Win7 Suddenly Not Genuine

All replies

• 

  

  0

  Sign in to vote

  ks very much as if you have an unauthorised installation of one or more MUI packages, probably using a program called Vistalizator - look here for details...

  http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/6f6b1cb8-e84e-4c1f-a2ac-181a77d2f772

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Saturday, March 19, 2011 6:57 AM

  Moderator
• 

  

  0

  Sign in to vote

  Noel-

  Thanks for the response but neither of those cases apply to me. I only speak English and I verified via regedit that en-US is the only language applied. (I have never used Vistalizator or anything like it and I do not take my PC to a shop for anyone else to have inadvertently done so either.)

  I did happen to go online with MS support and the 1st agent verified my product key is legit. I was requested to re-enter the code under "Change Product Key". I of course had to reboot and 5 minutes later the error was back. 2nd try at MS support finally yielded "call our security team" at which point the only answer I got was to either call Digital River to get a new d/l copy of Win7 (which seems unneccessary since I have been running 7 for over a year without issue) or to reload the O/S.

  If anyone has any other ideas I'd be grateful. Sorry, but the reloading the O/S is not what I call a fix. Seems too much like buying time.

  I have no problem with doing so but it seems too coincidental to me that when many updates came down on March 9th, the error appeared soon after that. Of course I have no proof since I was not expecting anything to go awry but it still seems too coincidental.

   

  Monday, March 21, 2011 3:35 PM
• 

  

  0

  Sign in to vote

  The problem is that you have .mui files that Windows has detected as either being Modified in some way or (more likely) that were added in an unauthorized way.

  .mui files are Multilingual User Interface files and my understanding is if no Language Interface Packs was added, there would be no mui files in your Windows, but as you can see from your Diagnostic Report, there are .mui files present. And since Windows 7 Professional is not a version of Windows that allows the installation of Language Interface Packs, the files must have been added in an unauthorized way, which Windows rejects.

  How these files came to be in your Windows, I have no way of knowing, but they are the cause of this issue.

  If the information provided in Noae's post did not resolve the issue, I recommend contacting Microsoft Assisted Support, at one of the below URLs, for further assistance. Even though you state you have not used the program, I do recommend mentioning Vistalizator when contacting Assisted Support.

   

  Thank you,

  ---

  Darin MS
  

  • Marked as answer by Darin Smith MS Monday, March 21, 2011 7:12 PM

  Monday, March 21, 2011 7:10 PM
• 

  

  0

  Sign in to vote

  The file mismatches indicate what Noel is telling you.  However, try running the system file checker and then another run of the MGADiag tool and post the report here.

  Click Start, type 'cmd' in the Search/Run box, and right click on the CMD icon at the top of the results pane.  Select Run as Administrator.  When the cmd window opens type 'sfc /scannow' at the prompt and hit Enter.  When the scan completes close the cmd window. 

  ---

  Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

  Monday, March 21, 2011 7:55 PM

  Answerer
• 

  

  0

  Sign in to vote

  Thanks Darin-

  I did contact MAS (twice since I had to reboot between updating the product key). I mentioned in the conversations Vistalizator but neither asked any further questions about it or anything else regarding languages. Even the Safety (or Security) team member didn't take notice of that fact....

  So the fact that only one language is in the registry is not enough to let Win know I have no other language packs added?

  Like I said earlier, I have no issue with reinstalling the O/S but it seems less than a fix and since I did nothing that I can recall to have gotten other languages installed, I can't help but feel this issue will occur again.

  If there are other checks or fixes you can recommend, I'm all ears. It really didn't feel to me that the 3 agents at MAS really were listening or understood the issue so I'm not inclined to go back there for any further support unless I can ask for something very specific.

  Thanks again for the input.

  Karl

  Monday, March 21, 2011 8:01 PM
• 

  

  0

  Sign in to vote

  Colin-

  Thanks for the suggestion too. I ran the scan but it was unable to fix some files. Okay, so I dcided to reinstall the O/S on a spare hard drive I had lying around just to see what would happen. The initial MGA Diag report had a few file mismatches right out of the gate (which obviously seemed odd to me with my limited knowledge here):

  Post Intall

  File Scan Data-->
  File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
  File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
  File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
  File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

  I then patched up to current and ran another scan and those files were fixed, however I also ran a search for *.mui on C:\Windows\system32\* and the results were that there are 1,934 .mui files in that path.

  Darin- Is it okay for these to be here *as long as* they are not those particular files that appeared as "tampered" on the other drive? There are NO .mui files in the system32 dir itself but in the various sub-dirs off system32 (en-US, hu-HU, etc...)

  Thanks for any input here.

  Wednesday, March 23, 2011 2:15 AM
• 

  

  0

  Sign in to vote

  I suggest that you copy and paste your new report. I am interested in your situation and am trying to learn about this. I believe the mismatched files are related to a WAT update not yet installed.

  Wednesday, March 23, 2011 2:32 AM

  Answerer
• 

  

  0

  Sign in to vote

  Sorry for the delayed response George (busy week). So far it looks like the new drive is still fine:

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->

  Validation Code: 0
  Cached Online Validation Code: 0x0
  Windows Product Key: *****-*****-7Y4R3-2TB83-VMFT8
  Windows Product Key Hash: eWedGUmUPfPAIHjJLxVUDUB9FHs=
  Windows Product ID: 00371-153-5389647-85392
  Windows Product ID Type: 5
  Windows License Type: Retail
  Windows OS version: 6.1.7600.2.00010100.0.0.048
  ID: {2AA8BA86-2432-4ECC-B695-FC2A923D228B}(1)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows 7 Professional
  Architecture: 0x00000000
  Build lab: 7600.win7_gdr.101026-1503
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A

  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002

  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002

  OGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  OGAExec.exe Signed By: N/A, hr = 0x80070002
  OGAAddin.dll Signed By: N/A, hr = 0x80070002

  OGA Data-->
  Office Status: 109 N/A
  OGA Version: N/A, 0x80070002
  Signed By: N/A, hr = 0x80070002
  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

  Browser Data-->
  Proxy settings: N/A
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed

  File Scan Data-->

  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{2AA8BA86-2432-4ECC-B695-FC2A923D228B}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VMFT8</PKey><PID>00371-153-5389647-85392</PID><PIDType>5</PIDType><SID>S-1-5-21-2489899400-2705426455-3052997061</SID><SYSTEM><Manufacturer>Dell Inc.                </Manufacturer><Model>Dell DV051                   </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.                </Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20051008000000.000000+000</Date></BIOS><HWID>E7B83607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

  Spsys.log Content: 0x80070002

  Licensing Data-->
  Software licensing service version: 6.1.7600.16385

  Name: Windows(R) 7, Professional edition
  Description: Windows Operating System - Windows(R) 7, RETAIL channel
  Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
  Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
  Extended PID: 00371-00170-153-538964-01-1033-7600.0000-0802011
  Installation ID: 006160966433134442250202683464394730174950026131856281
  Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
  Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
  Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
  Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
  Partial Product Key: VMFT8
  License Status: Licensed
  Remaining Windows rearm count: 3
  Trusted time: 3/30/2011 9:19:20 PM

  Windows Activation Technologies-->
  HrOffline: 0x00000000
  HrOnline: 0x00000000
  HealthStatus: 0x0000000000000000
  Event Time Stamp: 3:22:2011 21:42
  ActiveX: Registered, Version: 7.1.7600.16395
  Admin Service: Registered, Version: 7.1.7600.16395
  HealthStatus Bitmask Output:

  
  HWID Data-->
  HWID Hash Current: NAAAAAEABAABAAIAAAABAAAAAgABAAEAJJQKnXpNVpFkkqwU7K4yB5Z+0sbu05I4HwDsOw==

  OEM Activation 1.0 Data-->
  N/A

  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes, but no SLIC table
  Windows marker version: N/A
  OEMID and OEMTableID Consistent: N/A
  BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC   DELL    DV051 
    FACP   DELL    DV051 
    HPET   DELL    DV051 
    BOOT   DELL    DV051 
    MCFG   DELL    DV051 
    SSDT   DELL  st_ex

  So far no new .mui files to cause havoc so I guess I'll carve out some time to re-image the real drive since it is larger. As I'm writing this it looks like SP1 is available for d/l so I will probably update this test drive just for kicks. I don't expect anything will change but will run the diag afterwards just for fun.

  Still curious why my system suddenly went un-genuine since I didn't really do anything that should have caused it based on the feedback here. I keep the AV up-to-date and am very security conscious so really no decent chance of any bad guy/program getting in my system (I know, that's what they all say ;) ). Anyway, I'll post agin if anything changes anyime soon.

  Thursday, March 31, 2011 2:40 AM