locked
my laptop is not genuine RRS feed

  • Question

  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-PJW6W-9GK29-TMPWP
    Windows Product Key Hash: s96ZjOX/L18svs5JSfzs8eCl/m0=
    Windows Product ID: 00426-OEM-8992662-00537
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {8EB8B361-CE09-4F3D-9132-AB4A4BD0EC2C}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_ldr.170913-0600
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{8EB8B361-CE09-4F3D-9132-AB4A4BD0EC2C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TMPWP</PKey><PID>00426-OEM-8992662-00537</PID><PIDType>2</PIDType><SID>S-1-5-21-2537649879-3235180882-1630720273</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>20157</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>62CN34WW</Version><SMBIOSVersion major="2" minor="7"/><Date>20120426000000.000000+000</Date></BIOS><HWID>36AF3307018400FE</HWID><UserLCID>4009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>CB-01   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>8B4E4FD0FAFD586</Val><Hash>g36n6TQeM+havnCc3HY84PgeXns=</Hash><Pid>89388-707-3276613-65853</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Not Registered - 0x80070005
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NAAAAAEABAABAAEAAAABAAAAAwABAAEAJJRc4rIDXI+EnZpvGqMAShY0cLwuB0pXJAAucw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: no, invalid SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC LENOVO CB-01   
      FACP LENOVO CB-01   
      HPET LENOVO CB-01   
      MCFG LENOVO CB-01   
      SLIC LENOVO CB-01   
      SSDT LENOVO PtidDevc
      ASF! LENOVO CB-01   
      SSDT LENOVO PtidDevc
      SSDT LENOVO PtidDevc
      UEFI LENOVO CB-01   
      UEFI LENOVO CB-01   
      POAT LENOVO CB-01   
      UEFI LENOVO CB-01   

    Wednesday, November 29, 2017 7:17 AM

Answers

  • This looks very much to me as if this system has had an Application Exploit installed to circumvent Activation and Validation requirements.

    If I'm right, this should get the system back to the way it should be...

     Best way to fix it now (since we don't know which version of RemoveWAT was used) is to run WATFix....

    email me for a link to the file as the only public ones I know have either been infected or removed from the archives.

    email addie is ngs@crashfixpc.co.uk

    (note - I'll remove the email address tomorrow - Saturday - so it doesn't get too much spam email!)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, December 1, 2017 12:27 PM
    Moderator

All replies

  • Recreate the Licensing Store: 


    Go to Start > All Programs > Accessories
    Right-Click on Command Prompt and select Run as Administrator - accept the UAC prompt
    Run the following commands in the Command Prompt window, using the Enter key at the end of each

    net stop sppsvc
    (wait until the service has stopped before entering the following lines)

    CD %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
    REN tokens.dat tokens.bar
    net start sppsvc
    slui.exe

    After a couple of seconds the Windows Activation dialog will appear.
    You may be asked to re-activate and/or re-enter your product key, or Activation may occur automatically.
    If you are asked for your Key, use the one on the COA sticker on the machine's case

    Reboot and Post back with a new MGADiag report.


    Carey Frisch

    Wednesday, November 29, 2017 7:46 AM
    Moderator
  • This looks very much to me as if this system has had an Application Exploit installed to circumvent Activation and Validation requirements.

    If I'm right, this should get the system back to the way it should be...

     Best way to fix it now (since we don't know which version of RemoveWAT was used) is to run WATFix....

    email me for a link to the file as the only public ones I know have either been infected or removed from the archives.

    email addie is ngs@crashfixpc.co.uk

    (note - I'll remove the email address tomorrow - Saturday - so it doesn't get too much spam email!)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, December 1, 2017 12:27 PM
    Moderator