locked
Win7 Suddenly Not Genuine RRS feed

  • Question

  • I too have an issue with a recent report telling me my copy is not genuine. The visible portion of product key is what I have on the email from DigitalRiver over a year ago. Please advise on how to corrct this.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-7Y4R3-2TB83-VMFT8
    Windows Product Key Hash: eWedGUmUPfPAIHjJLxVUDUB9FHs=
    Windows Product ID: 00371-153-5389647-85795
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {B271DEB0-2F3E-4C63-855F-0FB5538EE64C}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.101026-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\en-US\sppc.dll.mui[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\en-US\sppcext.dll.mui[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\en-US\slc.dll.mui[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\en-US\slcext.dll.mui[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\en-US\sppuinotify.dll.mui[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\en-US\slui.exe.mui[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\en-US\sppcomapi.dll.mui[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\en-US\sppcommdlg.dll.mui[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\en-US\sppsvc.exe.mui[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\en-US\user32.dll.mui[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B271DEB0-2F3E-4C63-855F-0FB5538EE64C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VMFT8</PKey><PID>00371-153-5389647-85795</PID><PIDType>5</PIDType><SID>S-1-5-21-3565864649-712983559-1819884338</SID><SYSTEM><Manufacturer>Dell Inc.                </Manufacturer><Model>Dell DV051                   </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.                </Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20051008000000.000000+000</Date></BIOS><HWID>E4B90600018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-153-538964-01-1033-7600.0000-0502010
    Installation ID: 004785804844398953729262469176427045157624437816088784
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: VMFT8
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 3/19/2011 12:43:14 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000000EF60
    Event Time Stamp: 3:19:2011 00:31
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui


    HWID Data-->
    HWID Hash Current: MAAAAAAABAABAAIAAAABAAAAAQABAAEAJJQKneyuVpFkkqwULM6WftLG7tOSOOw7

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    DV051 
      FACP   DELL    DV051 
      HPET   DELL    DV051 
      BOOT   DELL    DV051 
      MCFG   DELL    DV051 
      SSDT   DELL  st_ex

     

    Saturday, March 19, 2011 6:00 AM

Answers

  • The problem is that you have .mui files that Windows has detected as either being Modified in some way or (more likely) that were added in an unauthorized way.

    .mui files are Multilingual User Interface files and my understanding is if no Language Interface Packs was added, there would be no mui files in your Windows, but as you can see from your Diagnostic Report, there are .mui files present. And since Windows 7 Professional is not a version of Windows that allows the installation of Language Interface Packs, the files must have been added in an unauthorized way, which Windows rejects.

    How these files came to be in your Windows, I have no way of knowing, but they are the cause of this issue.

    If the information provided in Noae's post did not resolve the issue, I recommend contacting Microsoft Assisted Support, at one of the below URLs, for further assistance. Even though you state you have not used the program, I do recommend mentioning Vistalizator when contacting Assisted Support.

     

    Thank you,


    Darin MS
    Monday, March 21, 2011 7:10 PM

All replies

  • ks very much as if you have an unauthorised installation of one or more MUI packages, probably using a program called Vistalizator - look here for details...

    http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/6f6b1cb8-e84e-4c1f-a2ac-181a77d2f772


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, March 19, 2011 6:57 AM
    Moderator
  • Noel-

    Thanks for the response but neither of those cases apply to me. I only speak English and I verified via regedit that en-US is the only language applied. (I have never used Vistalizator or anything like it and I do not take my PC to a shop for anyone else to have inadvertently done so either.)

    I did happen to go online with MS support and the 1st agent verified my product key is legit. I was requested to re-enter the code under "Change Product Key". I of course had to reboot and 5 minutes later the error was back. 2nd try at MS support finally yielded "call our security team" at which point the only answer I got was to either call Digital River to get a new d/l copy of Win7 (which seems unneccessary since I have been running 7 for over a year without issue) or to reload the O/S.

    If anyone has any other ideas I'd be grateful. Sorry, but the reloading the O/S is not what I call a fix. Seems too much like buying time.

    I have no problem with doing so but it seems too coincidental to me that when many updates came down on March 9th, the error appeared soon after that. Of course I have no proof since I was not expecting anything to go awry but it still seems too coincidental.

     

    Monday, March 21, 2011 3:35 PM
  • The problem is that you have .mui files that Windows has detected as either being Modified in some way or (more likely) that were added in an unauthorized way.

    .mui files are Multilingual User Interface files and my understanding is if no Language Interface Packs was added, there would be no mui files in your Windows, but as you can see from your Diagnostic Report, there are .mui files present. And since Windows 7 Professional is not a version of Windows that allows the installation of Language Interface Packs, the files must have been added in an unauthorized way, which Windows rejects.

    How these files came to be in your Windows, I have no way of knowing, but they are the cause of this issue.

    If the information provided in Noae's post did not resolve the issue, I recommend contacting Microsoft Assisted Support, at one of the below URLs, for further assistance. Even though you state you have not used the program, I do recommend mentioning Vistalizator when contacting Assisted Support.

     

    Thank you,


    Darin MS
    Monday, March 21, 2011 7:10 PM
  • The file mismatches indicate what Noel is telling you.  However, try running the system file checker and then another run of the MGADiag tool and post the report here.

    Click Start, type 'cmd' in the Search/Run box, and right click on the CMD icon at the top of the results pane.  Select Run as Administrator.  When the cmd window opens type 'sfc /scannow' at the prompt and hit Enter.  When the scan completes close the cmd window. 


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Monday, March 21, 2011 7:55 PM
    Answerer
  • Thanks Darin-

    I did contact MAS (twice since I had to reboot between updating the product key). I mentioned in the conversations Vistalizator but neither asked any further questions about it or anything else regarding languages. Even the Safety (or Security) team member didn't take notice of that fact....

    So the fact that only one language is in the registry is not enough to let Win know I have no other language packs added?

    Like I said earlier, I have no issue with reinstalling the O/S but it seems less than a fix and since I did nothing that I can recall to have gotten other languages installed, I can't help but feel this issue will occur again.

    If there are other checks or fixes you can recommend, I'm all ears. It really didn't feel to me that the 3 agents at MAS really were listening or understood the issue so I'm not inclined to go back there for any further support unless I can ask for something very specific.

    Thanks again for the input.

    Karl

    Monday, March 21, 2011 8:01 PM
  • Colin-

    Thanks for the suggestion too. I ran the scan but it was unable to fix some files. Okay, so I dcided to reinstall the O/S on a spare hard drive I had lying around just to see what would happen. The initial MGA Diag report had a few file mismatches right out of the gate (which obviously seemed odd to me with my limited knowledge here):

    Post Intall

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

    I then patched up to current and ran another scan and those files were fixed, however I also ran a search for *.mui on C:\Windows\system32\* and the results were that there are 1,934 .mui files in that path.

    Darin- Is it okay for these to be here *as long as* they are not those particular files that appeared as "tampered" on the other drive? There are NO .mui files in the system32 dir itself but in the various sub-dirs off system32 (en-US, hu-HU, etc...)

    Thanks for any input here.

    Wednesday, March 23, 2011 2:15 AM
  • I suggest that you copy and paste your new report. I am interested in your situation and am trying to learn about this. I believe the mismatched files are related to a WAT update not yet installed.
    Wednesday, March 23, 2011 2:32 AM
    Answerer
  • Sorry for the delayed response George (busy week). So far it looks like the new drive is still fine:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-7Y4R3-2TB83-VMFT8
    Windows Product Key Hash: eWedGUmUPfPAIHjJLxVUDUB9FHs=
    Windows Product ID: 00371-153-5389647-85392
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {2AA8BA86-2432-4ECC-B695-FC2A923D228B}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.101026-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{2AA8BA86-2432-4ECC-B695-FC2A923D228B}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VMFT8</PKey><PID>00371-153-5389647-85392</PID><PIDType>5</PIDType><SID>S-1-5-21-2489899400-2705426455-3052997061</SID><SYSTEM><Manufacturer>Dell Inc.                </Manufacturer><Model>Dell DV051                   </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.                </Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20051008000000.000000+000</Date></BIOS><HWID>E7B83607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-153-538964-01-1033-7600.0000-0802011
    Installation ID: 006160966433134442250202683464394730174950026131856281
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: VMFT8
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 3/30/2011 9:19:20 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 3:22:2011 21:42
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NAAAAAEABAABAAIAAAABAAAAAgABAAEAJJQKnXpNVpFkkqwU7K4yB5Z+0sbu05I4HwDsOw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    DV051 
      FACP   DELL    DV051 
      HPET   DELL    DV051 
      BOOT   DELL    DV051 
      MCFG   DELL    DV051 
      SSDT   DELL  st_ex

    So far no new .mui files to cause havoc so I guess I'll carve out some time to re-image the real drive since it is larger. As I'm writing this it looks like SP1 is available for d/l so I will probably update this test drive just for kicks. I don't expect anything will change but will run the diag afterwards just for fun.

    Still curious why my system suddenly went un-genuine since I didn't really do anything that should have caused it based on the feedback here. I keep the AV up-to-date and am very security conscious so really no decent chance of any bad guy/program getting in my system (I know, that's what they all say ;) ). Anyway, I'll post agin if anything changes anyime soon.

    Thursday, March 31, 2011 2:40 AM