Answered by:
windows not genuine: error 0xc004f057
Question
-
Hello, good people!
I recently got a laptop from my brother that he purchased at a store. The OS on the laptop is Windows 7 Ultimate and it didn't have any problems with genuinity. A few days ago, I tried to change the name of the profile folder using this tutorial: http://social.technet.microsoft.com/Forums/windows/en-US/dbf6dff3-a706-4047-8dbf-58b879a9af0b/how-to-rename-a-default-user-directory-after-changing-computer-name?forum=w7itproinstallUpon booting in Safe Mode, I got an error saying that Windows won't start and it offered me an option to repair the system. I chose it, let it repair, then tried to boot again in Safe Mode, this time choosing Safe Mode with Command Prompt. That's when I first got the "Windows isn't genuine" error. I didn't try to fix it till I finished the renaming. Along the way, I messed up the register editing and ended up having a corrupted user profile (I could log either in the profile I made just for the sake of renaming the folder or in a temporary profile). I fixed that issue using this tutorial: http://www.sysprobs.com/fix-temporary-profile-windows-7 Only then did I try solving the genuinity issue.
The code of the error that shows in the window that asks me to activate is C004F057. I found somewhere that means the Software Licensing Service reported that the computer BIOS is missing a required license. I checked my laptop for the COA sticker, but it's not there. The battery space has no sticker in it whatsoever. I'm unable to contact my brother or the shop to check if the OS was pre-installed so I figured I oughtta check if my OS is even legit. So I ran WVCheck, which keeps crashing instead of producing the log, but I did manage to screencap all the output it gave during processing, including the last thing it says before crashing (pasted side-by-side on the picture on this link --> http://tinypic.com/r/why0ox/8)I also executed sfc /scannow from the cmd I ran as admin. It said it repaired some files successfully, but nothing changed even after restarting my laptop. Should I provide you with the log?
I ran MGADiag, this is what the report says:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-V9488-FGM44-2C9T3
Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
Windows Product ID: 00426-OEM-8992662-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {B8655BAE-8F02-4636-8EDA-135DCB1AF8FD}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B8655BAE-8F02-4636-8EDA-135DCB1AF8FD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3094933142-2413977967-2199023057</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP 2000 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Insyde</Manufacturer><Version>F.3A</Version><SMBIOSVersion major="2" minor="7"/><Date>20130613000000.000000+000</Date></BIOS><HWID>AF373307018400FE</HWID><UserLCID>041A</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central European Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600010-02-1050-7601.0000-1662014
Installation ID: 003554327044871761160535090442061914039552403380890501
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 2C9T3
License Status: Notification
Notification Reason: 0xC004F057.
Remaining Windows rearm count: 3
Trusted time: 15.6.2014. 17:20:15
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004C533
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:14:2014 13:15
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: NgAAAAIAAgABAAIAAAABAAAABAABAAEA6GHaRXcW2nE8jBwvMHIyN8jn1iKct3xPlpCsv5Zj
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM 1855
FACP HPQOEM SLIC-MPC
DBGP HPQOEM 1855
HPET HPQOEM 1855
BOOT HPQOEM 1855
MCFG HPQOEM 1855
UEFI HPQOEM 1855
ASF! HPQOEM 1855
SSDT HPQOEM 1855
ASPT HPQOEM 1855
FPDT HPQOEM 1855
SSDT HPQOEM 1855
SSDT HPQOEM 1855
SSDT HPQOEM 1855Is my OS a pirate copy or did I mess up too much while fumbling with the system? How do I fix this?
Thanks in advance!
Answers
-
Your earlier run of SFC repaired exactly the files I suspected it would...
Line 11227: 2014-06-15 15:13:59, Info CSI 00000321 [SR] Repairing 7 components Line 11228: 2014-06-15 15:13:59, Info CSI 00000322 [SR] Beginning Verify and Repair transaction Line 11231: 2014-06-15 15:14:00, Info CSI 00000324 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store Line 11232: 2014-06-15 15:14:00, Info CSI 00000325 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store Line 11233: 2014-06-15 15:14:00, Info CSI 00000326 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store Line 11236: 2014-06-15 15:14:00, Info CSI 00000328 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store Line 11239: 2014-06-15 15:14:00, Info CSI 0000032a [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store Line 11242: 2014-06-15 15:14:00, Info CSI 0000032c [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slwga.dll" from store Line 11245: 2014-06-15 15:14:00, Info CSI 0000032e [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slwga.dll" from store... which is why the earlier MGADiag report is clear of errors - and these are also the files referenced in the WVCheck output.
They demonstrate that there was an Activation Exploit present to force activation and validation of a counterfeit install of Windows.
From the fact that there is no COA sticker, three is no BIOS SLIC table in the machine, and the machine itself is a low-end model, very unlikely to have been shipped with Ultimate installed, we can conclude that the machine almost certainly shipped with an alternate OS (possibly Linux) installed.
If you contact HP with the serial number, they will be able to tell you which OS was installed, and will be able to send you the proper Recovery media to enable this. (subject to fees)
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Proposed as answer by Noel D PatonModerator Saturday, June 21, 2014 7:58 AM
- Marked as answer by Noel D PatonModerator Saturday, June 28, 2014 7:30 PM
All replies
-
There are some very strange entries in the WVCheck log - and I suspect that they mean that the installation is counterfeit.
Please run an SF scan and post the results...
SFC -System File Checker - Instructions
Click on Start > All Programs > Accessories
Right-click on
the Command Prompt entrySelect Run as Administrator and accept the UAC prompt
- the Elevated Command Prompt window should pop up.At the Command prompt, type
SFC /SCANNOW
and hit the Enter key
Wait for the scan to finish - make a note of any error messages - and then reboot.
Upload the CBS.log file (compressed, please!) to your OneDrive or DropBox Public folder,
and post a link - also post a new MGADiag report.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. -
Ok, here is the link to the log: http://1drv.ms/SYKLrw
After the scan was done, it said that Windows Resource Protection did not find any integrity violations. The log of the previous scannow I did, the one that actually found some files to repair - I didn't think to copy it somewhere before this scannow so that log is now lost. The CBS folder also contains 5 WinRAR archives of which three are dated June 11th, the day I started the mess, one about a month ago and one from yesterday. They're all titled CbsPersist_aReallyLongNumber, but I've never ran scannow till today. Is this normal? They all have .txt files in them that look a helluva lot like CBS logs.
As for the new MGADiag report:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-V9488-FGM44-2C9T3
Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
Windows Product ID: 00426-OEM-8992662-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {B8655BAE-8F02-4636-8EDA-135DCB1AF8FD}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B8655BAE-8F02-4636-8EDA-135DCB1AF8FD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3094933142-2413977967-2199023057</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP 2000 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Insyde</Manufacturer><Version>F.3A</Version><SMBIOSVersion major="2" minor="7"/><Date>20130613000000.000000+000</Date></BIOS><HWID>AF373307018400FE</HWID><UserLCID>041A</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central European Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600010-02-1050-7601.0000-1662014
Installation ID: 003554327044871761160535090442061914039552403380890501
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 2C9T3
License Status: Notification
Notification Reason: 0xC004F057.
Remaining Windows rearm count: 3
Trusted time: 15.6.2014. 19:11:10
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004C533
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:14:2014 13:15
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: NgAAAAIAAgABAAIAAAABAAAABAABAAEA6GHaRXcW2nE8jBwvMHIyN8jn1iKct3xPlpCsv5Zj
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM 1855
FACP HPQOEM SLIC-MPC
DBGP HPQOEM 1855
HPET HPQOEM 1855
BOOT HPQOEM 1855
MCFG HPQOEM 1855
UEFI HPQOEM 1855
ASF! HPQOEM 1855
SSDT HPQOEM 1855
ASPT HPQOEM 1855
FPDT HPQOEM 1855
SSDT HPQOEM 1855
SSDT HPQOEM 1855
SSDT HPQOEM 1855
-
Your earlier run of SFC repaired exactly the files I suspected it would...
Line 11227: 2014-06-15 15:13:59, Info CSI 00000321 [SR] Repairing 7 components Line 11228: 2014-06-15 15:13:59, Info CSI 00000322 [SR] Beginning Verify and Repair transaction Line 11231: 2014-06-15 15:14:00, Info CSI 00000324 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store Line 11232: 2014-06-15 15:14:00, Info CSI 00000325 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store Line 11233: 2014-06-15 15:14:00, Info CSI 00000326 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store Line 11236: 2014-06-15 15:14:00, Info CSI 00000328 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store Line 11239: 2014-06-15 15:14:00, Info CSI 0000032a [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store Line 11242: 2014-06-15 15:14:00, Info CSI 0000032c [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slwga.dll" from store Line 11245: 2014-06-15 15:14:00, Info CSI 0000032e [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slwga.dll" from store... which is why the earlier MGADiag report is clear of errors - and these are also the files referenced in the WVCheck output.
They demonstrate that there was an Activation Exploit present to force activation and validation of a counterfeit install of Windows.
From the fact that there is no COA sticker, three is no BIOS SLIC table in the machine, and the machine itself is a low-end model, very unlikely to have been shipped with Ultimate installed, we can conclude that the machine almost certainly shipped with an alternate OS (possibly Linux) installed.
If you contact HP with the serial number, they will be able to tell you which OS was installed, and will be able to send you the proper Recovery media to enable this. (subject to fees)
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Proposed as answer by Noel D PatonModerator Saturday, June 21, 2014 7:58 AM
- Marked as answer by Noel D PatonModerator Saturday, June 28, 2014 7:30 PM
