none
windows not genuine: error 0xc004f057 RRS feed

  • Question

  • Hello, good people!

    I recently got a laptop from my brother that he purchased at a store. The OS on the laptop is Windows 7 Ultimate and it didn't have any problems with genuinity. A few days ago, I tried to change the name of the profile folder using this tutorial: http://social.technet.microsoft.com/Forums/windows/en-US/dbf6dff3-a706-4047-8dbf-58b879a9af0b/how-to-rename-a-default-user-directory-after-changing-computer-name?forum=w7itproinstall

    Upon booting in Safe Mode, I got an error saying that Windows won't start and it offered me an option to repair the system. I chose it, let it repair, then tried to boot again in Safe Mode, this time choosing Safe Mode with Command Prompt. That's when I first got the "Windows isn't genuine" error. I didn't try to fix it till I finished the renaming. Along the way, I messed up the register editing and ended up having a corrupted user profile (I could log either in the profile I made just for the sake of renaming the folder or in a temporary profile). I fixed that issue using this tutorial: http://www.sysprobs.com/fix-temporary-profile-windows-7 Only then did I try solving the genuinity issue. 

    The code of the error that shows in the window that asks me to activate is C004F057. I found somewhere that means the Software Licensing Service reported that the computer BIOS is missing a required license. I checked my laptop for the COA sticker, but it's not there. The battery space has no sticker in it whatsoever. I'm unable to contact my brother or the shop to check if the OS was pre-installed so I figured I oughtta check if my OS is even legit. So I ran WVCheck, which keeps crashing instead of producing the log, but I did manage to screencap all the output it gave during processing, including the last thing it says before crashing (pasted side-by-side on the picture on this link --> http://tinypic.com/r/why0ox/8)

    I also executed sfc /scannow from the cmd I ran as admin. It said it repaired some files successfully, but nothing changed even after restarting my laptop. Should I provide you with the log?

    I ran MGADiag, this is what the report says:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-V9488-FGM44-2C9T3
    Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
    Windows Product ID: 00426-OEM-8992662-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {B8655BAE-8F02-4636-8EDA-135DCB1AF8FD}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.140303-2144
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B8655BAE-8F02-4636-8EDA-135DCB1AF8FD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3094933142-2413977967-2199023057</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP 2000 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Insyde</Manufacturer><Version>F.3A</Version><SMBIOSVersion major="2" minor="7"/><Date>20130613000000.000000+000</Date></BIOS><HWID>AF373307018400FE</HWID><UserLCID>041A</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central European Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600010-02-1050-7601.0000-1662014
    Installation ID: 003554327044871761160535090442061914039552403380890501
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 2C9T3
    License Status: Notification
    Notification Reason: 0xC004F057.
    Remaining Windows rearm count: 3
    Trusted time: 15.6.2014. 17:20:15

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C533
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:14:2014 13:15
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NgAAAAIAAgABAAIAAAABAAAABAABAAEA6GHaRXcW2nE8jBwvMHIyN8jn1iKct3xPlpCsv5Zj

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HPQOEM 1855    
      FACP HPQOEM SLIC-MPC
      DBGP HPQOEM 1855    
      HPET HPQOEM 1855    
      BOOT HPQOEM 1855    
      MCFG HPQOEM 1855    
      UEFI HPQOEM 1855    
      ASF! HPQOEM 1855    
      SSDT HPQOEM 1855    
      ASPT HPQOEM 1855    
      FPDT HPQOEM 1855    
      SSDT HPQOEM 1855    
      SSDT HPQOEM 1855    
      SSDT HPQOEM 1855    

    Is my OS a pirate copy or did I mess up too much while fumbling with the system? How do I fix this? 

    Thanks in advance!

    Sunday, June 15, 2014 3:38 PM

Answers

  • Your earlier run of SFC repaired exactly the files I suspected it would...

    	Line 11227: 2014-06-15 15:13:59, Info                  CSI    00000321 [SR] Repairing 7 components
    	Line 11228: 2014-06-15 15:13:59, Info                  CSI    00000322 [SR] Beginning Verify and Repair transaction
    	Line 11231: 2014-06-15 15:14:00, Info                  CSI    00000324 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
    	Line 11232: 2014-06-15 15:14:00, Info                  CSI    00000325 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
    	Line 11233: 2014-06-15 15:14:00, Info                  CSI    00000326 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
    	Line 11236: 2014-06-15 15:14:00, Info                  CSI    00000328 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
    	Line 11239: 2014-06-15 15:14:00, Info                  CSI    0000032a [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
    	Line 11242: 2014-06-15 15:14:00, Info                  CSI    0000032c [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slwga.dll" from store
    	Line 11245: 2014-06-15 15:14:00, Info                  CSI    0000032e [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slwga.dll" from store
    

    ... which is why the earlier MGADiag report is clear of errors - and these are also the files referenced in the WVCheck output.

    They demonstrate that there was an Activation Exploit present to force activation and validation of a counterfeit install of Windows.

    From the fact that there is no COA sticker, three is no BIOS SLIC table in the machine, and the machine itself is a low-end model, very unlikely to have been shipped with Ultimate installed, we can conclude that the machine almost certainly shipped with an alternate OS (possibly Linux) installed.

    If you contact HP with the serial number, they will be able to tell you which OS was installed, and will be able to send you the proper Recovery media to enable this. (subject to fees)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, June 15, 2014 9:56 PM
    Moderator

All replies

  • There are some very strange entries in the WVCheck log - and I suspect that they mean that the installation is counterfeit.

    Please run an SF scan and post the results...

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on
    the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt
    - the Elevated Command Prompt window should pop up.

    At the Command prompt, type

    SFC /SCANNOW

    and hit the Enter key

    Wait for the scan to finish - make a note of any error messages - and then reboot.

    Upload the CBS.log file (compressed, please!) to your OneDrive or DropBox Public folder,
    and post a link - also post a new MGADiag report.



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, June 15, 2014 4:40 PM
    Moderator
  • Ok, here is the link to the log: http://1drv.ms/SYKLrw
    After the scan was done, it said that Windows Resource Protection did not find any integrity violations. The log of the previous scannow I did, the one that actually found some files to repair - I didn't think to copy it somewhere before this scannow so that log is now lost. The CBS folder also contains 5 WinRAR archives of which three are dated June 11th, the day I started the mess, one about a month ago and one from yesterday. They're all titled CbsPersist_aReallyLongNumber, but I've never ran scannow till today. Is this normal? They all have .txt files in them that look a helluva lot like CBS logs. 

    As for the new MGADiag report: 

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-V9488-FGM44-2C9T3
    Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
    Windows Product ID: 00426-OEM-8992662-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {B8655BAE-8F02-4636-8EDA-135DCB1AF8FD}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.140303-2144
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B8655BAE-8F02-4636-8EDA-135DCB1AF8FD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3094933142-2413977967-2199023057</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP 2000 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Insyde</Manufacturer><Version>F.3A</Version><SMBIOSVersion major="2" minor="7"/><Date>20130613000000.000000+000</Date></BIOS><HWID>AF373307018400FE</HWID><UserLCID>041A</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central European Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600010-02-1050-7601.0000-1662014
    Installation ID: 003554327044871761160535090442061914039552403380890501
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 2C9T3
    License Status: Notification
    Notification Reason: 0xC004F057.
    Remaining Windows rearm count: 3
    Trusted time: 15.6.2014. 19:11:10

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C533
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:14:2014 13:15
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NgAAAAIAAgABAAIAAAABAAAABAABAAEA6GHaRXcW2nE8jBwvMHIyN8jn1iKct3xPlpCsv5Zj

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HPQOEM 1855    
      FACP HPQOEM SLIC-MPC
      DBGP HPQOEM 1855    
      HPET HPQOEM 1855    
      BOOT HPQOEM 1855    
      MCFG HPQOEM 1855    
      UEFI HPQOEM 1855    
      ASF! HPQOEM 1855    
      SSDT HPQOEM 1855    
      ASPT HPQOEM 1855    
      FPDT HPQOEM 1855    
      SSDT HPQOEM 1855    
      SSDT HPQOEM 1855    
      SSDT HPQOEM 1855    

    Sunday, June 15, 2014 5:23 PM
  • Your earlier run of SFC repaired exactly the files I suspected it would...

    	Line 11227: 2014-06-15 15:13:59, Info                  CSI    00000321 [SR] Repairing 7 components
    	Line 11228: 2014-06-15 15:13:59, Info                  CSI    00000322 [SR] Beginning Verify and Repair transaction
    	Line 11231: 2014-06-15 15:14:00, Info                  CSI    00000324 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
    	Line 11232: 2014-06-15 15:14:00, Info                  CSI    00000325 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
    	Line 11233: 2014-06-15 15:14:00, Info                  CSI    00000326 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
    	Line 11236: 2014-06-15 15:14:00, Info                  CSI    00000328 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
    	Line 11239: 2014-06-15 15:14:00, Info                  CSI    0000032a [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
    	Line 11242: 2014-06-15 15:14:00, Info                  CSI    0000032c [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slwga.dll" from store
    	Line 11245: 2014-06-15 15:14:00, Info                  CSI    0000032e [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slwga.dll" from store
    

    ... which is why the earlier MGADiag report is clear of errors - and these are also the files referenced in the WVCheck output.

    They demonstrate that there was an Activation Exploit present to force activation and validation of a counterfeit install of Windows.

    From the fact that there is no COA sticker, three is no BIOS SLIC table in the machine, and the machine itself is a low-end model, very unlikely to have been shipped with Ultimate installed, we can conclude that the machine almost certainly shipped with an alternate OS (possibly Linux) installed.

    If you contact HP with the serial number, they will be able to tell you which OS was installed, and will be able to send you the proper Recovery media to enable this. (subject to fees)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, June 15, 2014 9:56 PM
    Moderator