locked
Real or not ? - I think not RRS feed

  • Question

  • Hi all,

    I've just purchased a laptop with Windows 7 Pro COA

    Don't think its genuine

    I cannot access Activate Windows, Slui.exe and the Windows Validate says parts are missing etc.

    Here's the Genuine advantage Diagnostic

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-MV8MH-98QJM-24367
    Windows Product Key Hash: wgci5Gdejx4esg7++zTOe3LWF+4=
    Windows Product ID: 00371-OEM-8992671-00437
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {4B13EF06-0EFB-47DB-B78E-63BBB4970C00}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Prompt
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{4B13EF06-0EFB-47DB-B78E-63BBB4970C00}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-24367</PKey><PID>00371-OEM-8992671-00437</PID><PIDType>2</PIDType><SID>S-1-5-21-2688462322-3262070433-815245743</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>252225G</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>6IET65WW (1.25 )</Version><SMBIOSVersion major="2" minor="6"/><Date>20100607000000.000000+000</Date></BIOS><HWID>99BC3807018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-6I   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 3:11:2014 06:20
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: OgAAAAEABQABAAEAAAACAAAABAABAAEA6GEanY0lNImcfOTKyOR0rhqgEOIG7hB19ny2WOxazrlcXQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   LENOVO  TP-6I  
      FACP   LENOVO  TP-6I  
      HPET   LENOVO  TP-6I  
      BOOT   LENOVO  TP-6I  
      MCFG   LENOVO  TP-6I  
      SSDT   LENOVO  TP-6I  
      ECDT   LENOVO  TP-6I  
      ASF!   LENOVO  TP-6I  
      SLIC   LENOVO  TP-6I  
      SSDT   LENOVO  TP-6I  
      SSDT   LENOVO  TP-6I  
      TCPA   PTL   CRESTLN
      SSDT   LENOVO  TP-6I  
      SSDT   LENOVO  TP-6I  
      SSDT   LENOVO  TP-6I  

    I ain't no expert but I get the jist.

    Thanks all in advance

    Tuesday, March 11, 2014 6:24 AM

Answers

  • The system shows signs of having had RemoveWAT installed in order to circumvent Activation and Validation requirements.

     Best way to fix it now (since we don't know which version of RemoveWAT was used) is to run WATFix....

    Download WATFix - make sure that you UNTICK the box for the 'download manager, and click on the link on the left of the page, not the big shiny button on the right (which is an ad for the download manager!!) - and use that - extraxt the .exe file, and run it, then reboot.

     Post back with another MGADiag report, and we'll then see what we can do.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, March 12, 2014 8:31 PM
    Moderator

All replies

  • The system shows signs of having had RemoveWAT installed in order to circumvent Activation and Validation requirements.

     Best way to fix it now (since we don't know which version of RemoveWAT was used) is to run WATFix....

    Download WATFix - make sure that you UNTICK the box for the 'download manager, and click on the link on the left of the page, not the big shiny button on the right (which is an ad for the download manager!!) - and use that - extraxt the .exe file, and run it, then reboot.

     Post back with another MGADiag report, and we'll then see what we can do.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, March 12, 2014 8:31 PM
    Moderator
  • Thanks Noticed that myself so contacted the seller and he assured me COA was genuine even though the product key the laptop was registered with was different to the sticker. He asked me to change product key via cmd slmgr.vbs- ipk but was denied I then removed the slmgr.vbs.removewat and replaced with correct slmgr.vbs, changed permissions on the slui.exe. Then re-entered the product key via the above cmd procedure and appears to be genuine. Activate Windows / slui.exe work, Microsoft say genuine, Microsoft validation works and suddenly the Windows Activation field appeared in System. Seems legit but was definitely running a cracked version !
    Thursday, March 13, 2014 7:05 AM
  • Please run the WATFix tool - there's a lot more to the RemoveWAT than immediately meets the eye.

    Once you've done that, post another MGADiag report, and we'll take another look.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, March 13, 2014 4:21 PM
    Moderator
  • Hi,

    Thanks

    Ran WATfix still appears genuine. MGADiag report ;

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-CJJVX-32VKP-HPXXR
    Windows Product Key Hash: btpIsNq0c0c7B0/+A9HtfGcKUF4=
    Windows Product ID: 00371-OEM-9305632-70278
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {4B13EF06-0EFB-47DB-B78E-63BBB4970C00}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Prompt
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{4B13EF06-0EFB-47DB-B78E-63BBB4970C00}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HPXXR</PKey><PID>00371-OEM-9305632-70278</PID><PIDType>8</PIDType><SID>S-1-5-21-2688462322-3262070433-815245743</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>252225G</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>6IET65WW (1.25 )</Version><SMBIOSVersion major="2" minor="6"/><Date>20100607000000.000000+000</Date></BIOS><HWID>99BC3807018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-6I   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-056-370278-02-2057-7601.0000-0702014
    Installation ID: 006984849201008745251951385612107606227032351996311721
    Processor Certificate URL:
    Machine Certificate URL:
    Partial Product Key: HPXXR
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 14/03/2014 07:29:56

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 3:13:2014 19:23
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: PAAAAAIABQABAAEAAAACAAAABAABAAEA6GEanY0ldxY0iZx85MrI5HSuGqAQ4gbuEHX2fLZY7FrOuVxd

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   LENOVO  TP-6I  
      FACP   LENOVO  TP-6I  
      HPET   LENOVO  TP-6I  
      BOOT   LENOVO  TP-6I  
      MCFG   LENOVO  TP-6I  
      SSDT   LENOVO  TP-6I  
      ECDT   LENOVO  TP-6I  
      ASF!   LENOVO  TP-6I  
      SLIC   LENOVO  TP-6I  
      SSDT   LENOVO  TP-6I  
      SSDT   LENOVO  TP-6I  
      TCPA   PTL   CRESTLN
      SSDT   LENOVO  TP-6I  
      SSDT   LENOVO  TP-6I  
      SSDT   LENOVO  TP-6I  

    Friday, March 14, 2014 7:37 AM
  • That looks fine now - with any luck the tool should have corrected any errors or omissions you may have made attempting things manually, so you shouldn't have any further problems.

    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, March 14, 2014 9:25 AM
    Moderator
  • Thanks for your help
    Saturday, March 15, 2014 10:23 AM