Answered by:
Win7 Suddenly Not Genuine

Question
-
I too have an issue with a recent report telling me my copy is not genuine. The visible portion of product key is what I have on the email from DigitalRiver over a year ago. Please advise on how to corrct this.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-7Y4R3-2TB83-VMFT8
Windows Product Key Hash: eWedGUmUPfPAIHjJLxVUDUB9FHs=
Windows Product ID: 00371-153-5389647-85795
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {B271DEB0-2F3E-4C63-855F-0FB5538EE64C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.101026-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: MicrosoftOGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\en-US\sppc.dll.mui[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\sppcext.dll.mui[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\slc.dll.mui[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\slcext.dll.mui[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\sppuinotify.dll.mui[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\slui.exe.mui[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\sppcomapi.dll.mui[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\sppcommdlg.dll.mui[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\sppsvc.exe.mui[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\user32.dll.mui[6.1.7600.16385], Hr = 0x800b0100Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B271DEB0-2F3E-4C63-855F-0FB5538EE64C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VMFT8</PKey><PID>00371-153-5389647-85795</PID><PIDType>5</PIDType><SID>S-1-5-21-3565864649-712983559-1819884338</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DV051 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20051008000000.000000+000</Date></BIOS><HWID>E4B90600018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-153-538964-01-1033-7600.0000-0502010
Installation ID: 004785804844398953729262469176427045157624437816088784
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: VMFT8
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 3/19/2011 12:43:14 AMWindows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000000EF60
Event Time Stamp: 3:19:2011 00:31
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
HWID Data-->
HWID Hash Current: MAAAAAAABAABAAIAAAABAAAAAQABAAEAJJQKneyuVpFkkqwULM6WftLG7tOSOOw7OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL DV051
FACP DELL DV051
HPET DELL DV051
BOOT DELL DV051
MCFG DELL DV051
SSDT DELL st_exSaturday, March 19, 2011 6:00 AM
Answers
-
The problem is that you have .mui files that Windows has detected as either being Modified in some way or (more likely) that were added in an unauthorized way.
.mui files are Multilingual User Interface files and my understanding is if no Language Interface Packs was added, there would be no mui files in your Windows, but as you can see from your Diagnostic Report, there are .mui files present. And since Windows 7 Professional is not a version of Windows that allows the installation of Language Interface Packs, the files must have been added in an unauthorized way, which Windows rejects.
How these files came to be in your Windows, I have no way of knowing, but they are the cause of this issue.
If the information provided in Noae's post did not resolve the issue, I recommend contacting Microsoft Assisted Support, at one of the below URLs, for further assistance. Even though you state you have not used the program, I do recommend mentioning Vistalizator when contacting Assisted Support.
Thank you,
Darin MS- Marked as answer by Darin Smith MS Monday, March 21, 2011 7:12 PM
Monday, March 21, 2011 7:10 PM
All replies
-
ks very much as if you have an unauthorised installation of one or more MUI packages, probably using a program called Vistalizator - look here for details...
http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/6f6b1cb8-e84e-4c1f-a2ac-181a77d2f772
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothSaturday, March 19, 2011 6:57 AMModerator -
Noel-
Thanks for the response but neither of those cases apply to me. I only speak English and I verified via regedit that en-US is the only language applied. (I have never used Vistalizator or anything like it and I do not take my PC to a shop for anyone else to have inadvertently done so either.)
I did happen to go online with MS support and the 1st agent verified my product key is legit. I was requested to re-enter the code under "Change Product Key". I of course had to reboot and 5 minutes later the error was back. 2nd try at MS support finally yielded "call our security team" at which point the only answer I got was to either call Digital River to get a new d/l copy of Win7 (which seems unneccessary since I have been running 7 for over a year without issue) or to reload the O/S.
If anyone has any other ideas I'd be grateful. Sorry, but the reloading the O/S is not what I call a fix. Seems too much like buying time.
I have no problem with doing so but it seems too coincidental to me that when many updates came down on March 9th, the error appeared soon after that. Of course I have no proof since I was not expecting anything to go awry but it still seems too coincidental.
Monday, March 21, 2011 3:35 PM -
The problem is that you have .mui files that Windows has detected as either being Modified in some way or (more likely) that were added in an unauthorized way.
.mui files are Multilingual User Interface files and my understanding is if no Language Interface Packs was added, there would be no mui files in your Windows, but as you can see from your Diagnostic Report, there are .mui files present. And since Windows 7 Professional is not a version of Windows that allows the installation of Language Interface Packs, the files must have been added in an unauthorized way, which Windows rejects.
How these files came to be in your Windows, I have no way of knowing, but they are the cause of this issue.
If the information provided in Noae's post did not resolve the issue, I recommend contacting Microsoft Assisted Support, at one of the below URLs, for further assistance. Even though you state you have not used the program, I do recommend mentioning Vistalizator when contacting Assisted Support.
Thank you,
Darin MS- Marked as answer by Darin Smith MS Monday, March 21, 2011 7:12 PM
Monday, March 21, 2011 7:10 PM -
The file mismatches indicate what Noel is telling you. However, try running the system file checker and then another run of the MGADiag tool and post the report here.
Click Start, type 'cmd' in the Search/Run box, and right click on the CMD icon at the top of the results pane. Select Run as Administrator. When the cmd window opens type 'sfc /scannow' at the prompt and hit Enter. When the scan completes close the cmd window.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.Monday, March 21, 2011 7:55 PMAnswerer -
Thanks Darin-
I did contact MAS (twice since I had to reboot between updating the product key). I mentioned in the conversations Vistalizator but neither asked any further questions about it or anything else regarding languages. Even the Safety (or Security) team member didn't take notice of that fact....
So the fact that only one language is in the registry is not enough to let Win know I have no other language packs added?
Like I said earlier, I have no issue with reinstalling the O/S but it seems less than a fix and since I did nothing that I can recall to have gotten other languages installed, I can't help but feel this issue will occur again.
If there are other checks or fixes you can recommend, I'm all ears. It really didn't feel to me that the 3 agents at MAS really were listening or understood the issue so I'm not inclined to go back there for any further support unless I can ask for something very specific.
Thanks again for the input.
Karl
Monday, March 21, 2011 8:01 PM -
Colin-
Thanks for the suggestion too. I ran the scan but it was unable to fix some files. Okay, so I dcided to reinstall the O/S on a spare hard drive I had lying around just to see what would happen. The initial MGA Diag report had a few file mismatches right out of the gate (which obviously seemed odd to me with my limited knowledge here):
Post Intall
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]I then patched up to current and ran another scan and those files were fixed, however I also ran a search for *.mui on C:\Windows\system32\* and the results were that there are 1,934 .mui files in that path.
Darin- Is it okay for these to be here *as long as* they are not those particular files that appeared as "tampered" on the other drive? There are NO .mui files in the system32 dir itself but in the various sub-dirs off system32 (en-US, hu-HU, etc...)
Thanks for any input here.
Wednesday, March 23, 2011 2:15 AM -
I suggest that you copy and paste your new report. I am interested in your situation and am trying to learn about this. I believe the mismatched files are related to a WAT update not yet installed.Wednesday, March 23, 2011 2:32 AMAnswerer
-
Sorry for the delayed response George (busy week). So far it looks like the new drive is still fine:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-7Y4R3-2TB83-VMFT8
Windows Product Key Hash: eWedGUmUPfPAIHjJLxVUDUB9FHs=
Windows Product ID: 00371-153-5389647-85392
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {2AA8BA86-2432-4ECC-B695-FC2A923D228B}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.101026-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2AA8BA86-2432-4ECC-B695-FC2A923D228B}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VMFT8</PKey><PID>00371-153-5389647-85392</PID><PIDType>5</PIDType><SID>S-1-5-21-2489899400-2705426455-3052997061</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DV051 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20051008000000.000000+000</Date></BIOS><HWID>E7B83607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-153-538964-01-1033-7600.0000-0802011
Installation ID: 006160966433134442250202683464394730174950026131856281
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: VMFT8
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 3/30/2011 9:19:20 PMWindows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:22:2011 21:42
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: NAAAAAEABAABAAIAAAABAAAAAgABAAEAJJQKnXpNVpFkkqwU7K4yB5Z+0sbu05I4HwDsOw==OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL DV051
FACP DELL DV051
HPET DELL DV051
BOOT DELL DV051
MCFG DELL DV051
SSDT DELL st_exSo far no new .mui files to cause havoc so I guess I'll carve out some time to re-image the real drive since it is larger. As I'm writing this it looks like SP1 is available for d/l so I will probably update this test drive just for kicks. I don't expect anything will change but will run the diag afterwards just for fun.
Still curious why my system suddenly went un-genuine since I didn't really do anything that should have caused it based on the feedback here. I keep the AV up-to-date and am very security conscious so really no decent chance of any bad guy/program getting in my system (I know, that's what they all say ;) ). Anyway, I'll post agin if anything changes anyime soon.
Thursday, March 31, 2011 2:40 AM