged support request showing on my Microsoft account, but the activity during the chat feels very unnerving in hindsight.

    Here is my Diagnostic Report

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-P62MD-7KF2P-GW478
    Windows Product Key Hash: 4aVdTVnHpUbNcevyq6lKdchQyGI=
    Windows Product ID: 00371-OEM-9046234-76013
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {0402E580-AC0B-48AF-8C39-8FF5D9CCD95F}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.140303-2144
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Opera\launcher.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{0402E580-AC0B-48AF-8C39-8FF5D9CCD95F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-GW478</PKey><PID>00371-OEM-9046234-76013</PID><PIDType>3</PIDType><SID>S-1-5-21-733048245-1796217494-1927185162</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>H97M-D3H</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>F2</Version><SMBIOSVersion major="2" minor="7"/><Date>20140424000000.000000+000</Date></BIOS><HWID>76953007018400F4</HWID><UserLCID>1409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>New Zealand Standard Time(GMT+12:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
    Activation ID: e120e868-3df2-464a-95a0-b52fa5ada4bf
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00180-462-376013-02-5129-7601.0000-3482014
    Installation ID: 018485554294548135000974099776111405828780170756255565
    Processor Certificate URL: http:(double slash)go.microsoft.com(slash)fwlink(slash)?LinkID=88338
    Machine Certificate URL: http:(double slash)go.microsoft.com(slash)fwlink(slash)?LinkID=88339
    Use License URL: http:(double slash)go.microsoft.com(slash)fwlink(slash)?LinkID=88341
    Product Key Certificate URL: http:(double slash)go.microsoft.com(slash)fwlink(slash)?LinkID=88340
    Partial Product Key: GW478
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 14/12/2014 3:36:33 p.m.

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 12:12:2014 15:34
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAIAAgABAAEAAAACAAAAAQABAAEAHKJOWGqDqC1G1JwtHopyVrplFDFeucj2

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALASKA  A M I
      FACP   ALASKA  A M I
      HPET   ALASKA  A M I
      MCFG   ALASKA  A M I
      FPDT   ALASKA  A M I
      SSDT   Ther_R  Ther_Rvp
      SSDT   Ther_R  Ther_Rvp
      SSDT   Ther_R  Ther_Rvp
      SSDT   Ther_R  Ther_Rvp
      SSDT   Ther_R  Ther_Rvp
      DMAR   INTEL   BDW

    Had trouble posting with links so have subbed / for (slash) throughout


    • Edited by Kat2011 Sunday, December 14, 2014 3:48 AM Correction
    Sunday, December 14, 2014 3:47 AM

Answers

  • I assume that you've either installed KB3024777, or uninstalled KB3004394 by now?

    What AV are you using?

    Please disable real-time scanning/protection and reboot

    If the notification has disappeared, re-enable real-time scanning and reboot again

    If the notification is still present, first check whether the real-time scanning is still switched off.  If so, then re-enable it and post the result. If it's turned itself back on then tell me or try again using a different disable option.

    Post back with the results and a new MGADiag report


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, December 14, 2014 9:51 AM
    Moderator

All replies

  • I assume that you've either installed KB3024777, or uninstalled KB3004394 by now?

    What AV are you using?

    Please disable real-time scanning/protection and reboot

    If the notification has disappeared, re-enable real-time scanning and reboot again

    If the notification is still present, first check whether the real-time scanning is still switched off.  If so, then re-enable it and post the result. If it's turned itself back on then tell me or try again using a different disable option.

    Post back with the results and a new MGADiag report


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, December 14, 2014 9:51 AM
    Moderator
  • Yes, I had done line 1 of your answer.  Several days later the problem went away.  I cannot account for why but am pleased this is the outcome.  Thanks for your reply.
    Thursday, January 15, 2015 10:39 PM