locked
Windows not genuine build 7600 after recovery from backup (lighting strike) - running windows 7 professionsl RRS feed

  • Question

  • Here is the geuine tool output.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {37815350-3DEE-464D-9C18-01C43D809CFE}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.110622-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 114 Blocked VLK 2
    Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{37815350-3DEE-464D-9C18-01C43D809CFE}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1813531362-635098538-1627524853</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 1520</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="5"/><Date>20090408000000.000000+000</Date></BIOS><HWID>93BA3607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57949</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700524-02-1033-7600.0000-0872010
    Installation ID: 009163281410077022518450970910644030183101021432507235
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 733WD
    License Status: Notification
    Notification Reason: 0xC004F057.
    Remaining Windows rearm count: 3
    Trusted time: 8/26/2011 8:14:05 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C533
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 8:25:2011 08:04
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MgAAAAEAAQABAAIAAgABAAAAAgABAAEAJJTmqZ6w2oW++ESi6i+wuLB2ZDK4kQBcRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   PTLTD     APIC 
      FACP   TOSCPL  CRESTLNE
      HPET   INTEL   CRESTLNE
      BOOT   PTLTD   $SBFTBL$
      MCFG   INTEL   CRESTLNE
      OSFR   TOSHIB  A+2nd ID
      SSDT   BrtRef  DD01BRT
      SSDT   BrtRef  DD01BRT

     

    Friday, August 26, 2011 12:19 PM

Answers

  • Parts of the BIOS appear to be from a Toshiba, while other parts appear to be from a Dell

     

    The BIOS is too old for a Win 7 OEM_SLP installation of Windows 7 - and the BIOS is for a Vista installation

     

    The only conclusion therefore is that the installation has been hacked with a Loader tool.

     

    You need to purchase a legal copy of Windows 7, and clean-install that, to be sure that the hacker tools did not also install rootkits or other malware.

     

    Your installation of Office is also non-genuine - being based on a Key that was stolen from MS itself.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, August 26, 2011 12:26 PM
    Moderator
  • Unfortunately, both your installed copies of Windows 7 Professional and Microsoft Office Professional Edition 2003 are non-genuine.  You'll need to purchase a genuine Windows 7 "Full Version" edition and perform a clean install.  You can purchase genuine Microsoft software from the convenience of the Microsoft Store.
    Carey Frisch
    Friday, August 26, 2011 12:54 PM
    Moderator

All replies

  • Parts of the BIOS appear to be from a Toshiba, while other parts appear to be from a Dell

     

    The BIOS is too old for a Win 7 OEM_SLP installation of Windows 7 - and the BIOS is for a Vista installation

     

    The only conclusion therefore is that the installation has been hacked with a Loader tool.

     

    You need to purchase a legal copy of Windows 7, and clean-install that, to be sure that the hacker tools did not also install rootkits or other malware.

     

    Your installation of Office is also non-genuine - being based on a Key that was stolen from MS itself.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, August 26, 2011 12:26 PM
    Moderator
  • Unfortunately, both your installed copies of Windows 7 Professional and Microsoft Office Professional Edition 2003 are non-genuine.  You'll need to purchase a genuine Windows 7 "Full Version" edition and perform a clean install.  You can purchase genuine Microsoft software from the convenience of the Microsoft Store.
    Carey Frisch
    Friday, August 26, 2011 12:54 PM
    Moderator