Windows 7 showing as not genuine (but it is!)

Question

0

Sign in to vote

Bought and installed windows 7 (upgraded from genuine Windows Vista that came with the computer) as part of the Microsoft Student Offer.

Has been running without any issues since September 2010. Suddenly it's showing that my windows is not genuine and when I run the "slui.exe 4" and chose "Go online and resolve". It shows up as "Windows validation was interrupted. The validation service is not available at this time. Please try validation again later." I didn't get the option to choose my country and phone an agent.

Searched up online and found people talking about running the Microsoft Genuine Advantage diagnostic tool.  Here's the diagnostic report.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G
Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=
Windows Product ID: 00371-153-6216204-85958
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {A55987CB-AABF-4B85-AE3E-D05973DD3665}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7600.win7_gdr.101026-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A55987CB-AABF-4B85-AE3E-D05973DD3665}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PF98G</PKey><PID>00371-153-6216204-85958</PID><PIDType>5</PIDType><SID>S-1-5-21-2465600432-425639871-9859183</SID><SYSTEM><Manufacturer>ACER</Manufacturer><Model>Aspire M1640</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-B4</Version><SMBIOSVersion major="2" minor="5"/><Date>20080911000000.000000+000</Date></BIOS><HWID>29BA3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>62ACA3BC2FA4D86</Val><Hash>OEN30C9r7K+ibEK9M3u714GFOIA=</Hash><Pid>89388-707-1421247-65951</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-153-621620-01-1033-7600.0000-0502011
Installation ID: 005790818052911491948490451413167331943685246280868770
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: PF98G
License Status: Unlicensed
Remaining Windows rearm count: 3
Trusted time: 2/19/2011 10:43:38 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:8:2011 21:57
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAEAAgADAAAAAQABAAEAeqj6CxRp7MU6E/Iw1PAWsJK8ilJwyhXx6UsqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC   091108  APIC1058
FACP   091108  FACP1058
HPET   091108  OEMHPET0
MCFG   091108  OEMMCFG
WDRT   091108  NV-WDRT
SLIC   ACRSYS  ACRPRDCT
OEMB   091108  OEMB1058
NVHD   091108  NVHDCP
AWMI   091108  OEMB1058
SSDT   DpgPmm  CpuPm

Please help me! Thanks in advance.

Sunday, February 20, 2011 6:56 AM

Reply

|

Quote

|

Answers

0

Sign in to vote
"wowo9" wrote in message news:b4094bde-fec9-49c0-a6a7-e4f64474bd0a...

Bought and installed windows 7 (upgraded from genuine Windows Vista that came with the computer) as part of the Microsoft Student Offer.

Has been running without any issues since September 2010. Suddenly it's showing that my windows is not genuine and when I run the "slui.exe 4" and chose "Go online and resolve". It shows up as "Windows validation was interrupted. The validation service is not available at this time. Please try validation again later." I didn't get the option to choose my country and phone an agent.

Searched up online and found people talking about running the Microsoft Genuine Advantage diagnostic tool. Here's the diagnostic report.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G
Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=
Windows Product ID: 00371-153-6216204-85958
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048

Please help me! Thanks in advance.

It would appear that somehow your apparently-genuine installation has been affected by a hacker's Loader program (that's the 0xC004C4A8 error) - also called by MS an Activation Exploit. Such a program is usually used to fool the computer into working with an OEM license from a different manufacturer to the original one, or a machine from a different range to the original one.
As such it would indicate that something may have got past your security software (although most security software appears not to look for Loaders).

Your key is apparently genuine (Darin can confirm/deny that when he gets a chance to look at it), and since it's retail, it doesn't need a hack to be able to load into any machine.

I suggest that you use phone an Activation Center and ask for assistance - use one of the numbers in this list
http://www.microsoft.com/licensing/existing-customers/activation-centers.aspx
(they are for Volume licensing - but they will assist you) explain your problem to them, and see if they can help.

--

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Marked as answer by wowo9 Sunday, February 20, 2011 10:05 PM
Sunday, February 20, 2011 10:50 AM

Reply

|

Quote

|

Moderator

All replies

0

Sign in to vote
"wowo9" wrote in message news:b4094bde-fec9-49c0-a6a7-e4f64474bd0a...

Bought and installed windows 7 (upgraded from genuine Windows Vista that came with the computer) as part of the Microsoft Student Offer.

Has been running without any issues since September 2010. Suddenly it's showing that my windows is not genuine and when I run the "slui.exe 4" and chose "Go online and resolve". It shows up as "Windows validation was interrupted. The validation service is not available at this time. Please try validation again later." I didn't get the option to choose my country and phone an agent.

Searched up online and found people talking about running the Microsoft Genuine Advantage diagnostic tool. Here's the diagnostic report.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G
Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=
Windows Product ID: 00371-153-6216204-85958
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048

Please help me! Thanks in advance.

It would appear that somehow your apparently-genuine installation has been affected by a hacker's Loader program (that's the 0xC004C4A8 error) - also called by MS an Activation Exploit. Such a program is usually used to fool the computer into working with an OEM license from a different manufacturer to the original one, or a machine from a different range to the original one.
As such it would indicate that something may have got past your security software (although most security software appears not to look for Loaders).

Your key is apparently genuine (Darin can confirm/deny that when he gets a chance to look at it), and since it's retail, it doesn't need a hack to be able to load into any machine.

I suggest that you use phone an Activation Center and ask for assistance - use one of the numbers in this list
http://www.microsoft.com/licensing/existing-customers/activation-centers.aspx
(they are for Volume licensing - but they will assist you) explain your problem to them, and see if they can help.

--

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Marked as answer by wowo9 Sunday, February 20, 2011 10:05 PM
Sunday, February 20, 2011 10:50 AM

Reply

|

Quote

|

Moderator

0

Sign in to vote

I was digging around looking for answers on this forum and I think I found out why. I was upgrading from a 32bit Vista to a 64bit Windows 7. During installation it advised me to do an "Custom Install" instead of doing an "Upgrade" as the 32bit cannot be upgraded to 64bit version directly. Therefore I believe Windows 7 was flagged as a "Clean install" but my CD-key was actually just for an upgrade.

I followed the instructions on the link at the second last post. http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/a5e74b50-95a9-4da9-a86c-11e71ad82e73/

Here's the latest diagnostic report. Can you guys please verify that it's all a-okay now? Thanks.

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0

Cached Online Validation Code: 0x0

Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G

Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=

Windows Product ID: 00371-153-6216204-85818

Windows Product ID Type: 5

Windows License Type: Retail

Windows OS version: 6.1.7600.2.00010100.0.0.048

ID: {A55987CB-AABF-4B85-AE3E-D05973DD3665}(3)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Professional

Architecture: 0x00000009

Build lab: 7600.win7_rtm.090713-1255

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 100 Genuine

Microsoft Office Enterprise 2007 - 100 Genuine

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003

File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{A55987CB-AABF-4B85-AE3E-D05973DD3665}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PF98G</PKey><PID>00371-153-6216204-85818</PID><PIDType>5</PIDType><SID>S-1-5-21-2465600432-425639871-9859183</SID><SYSTEM><Manufacturer>ACER</Manufacturer><Model>Aspire M1640</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-B4</Version><SMBIOSVersion major="2" minor="5"/><Date>20080911000000.000000+000</Date></BIOS><HWID>29BA3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>62ACA3BC2FA4D86</Val><Hash>OEN30C9r7K+ibEK9M3u714GFOIA=</Hash><Pid>89388-707-1421247-65951</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Professional edition

Description: Windows Operating System - Windows(R) 7, RETAIL channel

Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 00371-00170-153-621620-01-1033-7600.0000-0512011

Installation ID: 006572459104027132522201395673250246498072932186362820

Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

Partial Product Key: PF98G

License Status: Licensed

Remaining Windows rearm count: 2

Trusted time: 2/20/2011 12:43:40 PM

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: 0x00000000

HealthStatus: 0x0000000000000000

Event Time Stamp: 1:8:2011 21:57

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

HWID Data-->

HWID Hash Current: NAAAAAEAAgABAAEAAgADAAAAAQABAAEAJJT6CxRpOhPsxfIw1PCSvBawilJwyhXx6UsqhQ==

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x0

OEMID and OEMTableID Consistent: yes

BIOS Information:

  ACPI Table Name OEMID Value OEMTableID Value

  APIC 091108 APIC1058

  FACP 091108 FACP1058

  HPET 091108 OEMHPET0

  MCFG 091108 OEMMCFG

  WDRT 091108 NV-WDRT

  SLIC ACRSYS ACRPRDCT

  OEMB 091108 OEMB1058

  NVHD 091108 NVHDCP

  AWMI 091108 OEMB1058

  SSDT DpgPmm CpuPm

Sunday, February 20, 2011 8:43 PM

Reply

|

Quote

|

0

Sign in to vote

"wowo9" wrote in message news:3139830b-672a-4751-be83-8de588750422...

I was digging around looking for answers on this forum and I think I found out why. I was upgrading from a 32bit Vista to a 64bit Windows 7. During installation it advised me to do an "Custom Install" instead of doing an "Upgrade" as the 32bit cannot be upgraded to 64bit version directly. Therefore I believe Windows 7 was flagged as a "Clean install" but my CD-key was actually just for an upgrade.

I followed the instructions on the link at the second last post. http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/a5e74b50-95a9-4da9-a86c-11e71ad82e73/

Here's the latest diagnostic report. Can you guys please verify that it's all a-okay now? Thanks.

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0

Cached Online Validation Code: 0x0

Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G

Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=

Windows Product ID: 00371-153-6216204-85818

Windows Product ID Type: 5

Windows License Type: Retail

Windows OS version: 6.1.7600.2.00010100.0.0.048

OGA Data-->

Office Status: 100 Genuine

Microsoft Office Enterprise 2007 - 100 Genuine

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

File Scan Data-->

File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003

File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003

Your error message would NOT have been caused simply by the problems you say - there was a definite indication of the presence of a Hack.

That seems to have gone, with the reinstall (which has also reset the rearm count)

You need to visit the Validation site to reset the WAT system - which should get rid of the two file mismatches above - http://www.microsoft.com/genuine/validate

and then post back with another MGADiag report.

You need to be aware that there is a high probability that your installation of Office is non-genuine - it's an edition that is sold only in bulk to organisations for use on their own PC's.

--

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Sunday, February 20, 2011 9:02 PM

Reply

|

Quote

|

Moderator

0

Sign in to vote

Thanks for the help. I agree it's possible that the re-install got rid of the hack. As for the re-arm count, what exactly is a "re-arm"?

Yes I'm aware of my Office as I got a copy from my workplace. (I know I should get my own :P)

Here's the latest diagnostic report and it did get rid of the file mismatches.

Really appreciate all the help! :)

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0

Cached Online Validation Code: 0x0

Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G

Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=

Windows Product ID: 00371-153-6216204-85818

Windows Product ID Type: 5

Windows License Type: Retail

Windows OS version: 6.1.7600.2.00010100.0.0.048

ID: {A55987CB-AABF-4B85-AE3E-D05973DD3665}(3)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Professional

Architecture: 0x00000009

Build lab: 7600.win7_rtm.090713-1255

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 100 Genuine

Microsoft Office Enterprise 2007 - 100 Genuine

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{A55987CB-AABF-4B85-AE3E-D05973DD3665}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PF98G</PKey><PID>00371-153-6216204-85818</PID><PIDType>5</PIDType><SID>S-1-5-21-2465600432-425639871-9859183</SID><SYSTEM><Manufacturer>ACER</Manufacturer><Model>Aspire M1640</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-B4</Version><SMBIOSVersion major="2" minor="5"/><Date>20080911000000.000000+000</Date></BIOS><HWID>29BA3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>62ACA3BC2FA4D86</Val><Hash>OEN30C9r7K+ibEK9M3u714GFOIA=</Hash><Pid>89388-707-1421247-65951</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Professional edition

Description: Windows Operating System - Windows(R) 7, RETAIL channel

Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 00371-00170-153-621620-01-1033-7600.0000-0512011

Installation ID: 006572459104027132522201395673250246498072932186362820

Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

Partial Product Key: PF98G

License Status: Licensed

Remaining Windows rearm count: 2

Trusted time: 2/20/2011 1:11:18 PM

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: 0x00000000

HealthStatus: 0x0000000000000000

Event Time Stamp: 2:20:2011 13:09

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

HWID Data-->

HWID Hash Current: NAAAAAEAAgABAAEAAgADAAAAAQABAAEAJJT6CxRpOhPsxfIw1PCSvBawilJwyhXx6UsqhQ==

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x0

OEMID and OEMTableID Consistent: yes

BIOS Information:

  ACPI Table Name OEMID Value OEMTableID Value

  APIC 091108 APIC1058

  FACP 091108 FACP1058

  HPET 091108 OEMHPET0

  MCFG 091108 OEMMCFG

  WDRT 091108 NV-WDRT

  SLIC ACRSYS ACRPRDCT

  OEMB 091108 OEMB1058

  NVHD 091108 NVHDCP

  AWMI 091108 OEMB1058

  SSDT DpgPmm CpuPm

Sunday, February 20, 2011 9:15 PM

Reply

|

Quote

|

0

Sign in to vote

"wowo9" wrote in message news:e0402d48-7b05-41ef-a959-bdd816d7a701...

Thanks for the help. I agree it's possible that the re-install got rid of the hack. As for the re-arm count, what exactly is a "re-arm"?

Yes I'm aware of my Office as I got a copy from my workplace. (I know I should get my own :P)

Here's the latest diagnostic report and it did get rid of the file mismatches.

Really appreciate all the help! :)

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0

Cached Online Validation Code: 0x0

Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G

Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=

Windows Product ID: 00371-153-6216204-85818

Windows Product ID Type: 5

Windows License Type: Retail

Windows OS version: 6.1.7600.2.00010100.0.0.048

OK - all is looking good.

What you need to do is to thoroughly check your system for malware, since often the Key Hacks come with very-much-unwanted hangers-on.

I would suggest an online scan with at least two AV's and a full system scan with Malwarebytes Anti-Malware in safe mode.

The re-arm count is the number of times you can delay a non-genuine notification for the standard time delay (usually 30 days).

--

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Sunday, February 20, 2011 9:42 PM

Reply

|

Quote

|

Moderator

0

Sign in to vote

The antivirus that's running is MSE. Doing a scan now and will check for malware and do additional scans as advised.

Thanks again for the help!

Sunday, February 20, 2011 10:05 PM

Reply

|

Quote

|

0

Sign in to vote

To answer your question about the rearm count, the initial 30 day evaluation period can be extended up to 3 times. That is called rearming. Your system has been rearmed once, leaving two more times availaible. Once activated there is little reason to rearm so don't be concerned about it.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

Sunday, February 20, 2011 10:09 PM

Reply

|

Quote

|

Answerer

Answered by:

Windows 7 showing as not genuine (but it is!)

Question

Answers

All replies