locked
build 7601 window not genuine, since uninstall avast antivirus RRS feed

  • Question

  • I recently made change to the computer, which is i uninstalled the antivirus (Avast free), and since then i notice the notification on the desktop, stating that my copy of windows not genuine. i tried googling, and found some tips, to rund the command , slmgr -rearm, which i found only to extend the trial activation date of the windows.

    on the label at the laptop case, there is a genuine windows vista label. the laptop belongs to my girlfriend, and she cant recall whether she made the upgrade or not.

    so i install the MGADiag from microsoft, and following is the report created.

    i would appreciate any help, thanks.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-XXFCY-7BR4V-24X8J
    Windows Product Key Hash: TcZBJdOL2yQeuYoO2PWX5NAV8x4=
    Windows Product ID: 00371-OEM-8992671-00014
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {0E017410-2EDD-4144-BC4C-B56DF01359C8}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.140303-2144
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070005]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{0E017410-2EDD-4144-BC4C-B56DF01359C8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-24X8J</PKey><PID>00371-OEM-8992671-00014</PID><PIDType>2</PIDType><SID>S-1-5-21-80238280-4281845216-2172075984</SID><SYSTEM><Manufacturer>Sony Corporation</Manufacturer><Model>VGN-CS21S_R</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>R1100Q2</Version><SMBIOSVersion major="2" minor="4"/><Date>20090901000000.000000+000</Date></BIOS><HWID>AEF33007018400F8</HWID><UserLCID>0407</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>Sony</OEMID><OEMTableID>VAIO</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>C0A25836FDBE5AC</Val><Hash>FmDbcrRY1pTOcrz4ZUZRHhpUuc0=</Hash><Pid>89388-726-2958074-65740</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700014-02-1033-7601.0000-2602012
    Installation ID: 022080266871329681001286266594966021247036914504768080
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 24X8J
    License Status: Initial grace period
    Time remaining: 43200 minute(s) (30 day(s))
    Remaining Windows rearm count: 3
    Trusted time: 09.11.2014 00:37:33

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Not Registered - 0x80070005
    Admin Service: Not Registered - 0x80070005
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NAAAAAIAAwABAAEAAAABAAAAAwABAAEAeqgC6ncWBjtUe2L/en+MXAAwsr8dweCDGHxGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC Sony VAIO
      FACP Sony VAIO
      HPET Sony VAIO
      BOOT Sony VAIO
      MCFG Sony VAIO
      ASF! Sony VAIO
      SLIC Sony VAIO
      SSDT Sony VAIO
      SSDT Sony VAIO
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-XXFCY-7BR4V-24X8J
    Windows Product Key Hash: TcZBJdOL2yQeuYoO2PWX5NAV8x4=
    Windows Product ID: 00371-OEM-8992671-00014
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {0E017410-2EDD-4144-BC4C-B56DF01359C8}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.140303-2144
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070005]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{0E017410-2EDD-4144-BC4C-B56DF01359C8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-24X8J</PKey><PID>00371-OEM-8992671-00014</PID><PIDType>2</PIDType><SID>S-1-5-21-80238280-4281845216-2172075984</SID><SYSTEM><Manufacturer>Sony Corporation</Manufacturer><Model>VGN-CS21S_R</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>R1100Q2</Version><SMBIOSVersion major="2" minor="4"/><Date>20090901000000.000000+000</Date></BIOS><HWID>AEF33007018400F8</HWID><UserLCID>0407</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>Sony</OEMID><OEMTableID>VAIO</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>C0A25836FDBE5AC</Val><Hash>FmDbcrRY1pTOcrz4ZUZRHhpUuc0=</Hash><Pid>89388-726-2958074-65740</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700014-02-1033-7601.0000-2602012
    Installation ID: 022080266871329681001286266594966021247036914504768080
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 24X8J
    License Status: Initial grace period
    Time remaining: 43200 minute(s) (30 day(s))
    Remaining Windows rearm count: 3
    Trusted time: 09.11.2014 00:37:33

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Not Registered - 0x80070005
    Admin Service: Not Registered - 0x80070005
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NAAAAAIAAwABAAEAAAABAAAAAwABAAEAeqgC6ncWBjtUe2L/en+MXAAwsr8dweCDGHxGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC Sony VAIO
      FACP Sony VAIO
      HPET Sony VAIO
      BOOT Sony VAIO
      MCFG Sony VAIO
      ASF! Sony VAIO
      SLIC Sony VAIO
      SSDT Sony VAIO
      SSDT Sony VAIO


    Saturday, November 8, 2014 11:45 PM

Answers

  • The installed Key is an OEM_SLP Key for Windows 7 - and this machine shipped with Vista installed, and therefore cannot possibly support such a Key without the assistance of a hacker's activation exploit.

    There are signs of such an exploit in the report...

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070005]

    These errors indicate permissions problems with all four files related to the WAT update which specifically looks for Activation Exploits (amongst other things)

    You need to reformat and reinstall the original Operating System (presumably Vista Home Premium?) using the Manufacturer's Recovery media - or reformat and reinstall with genuine media and Key for Windows 7.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, November 9, 2014 10:35 AM
    Moderator