Windows 7 showing as not genuine (but it is!)

All replies

• 

  

  0

  Sign in to vote

  "wowo9" wrote in message news:b4094bde-fec9-49c0-a6a7-e4f64474bd0a...

  Bought and installed windows 7 (upgraded from genuine Windows Vista that came with the computer) as part of the Microsoft Student Offer.

  Has been running without any issues since September 2010.  Suddenly it's showing that my windows is not genuine and when I run the "slui.exe 4" and chose "Go online and resolve".  It shows up as "Windows validation was interrupted. The validation service is not available at this time. Please try validation again later."  I didn't get the option to choose my country and phone an agent.

  Searched up online and found people talking about running the Microsoft Genuine Advantage diagnostic tool.  Here's the diagnostic report.

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->

  Validation Code: 50
  Cached Online Validation Code: 0xc004c4a8
  Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G
  Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=
  Windows Product ID: 00371-153-6216204-85958
  Windows Product ID Type: 5
  Windows License Type: Retail
  Windows OS version: 6.1.7600.2.00010100.0.0.048
  

   

   

  Please help me!  Thanks in advance.

  
  

  It would appear that somehow your apparently-genuine installation has been affected by a hacker's Loader program (that's the 0xC004C4A8 error) - also called by MS an Activation Exploit. Such a program is usually used to fool  the computer into working with an OEM license from a different manufacturer to the original one, or a machine from a different range to the original one.
  As such it would indicate that something may have got past your security software (although most security software appears not to look for Loaders).
   
  Your key is apparently genuine (Darin can confirm/deny that when he gets a chance to look at it), and since it's retail, it doesn't need a hack to be able to load into any machine.
   
  I suggest that you use phone an Activation Center and ask for assistance - use one of the numbers in this list
  http://www.microsoft.com/licensing/existing-customers/activation-centers.aspx
  (they are for Volume licensing - but they will assist you) explain your problem to them, and see if they can help.
   
  

  
  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  • Marked as answer by wowo9 Sunday, February 20, 2011 10:05 PM

  Sunday, February 20, 2011 10:50 AM

  Reply

  |

  Quote

  |

  Moderator
• 

  

  0

  Sign in to vote

  I was digging around looking for answers on this forum and I think I found out why.  I was upgrading from a 32bit Vista to a 64bit Windows 7.  During installation it advised me to do an "Custom Install" instead of doing an "Upgrade" as the 32bit cannot be upgraded to 64bit version directly.  Therefore I believe Windows 7 was flagged as a "Clean install" but my CD-key was actually just for an upgrade.

  I followed the instructions on the link at the second last post. http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/a5e74b50-95a9-4da9-a86c-11e71ad82e73/

   

  Here's the latest diagnostic report.  Can you guys please verify that it's all a-okay now?  Thanks.

   

  Diagnostic Report (1.9.0027.0):

  -----------------------------------------

  Windows Validation Data-->

   

  Validation Code: 0

  Cached Online Validation Code: 0x0

  Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G

  Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=

  Windows Product ID: 00371-153-6216204-85818

  Windows Product ID Type: 5

  Windows License Type: Retail

  Windows OS version: 6.1.7600.2.00010100.0.0.048

  ID: {A55987CB-AABF-4B85-AE3E-D05973DD3665}(3)

  Is Admin: Yes

  TestCab: 0x0

  LegitcheckControl ActiveX: N/A, hr = 0x80070002

  Signed By: N/A, hr = 0x80070002

  Product Name: Windows 7 Professional

  Architecture: 0x00000009

  Build lab: 7600.win7_rtm.090713-1255

  TTS Error: 

  Validation Diagnostic: 

  Resolution Status: N/A

   

  Vista WgaER Data-->

  ThreatID(s): N/A, hr = 0x80070002

  Version: N/A, hr = 0x80070002

   

  Windows XP Notifications Data-->

  Cached Result: N/A, hr = 0x80070002

  File Exists: No

  Version: N/A, hr = 0x80070002

  WgaTray.exe Signed By: N/A, hr = 0x80070002

  WgaLogon.dll Signed By: N/A, hr = 0x80070002

   

  OGA Notifications Data-->

  Cached Result: N/A, hr = 0x80070002

  Version: N/A, hr = 0x80070002

  OGAExec.exe Signed By: N/A, hr = 0x80070002

  OGAAddin.dll Signed By: N/A, hr = 0x80070002

   

  OGA Data-->

  Office Status: 100 Genuine

  Microsoft Office Enterprise 2007 - 100 Genuine

  OGA Version: N/A, 0x80070002

  Signed By: N/A, hr = 0x80070002

  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

   

  Browser Data-->

  Proxy settings: N/A

  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

  Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe

  Download signed ActiveX controls: Prompt

  Download unsigned ActiveX controls: Disabled

  Run ActiveX controls and plug-ins: Allowed

  Initialize and script ActiveX controls not marked as safe: Disabled

  Allow scripting of Internet Explorer Webbrowser control: Disabled

  Active scripting: Allowed

  Script ActiveX controls marked as safe for scripting: Allowed

   

  File Scan Data-->

  File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003

  File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003

   

  Other data-->

  Office Details: <GenuineResults><MachineData><UGUID>{A55987CB-AABF-4B85-AE3E-D05973DD3665}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PF98G</PKey><PID>00371-153-6216204-85818</PID><PIDType>5</PIDType><SID>S-1-5-21-2465600432-425639871-9859183</SID><SYSTEM><Manufacturer>ACER</Manufacturer><Model>Aspire M1640</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-B4</Version><SMBIOSVersion major="2" minor="5"/><Date>20080911000000.000000+000</Date></BIOS><HWID>29BA3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>62ACA3BC2FA4D86</Val><Hash>OEN30C9r7K+ibEK9M3u714GFOIA=</Hash><Pid>89388-707-1421247-65951</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

   

  Spsys.log Content: 0x80070002

   

  Licensing Data-->

  Software licensing service version: 6.1.7600.16385

   

  Name: Windows(R) 7, Professional edition

  Description: Windows Operating System - Windows(R) 7, RETAIL channel

  Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9

  Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

  Extended PID: 00371-00170-153-621620-01-1033-7600.0000-0512011

  Installation ID: 006572459104027132522201395673250246498072932186362820

  Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

  Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

  Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

  Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

  Partial Product Key: PF98G

  License Status: Licensed

  Remaining Windows rearm count: 2

  Trusted time: 2/20/2011 12:43:40 PM

   

  Windows Activation Technologies-->

  HrOffline: 0x00000000

  HrOnline: 0x00000000

  HealthStatus: 0x0000000000000000

  Event Time Stamp: 1:8:2011 21:57

  ActiveX: Registered, Version: 7.1.7600.16395

  Admin Service: Registered, Version: 7.1.7600.16395

  HealthStatus Bitmask Output:

   

   

  HWID Data-->

  HWID Hash Current: NAAAAAEAAgABAAEAAgADAAAAAQABAAEAJJT6CxRpOhPsxfIw1PCSvBawilJwyhXx6UsqhQ==

   

  OEM Activation 1.0 Data-->

  N/A

   

  OEM Activation 2.0 Data-->

  BIOS valid for OA 2.0: yes

  Windows marker version: 0x0

  OEMID and OEMTableID Consistent: yes

  BIOS Information: 

    ACPI Table Name OEMID Value OEMTableID Value

    APIC 091108 APIC1058

    FACP 091108 FACP1058

    HPET 091108 OEMHPET0

    MCFG 091108 OEMMCFG 

    WDRT 091108 NV-WDRT 

    SLIC ACRSYS ACRPRDCT

    OEMB 091108 OEMB1058

    NVHD 091108 NVHDCP 

    AWMI 091108 OEMB1058

    SSDT DpgPmm CpuPm

   

   

  Sunday, February 20, 2011 8:43 PM

  Reply

  |

  Quote

  |
• 

  

  0

  Sign in to vote

  "wowo9" wrote in message news:3139830b-672a-4751-be83-8de588750422...

  I was digging around looking for answers on this forum and I think I found out why.  I was upgrading from a 32bit Vista to a 64bit Windows 7.  During installation it advised me to do an "Custom Install" instead of doing an "Upgrade" as the 32bit cannot be upgraded to 64bit version directly.  Therefore I believe Windows 7 was flagged as a "Clean install" but my CD-key was actually just for an upgrade.

  I followed the instructions on the link at the second last post. http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/a5e74b50-95a9-4da9-a86c-11e71ad82e73/

   

  Here's the latest diagnostic report.  Can you guys please verify that it's all a-okay now?  Thanks.

   

  Diagnostic Report (1.9.0027.0):

  -----------------------------------------

  Windows Validation Data-->

   

  Validation Code: 0

  Cached Online Validation Code: 0x0

  Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G

  Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=

  Windows Product ID: 00371-153-6216204-85818

  Windows Product ID Type: 5

  Windows License Type: Retail

  Windows OS version: 6.1.7600.2.00010100.0.0.048

   

  OGA Data-->

  Office Status: 100 Genuine

  Microsoft Office Enterprise 2007 - 100 Genuine

  OGA Version: N/A, 0x80070002

  Signed By: N/A, hr = 0x80070002

  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

   

   

  File Scan Data-->

  File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003

  File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003

   

   

  
  

  Your error message would NOT have been caused simply by the problems you say - there was a definite indication of the presence of a Hack.

  That seems to have gone, with the reinstall (which has also reset the rearm count)

  You need to visit the Validation site to reset the WAT system - which should get rid of the two file mismatches above - http://www.microsoft.com/genuine/validate

  and then post back with another MGADiag report.

   

  You need to be aware that there is a high probability that your installation of Office is non-genuine - it's an edition that is sold only in bulk to organisations for use on their own PC's.

  
  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Sunday, February 20, 2011 9:02 PM

  Reply

  |

  Quote

  |

  Moderator
• 

  

  0

  Sign in to vote

  Thanks for the help.  I agree it's possible that the re-install got rid of the hack.  As for the re-arm count, what exactly is a "re-arm"?

  
  

  Yes I'm aware of my Office as I got a copy from my workplace. (I know I should get my own :P)

  
  

  Here's the latest diagnostic report and it did get rid of the file mismatches.

  
  

  Really appreciate all the help! :)

  
  

  Diagnostic Report (1.9.0027.0):

  -----------------------------------------

  Windows Validation Data-->

  
  

  Validation Code: 0

  Cached Online Validation Code: 0x0

  Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G

  Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=

  Windows Product ID: 00371-153-6216204-85818

  Windows Product ID Type: 5

  Windows License Type: Retail

  Windows OS version: 6.1.7600.2.00010100.0.0.048

  ID: {A55987CB-AABF-4B85-AE3E-D05973DD3665}(3)

  Is Admin: Yes

  TestCab: 0x0

  LegitcheckControl ActiveX: N/A, hr = 0x80070002

  Signed By: N/A, hr = 0x80070002

  Product Name: Windows 7 Professional

  Architecture: 0x00000009

  Build lab: 7600.win7_rtm.090713-1255

  TTS Error: 

  Validation Diagnostic: 

  Resolution Status: N/A

  
  

  Vista WgaER Data-->

  ThreatID(s): N/A, hr = 0x80070002

  Version: N/A, hr = 0x80070002

  
  

  Windows XP Notifications Data-->

  Cached Result: N/A, hr = 0x80070002

  File Exists: No

  Version: N/A, hr = 0x80070002

  WgaTray.exe Signed By: N/A, hr = 0x80070002

  WgaLogon.dll Signed By: N/A, hr = 0x80070002

  
  

  OGA Notifications Data-->

  Cached Result: N/A, hr = 0x80070002

  Version: N/A, hr = 0x80070002

  OGAExec.exe Signed By: N/A, hr = 0x80070002

  OGAAddin.dll Signed By: N/A, hr = 0x80070002

  
  

  OGA Data-->

  Office Status: 100 Genuine

  Microsoft Office Enterprise 2007 - 100 Genuine

  OGA Version: N/A, 0x80070002

  Signed By: N/A, hr = 0x80070002

  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

  
  

  Browser Data-->

  Proxy settings: N/A

  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

  Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe

  Download signed ActiveX controls: Prompt

  Download unsigned ActiveX controls: Disabled

  Run ActiveX controls and plug-ins: Allowed

  Initialize and script ActiveX controls not marked as safe: Disabled

  Allow scripting of Internet Explorer Webbrowser control: Disabled

  Active scripting: Allowed

  Script ActiveX controls marked as safe for scripting: Allowed

  
  

  File Scan Data-->

  
  

  Other data-->

  Office Details: <GenuineResults><MachineData><UGUID>{A55987CB-AABF-4B85-AE3E-D05973DD3665}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PF98G</PKey><PID>00371-153-6216204-85818</PID><PIDType>5</PIDType><SID>S-1-5-21-2465600432-425639871-9859183</SID><SYSTEM><Manufacturer>ACER</Manufacturer><Model>Aspire M1640</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-B4</Version><SMBIOSVersion major="2" minor="5"/><Date>20080911000000.000000+000</Date></BIOS><HWID>29BA3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>62ACA3BC2FA4D86</Val><Hash>OEN30C9r7K+ibEK9M3u714GFOIA=</Hash><Pid>89388-707-1421247-65951</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

  
  

  Spsys.log Content: 0x80070002

  
  

  Licensing Data-->

  Software licensing service version: 6.1.7600.16385

  
  

  Name: Windows(R) 7, Professional edition

  Description: Windows Operating System - Windows(R) 7, RETAIL channel

  Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9

  Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

  Extended PID: 00371-00170-153-621620-01-1033-7600.0000-0512011

  Installation ID: 006572459104027132522201395673250246498072932186362820

  Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

  Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

  Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

  Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

  Partial Product Key: PF98G

  License Status: Licensed

  Remaining Windows rearm count: 2

  Trusted time: 2/20/2011 1:11:18 PM

  
  

  Windows Activation Technologies-->

  HrOffline: 0x00000000

  HrOnline: 0x00000000

  HealthStatus: 0x0000000000000000

  Event Time Stamp: 2:20:2011 13:09

  ActiveX: Registered, Version: 7.1.7600.16395

  Admin Service: Registered, Version: 7.1.7600.16395

  HealthStatus Bitmask Output:

  
  

  
  

  HWID Data-->

  HWID Hash Current: NAAAAAEAAgABAAEAAgADAAAAAQABAAEAJJT6CxRpOhPsxfIw1PCSvBawilJwyhXx6UsqhQ==

  
  

  OEM Activation 1.0 Data-->

  N/A

  
  

  OEM Activation 2.0 Data-->

  BIOS valid for OA 2.0: yes

  Windows marker version: 0x0

  OEMID and OEMTableID Consistent: yes

  BIOS Information: 

    ACPI Table Name OEMID Value OEMTableID Value

    APIC 091108 APIC1058

    FACP 091108 FACP1058

    HPET 091108 OEMHPET0

    MCFG 091108 OEMMCFG 

    WDRT 091108 NV-WDRT 

    SLIC ACRSYS ACRPRDCT

    OEMB 091108 OEMB1058

    NVHD 091108 NVHDCP 

    AWMI 091108 OEMB1058

    SSDT DpgPmm CpuPm

  
  

  
  

  Sunday, February 20, 2011 9:15 PM

  Reply

  |

  Quote

  |
• 

  

  0

  Sign in to vote

  "wowo9" wrote in message news:e0402d48-7b05-41ef-a959-bdd816d7a701...

  Thanks for the help.  I agree it's possible that the re-install got rid of the hack.  As for the re-arm count, what exactly is a "re-arm"?

  
  

  Yes I'm aware of my Office as I got a copy from my workplace. (I know I should get my own :P)

  
  

  Here's the latest diagnostic report and it did get rid of the file mismatches.

  
  

  Really appreciate all the help! :)

  
  

  Diagnostic Report (1.9.0027.0):

  -----------------------------------------

  Windows Validation Data-->

  
  

  Validation Code: 0

  Cached Online Validation Code: 0x0

  Windows Product Key: *****-*****-JGRW4-VMFY2-PF98G

  Windows Product Key Hash: dcdHjhUq7tfphTD4hoSmi+AzLIs=

  Windows Product ID: 00371-153-6216204-85818

  Windows Product ID Type: 5

  Windows License Type: Retail

  Windows OS version: 6.1.7600.2.00010100.0.0.048

   

   

  
  

  
  

  
  

  OK  - all is looking good.

  What you need to do is to thoroughly check your system for malware, since often the Key Hacks come with very-much-unwanted hangers-on.

  I would suggest an online scan with at least two AV's  and a full system scan with Malwarebytes Anti-Malware in safe mode.

  The re-arm count is the number of times you can delay a non-genuine notification for the standard time delay (usually 30 days).

   

  
  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Sunday, February 20, 2011 9:42 PM

  Reply

  |

  Quote

  |

  Moderator
• 

  

  0

  Sign in to vote

  The antivirus that's running is MSE.  Doing a scan now and will check for malware and do additional scans as advised.

  Thanks again for the help!

  Sunday, February 20, 2011 10:05 PM

  Reply

  |

  Quote

  |
• 

  

  0

  Sign in to vote

  To answer your question about the rearm count, the initial 30 day evaluation period can be extended up to 3 times. That is called rearming. Your system has been rearmed once, leaving two more times availaible. Once activated there is little reason to rearm so don't be concerned about it.

  ---

  Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

  Sunday, February 20, 2011 10:09 PM

  Reply

  |

  Quote

  |

  Answerer