locked
Virus Made Windows Non-genuine RRS feed

  • Question

  • I have not been able to find a fix on this forum that suits to my exact situation.  A couple days ago, I removed an instance of Rogue.FakeHDD and of Trojan.Backdoor from my computer.  I performed several virus scans on with multiple antivirus and antimalware software, so I am pretty sure they are gone.  I also performed a registry cleaner and defragmented my hard drive to help boost performance after the removal.  However, when I started my laptop today, it now asks me to input my product key.  The CD with which I installed Windows 7 is not nearby, so I cannot provide the key right now.  However, I know that my copy of Windows is genuine and I should not have to prove so.  Here is my MGADiag:

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 50

    Cached Online Validation Code: 0xc004c4a8

    Windows Product Key: *****-*****-PT3XJ-T6BYP-DX9CJ

    Windows Product Key Hash: BqPfkV0Zd1cQ/0Efi6/Y0qa3pVs=

    Windows Product ID: 00359-OEM-8882466-79437

    Windows Product ID Type: 3

    Windows License Type: OEM System Builder

    Windows OS version: 6.1.7601.2.00010300.1.0.003

    ID: {ADB39921-541D-439B-860A-843232E5581E}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Home Premium

    Architecture: 0x00000000

    Build lab: 7601.win7sp1_gdr.111025-1505

    TTS Error: 

    Validation Diagnostic: 

    Resolution Status: N/A

     

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: 2.0.48.0

    OGAExec.exe Signed By: Microsoft

    OGAAddin.dll Signed By: Microsoft

     

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Professional Plus 2007 - 100 Genuine

    OGA Version: Registered, 2.0.48.0

    Signed By: Microsoft

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{ADB39921-541D-439B-860A-843232E5581E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DX9CJ</PKey><PID>00359-OEM-8882466-79437</PID><PIDType>3</PIDType><SID>S-1-5-21-2860370204-4037608288-3882814258</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>2764CTO</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7UET66WW (2.16 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20090422000000.000000+000</Date></BIOS><HWID>50D83607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7U   </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>AC685AEA23AB586</Val><Hash>oO8M6ySvAIc/8TvRdlfG3kU8HUw=</Hash><Pid>89409-707-0657082-65820</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

     

    Spsys.log Content: 0x80070002

     

    Licensing Data-->

    Software licensing service version: 6.1.7601.17514

    Error: product key not found.

     

    Windows Activation Technologies-->

    HrOffline: 0x00000000

    HrOnline: 0xC004C4A8

    HealthStatus: 0x0000000000000000

    Event Time Stamp: 12:17:2011 11:25

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

     

     

    HWID Data-->

    HWID Hash Current: PAAAAAIABwABAAIAAAABAAAAAgABAAEAeqh2VMdXdxawVBDTLgjEpXp/gIXkLDC+JDQUoHC2guHkJ0bK

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information: 

      ACPI Table Name OEMID Value OEMTableID Value

      APIC LENOVO TP-7U   

      FACP LENOVO TP-7U   

      HPET LENOVO TP-7U   

      BOOT LENOVO TP-7U   

      MCFG LENOVO TP-7U   

      SSDT LENOVO TP-7U   

      ECDT LENOVO TP-7U   

      SLIC LENOVO TP-7U   

      ASF! LENOVO TP-7U   

      SSDT LENOVO TP-7U   

      TCPA

      SSDT LENOVO TP-7U   

      SSDT LENOVO TP-7U   

      SSDT LENOVO TP-7U   

     

    Someone please help.

    Sunday, December 18, 2011 12:23 AM

Answers

  • Licensing Data-->

    Software licensing service version: 6.1.7601.17514

    Error: product key not found.

     

    Try recreating the licensing store

    Recreate the Licensing Store

        1) Click Start button.

        2) Type: CMD.exe into the 'Search programs and files' field

        3) Right-Click on CMD.exe and select Run as Administrator

        4) Type: net stop sppsvc   (It may ask you if you are sure, select yes)

        Note: the Software Protection service may not be running, this is ok.

        5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform

        6) Type: rename tokens.dat tokens.bar

        7) Type: cd %windir%\system32

        8) Type: net start sppsvc

        9) Type: slui.exe

        10) After a couple of seconds Windows Activation dialog will appear. You may be asked to re-activate and/or re-enter your product key or Activation may occur automatically.

     

    Reboot, then run MGADiag again, and post the report

    • Marked as answer by dvdh8791 Sunday, December 18, 2011 6:58 AM
    Sunday, December 18, 2011 3:20 AM
    Answerer

All replies

  • Licensing Data-->

    Software licensing service version: 6.1.7601.17514

    Error: product key not found.

     

    Try recreating the licensing store

    Recreate the Licensing Store

        1) Click Start button.

        2) Type: CMD.exe into the 'Search programs and files' field

        3) Right-Click on CMD.exe and select Run as Administrator

        4) Type: net stop sppsvc   (It may ask you if you are sure, select yes)

        Note: the Software Protection service may not be running, this is ok.

        5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform

        6) Type: rename tokens.dat tokens.bar

        7) Type: cd %windir%\system32

        8) Type: net start sppsvc

        9) Type: slui.exe

        10) After a couple of seconds Windows Activation dialog will appear. You may be asked to re-activate and/or re-enter your product key or Activation may occur automatically.

     

    Reboot, then run MGADiag again, and post the report

    • Marked as answer by dvdh8791 Sunday, December 18, 2011 6:58 AM
    Sunday, December 18, 2011 3:20 AM
    Answerer
  • Thanks for your attention.  When I restarted and logged in, Windows was still not genuine.  This time, instead of prompting me for my product key, it just says that Windows is not genuine and that I could go online to buy another key.  I don't want to spend $100 on another key when I know for certain that my Windows is genuine.
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-PT3XJ-T6BYP-DX9CJ
    Windows Product Key Hash: BqPfkV0Zd1cQ/0Efi6/Y0qa3pVs=
    Windows Product ID: 00359-OEM-8882466-79437
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {ADB39921-541D-439B-860A-843232E5581E}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft
    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{ADB39921-541D-439B-860A-843232E5581E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DX9CJ</PKey><PID>00359-OEM-8882466-79437</PID><PIDType>3</PIDType><SID>S-1-5-21-2860370204-4037608288-3882814258</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>2764CTO</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7UET66WW (2.16 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20090422000000.000000+000</Date></BIOS><HWID>50D83607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7U   </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>AC685AEA23AB586</Val><Hash>oO8M6ySvAIc/8TvRdlfG3kU8HUw=</Hash><Pid>89409-707-0657082-65820</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  
    Spsys.log Content: 0x80070002
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
    Activation ID: 9f83d90f-a151-4665-ae69-30b3f63ec659
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00176-824-679437-02-1033-7601.0000-3512011
    Installation ID: 000963664424894896127892343915256785668662672424639092
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: DX9CJ
    License Status: Notification
    Notification Reason: 0xC004FE00.
    Remaining Windows rearm count: 5
    Trusted time: 12/17/2011 9:09:23 PM
    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C533
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 12:17:2011 21:08
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    HWID Data-->
    HWID Hash Current: PAAAAAIABwABAAIAAAABAAAAAgABAAEAeqh2VMdXdxawVBDTLgjEpXp/gIXkLDC+JDQUoHC2guHkJ0bK
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC LENOVO TP-7U   
      FACP LENOVO TP-7U   
      HPET LENOVO TP-7U   
      BOOT LENOVO TP-7U   
      MCFG LENOVO TP-7U   
      SSDT LENOVO TP-7U   
      ECDT LENOVO TP-7U   
      SLIC LENOVO TP-7U   
      ASF! LENOVO TP-7U   
      SSDT LENOVO TP-7U   
      TCPA
      SSDT LENOVO TP-7U   
      SSDT LENOVO TP-7U   
      SSDT LENOVO TP-7U   
    Sunday, December 18, 2011 5:13 AM
  • Fixed one problem.

    I missed the other one the first around.

     

    You have a windows 7 marker in your bios however your bios date 4/22/2009 was before the release of windows 7 so should have a Vista marker.

    Looks like a hackers loader program was used at some point. You will have to get rid of the loader remnants to get your windows genuine. If you don't know what was used you will have to reinstall.

    Sunday, December 18, 2011 6:09 AM
    Answerer
  • My computer came installed with Vista.  However, Windows 7 came out shortly after I bought it, so Lenovo offered me a discounted upgrade to Windows 7.  This is why the BIOS of the computer may be older than Windows 7.  I tried starting up slui.exe in cmd again.  Interestingly, this gave me a different message than the one from startup.  This time it simply told me that I needed to activate Windows (but it did not say that Windows was non-genuine nor did it prompt for an activation key).  I clicked the activate button and this seemed to have fixed the problem.  Your first solution seemed to have worked.  Thank you so much for the help.
    Sunday, December 18, 2011 6:57 AM
  • "george1009" wrote in message news:f720e836-cd63-4277-9e10-2963a5bff826...

    Fixed one problem.

    I missed the other one the first around.

     

    You have a windows 7 marker in your bios however your bios date 4/22/2009 was before the release of windows 7 so should have a Vista marker.

    Looks like a hackers loader program was used at some point. You will have to get rid of the loader remnants to get your windows genuine. If you don't know what was used you will have to reinstall.

     
    Doesn’t make any difference, George – it’s an NSLP Key.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, December 18, 2011 9:47 AM
    Moderator
  • "dvdh8791" wrote in message news:2816532f-ba06-4ef4-907b-aeb3ef45317d...
    Thanks for your attention.  When I restarted and logged in, Windows was still not genuine.  This time, instead of prompting me for my product key, it just says that Windows is not genuine and that I could go online to buy another key.  I don't want to spend $100 on another key when I know for certain that my Windows is genuine.
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-PT3XJ-T6BYP-DX9CJ
    Windows Product Key Hash: BqPfkV0Zd1cQ/0Efi6/Y0qa3pVs=
    Windows Product ID: 00359-OEM-8882466-79437
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7601.2.00010300.1.0.003
     
    Other data-->
    SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>2764CTO</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7UET66WW (2.16 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20090422000000.000000+000</Date></BIOS
     
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
    Partial Product Key: DX9CJ
    License Status: Notification
    Notification Reason: 0xC004FE00.
    Remaining Windows rearm count: 5
    Trusted time: 12/17/2011 9:09:23 PM
    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C533
     
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
     
     
    Having told George that the NSLP Key should override the SLIC status – I’m no longer so sure that that is the problem.
    It looks to me as if you have an Activation Exploit present (a Loader) to bypass activation and validation.
    This has been broken but part of the system still thinks that it’s an OEM_SLP install.
    This could be tricky to solve – and I suspect that in view of your history with the virus, that the best thing to do would be a clean install.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, December 18, 2011 9:51 AM
    Moderator