locked
Windows 7 Not genuine (pasted MGA diagnostic tool included) RRS feed

  • Question

  • Hello, it started popping up today that it might not be genuine.

    This is the log you require (I think)

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0xc004c4ab
    Windows Product Key: *****-*****-X92GV-V7DCV-P4K27
    Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s=
    Windows Product ID: 00426-OEM-8992662-00400
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.001
    ID: {E84C0D42-57B7-4BC9-85F4-D1EC2EDF2A24}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.120830-0334
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E84C0D42-57B7-4BC9-85F4-D1EC2EDF2A24}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-3198906990-2619868432-410771843</SID><SYSTEM><Manufacturer>Alienware</Manufacturer><Model>M11x R2</Model></SYSTEM><BIOS><Manufacturer>Alienware</Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="6"/><Date>20100702000000.000000+000</Date></BIOS><HWID>65B80600018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7X   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>789C399EC99F586</Val><Hash>Fs/jR4bCWbXdzPKO+tybM895nEI=</Hash><Pid>89409-707-4157945-65566</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600400-02-2057-7600.0000-0312012
    Installation ID: 005304308384304412472123857774789566378726407613923746
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: P4K27
    License Status: Notification
    Notification Reason: 0xC004F200 (non-genuine).
    Remaining Windows rearm count: 3
    Trusted time: 15/12/2012 03:08:19

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C4AB
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 12:15:2012 02:57
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MgAAAAAABAABAAIAAAABAAAAAgABAAEAln1GiPIJfBw0iZx88vqKBjA6gLCsEiyuXF0=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC ALWARE ALIENWRE
      FACP ALWARE ALIENWRE
      HPET ALWARE ALIENWRE
      BOOT ALWARE ALIENWRE
      MCFG ALWARE ALIENWRE
      WDAT ALWARE ALIENWRE
      ASF! ALWARE ALIENWRE
      SLIC LENOVO TP-7X   
      SSDT ALWARE ALIENWRE
      SSDT ALWARE ALIENWRE
      ASPT ALWARE ALIENWRE
      OSFR ALWARE ALIENWRE
      DMAR INTEL CP_DALE 
      SSDT ALWARE ALIENWRE
      SSDT ALWARE ALIENWRE

    Saturday, December 15, 2012 3:18 AM

Answers

  • Ah - that explains a lot.

    The COA sticker is actually for Windows XP Home edition!

    I was under the impression that the M11x R2 was a Windows7 netbook, rather than an XP one - obviously, I was wrong!

    From the looks of the Event logs in the report, you've had the machine for around 6 months? - there is a large number of errors in July, and a more recent batch containing a lot of problems with the CryptSvc service.

    My recommendation would be to purchase an Upgrade to Windows 7 Home Premium, and then do a clean install from that - or see whether you can get any satisfaction from your vendor (if he hasn't already skipped into the wilderness). If for some reason, you want a higher edition of WIndows 7, then go for Pro rather than Ultimate (unless you need multiple languages and/or Bitlocker)

    I can see no obvious signs of malware, and you have a reasonable AV (AVG), as well as MBAM installed, so they should catch most things.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 15, 2012 2:54 PM
    Moderator

All replies

  • You have a hacker's Activation Exploit installed, which Windows has detected - this is used to circumvent activation and validation requirements.

    Such hacks not only break the license terms of Windows, they also tend to be accompanied by malware.

    You should reformat and reinstall using legal media and Key.

    Your installation of Office is also likely to be counterfeit, unless acquired through your college or employer, as it's a Volume Licensed version not for sale to the public


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 15, 2012 10:43 AM
    Moderator
  • What is a hackers exploit? I got this laptop off ebay and just thought it was legit. Is there anyway to remove it without having to totally re-install the laptop?

    Can you show me the bit in the log where it says that? Sorry I am a total noob with computers

    Saturday, December 15, 2012 12:36 PM
  • Is there a COA sticker on the case of the machine? - it looks like the examples here.... http://www.microsoft.com/en-us/howtotell/Hardware.aspx - if there is, for which version and edition of Windows is it valid? Is the Product Key legible?

    The clues:-

    Cached Online Validation Code: 0xc004c4ab - Windows has found an Activation Exploit

    <SYSTEM><Manufacturer>Alienware</Manufacturer><Model>M11x R2</Model></SYSTEM> - this is the make and model of the motherboard  It would therefore be expected for all parts of teh system to show with Alienware (or Dell) decals, and data.

     SLIC LENOVOTP-7X  - this is from a Lenovo computer and cannot be present in any other make. It must therefore be part of an Exploit.

    The solution

    1) Demand a refund from the vendor - if you bought it as new, then you should be aware that it ws manufactured around July 2010.

    2) If the COA sticker exists, and is legible, you can reinstall Windows using that Key, together with the appropriate media.

    3) If the COA sticker isn't present, or is unreadable, you can try ordering a set of Recovery media from the manufacturer, and reinstalling using that.

    4) if all else fails, you would have to purchase a Full Retail license for Windows and reinstall from the accompanying disks.

    The reasons I recommend the reinstall are

    a) The machine is obviously 'pre-owned' - you therefore have no idea what the state of the installed software is, it could be riddled with malware, and phoning home to its previous owner every 5 minutes with details of all your activities

    b) An Activation Exploit is a hacker's tool - and while the hack itself may not cause problems, these things often come bundled with malware that may not become apparent until some trigger-condition sets it off, or it may have opened your firewall to attacks from outside.

    Yes, it's possible to just swap a full Key into the system after removing the hack - but you need to know which hack has been used (there are dozens), and how to get rid of it, and then you're still not absolutely sure about the rest of the system.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 15, 2012 1:10 PM
    Moderator
  • Yeah there is a COA sticker. When I tried to enter the code from it just now it said it appears to not be valid, but the sticker looks valid so I am confused.

    The laptop I purchased a few months ago, it was advertised as refurbished, and the windows wasn't really specified, just said the version it had on it.

    Actually it is funny you said that, when I first got the laptop there were quite a few weird programs on it. Programs to control the laptop, or monitor it when you are not actually on it. I removed and uninstalled anything I didn't know, Now I am worried I might not of gotten it all. 

    Sorry for a stupid question, but what is a set of recovery media?

    I am guessing because windows has found a hack I must not of gotten rid of all the programs. God this is a nightmare :( 

    Is there anyway I can upload a list of things installed that perhaps you might recognise something in there? Sorry again I am not that experienced with computers.

    Thank you for all the help so far.

    Saturday, December 15, 2012 1:34 PM
  • Windows will not accept a new Key until the Exploit is removed completely - and the Key must be for the same edition of Windows as is installed.

    Apart from the actual Key, what exactly is printed on the COA sticker?

    You can run MSINFO32 and save the output to a file - then upload the file to your SkyDrive (http://skydrive.live.com) or other favoured fileshare service, and post a link to the upload. Then we can have a look.

    Recovery Media are DVD's provided by the manufacturer for the purpose of reinstalling the original software, and returning the machine to its ex-factory state - it always includes the Operating System (Widnows) itself, and may include a variety of other software (which you may or may not be able to opt out of). It will usually completely wipe at least the C: drive clean before reinstalling, so you MUST back up to external media first.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 15, 2012 1:55 PM
    Moderator
  • It says certificate of authenticity, and proof of license, the rest of it is faded.

    It also says X12-53761 and has a few bar codes.

    I uploaded the file to my skydrive, the link is : https://skydrive.live.com/redir?resid=C4746D891953CE99!132&authkey=!AEQPlnBjf9BHFAg

    Please let me know if it work, never used it before.

    Thank you ever so much for all the help, I really appreciate it! I also want to apologise if it is frustrating to help me at times due to my lack of knowledge, but thank you for being patient! 


    Saturday, December 15, 2012 2:15 PM
  • Ah - that explains a lot.

    The COA sticker is actually for Windows XP Home edition!

    I was under the impression that the M11x R2 was a Windows7 netbook, rather than an XP one - obviously, I was wrong!

    From the looks of the Event logs in the report, you've had the machine for around 6 months? - there is a large number of errors in July, and a more recent batch containing a lot of problems with the CryptSvc service.

    My recommendation would be to purchase an Upgrade to Windows 7 Home Premium, and then do a clean install from that - or see whether you can get any satisfaction from your vendor (if he hasn't already skipped into the wilderness). If for some reason, you want a higher edition of WIndows 7, then go for Pro rather than Ultimate (unless you need multiple languages and/or Bitlocker)

    I can see no obvious signs of malware, and you have a reasonable AV (AVG), as well as MBAM installed, so they should catch most things.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 15, 2012 2:54 PM
    Moderator
  • I had a lot of issues at first due to the RAM inside the machine was completely faulty. I had to purchase brand new RAM as it kept blue screening and the memtest said it was all broken. The guy I purchased it from sent me virtually all the money for it to be replaced. Since then I have tried to contact him and he has been less than helpful. Just one thing after another. I have learnt my lesson though not to buy elecrtronics from ebay any more that is for sure.

    Yes I have had it for roughly 6 months. Can you explain to me what the CryptSvc is? The version of windows on it now is 7 but my guess is it was originally windows XP and the guy who had it before put an illegal copy of windows on it and who knows what else (like I said there were lots of weird programs on it when I first purchased it).

    Is Pro a lot better than the Home edition and worth the extra money?

    Thank you for the amazing help once again.

    Saturday, December 15, 2012 4:59 PM
  • CryptScv is the Cryptographics Service - on which Windows relies for checking things like software certificates and licensing.

    If the service is broken, there's a good chance that programs can't be installed or updated.

    There are basically only two good reasons for installing Pro rather than Home Premium.

    1) You need to connect to a Server network (WHS doesn't count, here!)

    2) You want to be able to use Windows XP Mode ( a Windows XP Virtual Machine running under Windows 7)

    Almost everything else is the same, or can be worked around.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, December 16, 2012 8:01 PM
    Moderator
  • Okay thank you again. This is incredibly frustrating. My plan at the moment is to borrow a windows XP cd from my friend and using the key on the bottom of my laptop (if it works) to install it, and then buy an upgrade version of Windows 7 as this is a lot cheaper than the full version. I already have to take the laptop in for a fault with the screen which will cost me around £200, last thing I wanted was to have to pay for more too. Do you think that sounds like an okay idea?
    Monday, December 17, 2012 1:18 AM
  • If you can get hold of a legal Upgrade license and disk for Windows 7, you can use the procedures here for a clean install....

    http://winsupersite.com/article/windows-7/clean-install-windows-7-with-upgrade-media-128512

    (no XP disk required <g>)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, December 17, 2012 10:07 AM
    Moderator
  • Ohhhh that is a lot easier. Yes I will be ordering a copy in the next few days. I just find everything easier when you have a proper version regardless of the fact you have to pay for it. A friend of mine has never purchased windows and always has issues with his computer, and my pc has been running completely fine for 3 years now without a single issue. 

    Thank you ever so much for all the help, I really would be no where without the help you gave me!

    Monday, December 17, 2012 5:38 PM
  • You're welcome - feel free to come back with any questions. If I don't know teh answer, then I can at least point you in the right direction.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, December 17, 2012 6:03 PM
    Moderator