You may be a victim of software counterfeiting windows 7

All replies

• 

  

  0

  Sign in to vote

  http://support.microsoft.com/kb/2008385

  may help.

  (If you need assistance with it, just shout!)

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, August 7, 2012 10:26 AM

  Moderator
• 

  

  0

  Sign in to vote

  I have a feeling this might be the issue but no luck so far, i tried  method C adding the registry key but no effect so far tried it three times, Tried the first one looking for rsop.msc and no luck finding it and im not sure how to do/find the other ones, thanks for responding and your help

  Tuesday, August 7, 2012 11:15 AM
• 

  

  0

  Sign in to vote

  Let's try going at it a little differently then. (rsop.msc is only available to Pro and higher eiditions)

  Open an  Elevated Command Prompt, and run the following commands

  sc sdshow plugplay

  REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18" /S

  REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19" /S

  REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20" /S

  Copy and paste teh results to your reply

    Here are some instructions to make life easier :)

  1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

  2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Windows, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

  3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, August 7, 2012 11:45 AM

  Moderator
• 

  

  0

  Sign in to vote

  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
  
  C:\Users\Kagus1>sc sdshow plugplay
  
  D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
  RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
  
  C:\Users\Kagus1>
  C:\Users\Kagus1>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Curr
  entVersion\ProfileList\S-1-5-18" /S
  
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
  5-18
      Flags    REG_DWORD    0xc
      State    REG_DWORD    0x0
      RefCount    REG_DWORD    0x1
      Sid    REG_BINARY    010100000000000512000000
      ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprof
  ile
  
  
  C:\Users\Kagus1>
  C:\Users\Kagus1>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Curr
  entVersion\ProfileList\S-1-5-19" /S
  
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
  5-19
      ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService
  
      Flags    REG_DWORD    0x0
      State    REG_DWORD    0x0
  
  
  C:\Users\Kagus1>
  C:\Users\Kagus1>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Curr
  entVersion\ProfileList\S-1-5-20" /S
  
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
  5-20
      ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkServi
  ce
      Flags    REG_DWORD    0x0
      State    REG_DWORD    0x0
  
  

  Tuesday, August 7, 2012 2:54 PM
• 

  

  0

  Sign in to vote

  All those results look normal to me.  (even if you did run it in a normal Command prompt window, rather than an Elevated one, per the isntructions!)

  This means that the problem lies elsewhere - possibly in the Service Profiles folder.
  Please run the following commands in an Elevated Command Prompt window, and post the results.

  ICACLS C:\Windows\ServiceProfiles\LocalService
  ICACLS C:\Windows\ServiceProfiles\NetworkService
  ICACLS %systemroot%\system32\config\systemprofile
  DIR C:\windows\NTUSER.DAT /S

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, August 7, 2012 3:13 PM

  Moderator
• 

  

  0

  Sign in to vote

  Followed your instructions to the letter, pretty sure uac is off but i ran it as admin just to be  sure when i did it as with this one -

  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
  
  C:\Users\Kagus1>ICACLS C:\Windows\ServiceProfiles\LocalService
  C:\Windows\ServiceProfiles\LocalService NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                          BUILTIN\Administrators:(OI)(CI)(F)
                                          NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(F)
  
  Successfully processed 1 files; Failed processing 0 files
  
  C:\Users\Kagus1>ICACLS C:\Windows\ServiceProfiles\NetworkService
  C:\Windows\ServiceProfiles\NetworkService NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                            BUILTIN\Administrators:(OI)(CI)(F)
                                            NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(
  F)
  
  Successfully processed 1 files; Failed processing 0 files
  
  C:\Users\Kagus1>ICACLS %systemroot%\system32\config\systemprofile
  C:\Windows\system32\config\systemprofile NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                           BUILTIN\Administrators:(OI)(CI)(F)
  
  Successfully processed 1 files; Failed processing 0 files
  
  C:\Users\Kagus1>DIR C:\windows\NTUSER.DAT /S

  Tuesday, August 7, 2012 3:19 PM
• 

  

  0

  Sign in to vote

  In that case you may have non-standard settings for the Command Prompt - which won't create a problem.

  The last command didn't run - please run it and post the results.

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, August 7, 2012 3:26 PM

  Moderator
• 

  

  0

  Sign in to vote

  Oops my mistake

  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
  
  C:\Users\Kagus1>ICACLS C:\Windows\ServiceProfiles\LocalService
  C:\Windows\ServiceProfiles\LocalService NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                          BUILTIN\Administrators:(OI)(CI)(F)
                                          NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(F)
  
  Successfully processed 1 files; Failed processing 0 files
  
  C:\Users\Kagus1>ICACLS C:\Windows\ServiceProfiles\NetworkService
  C:\Windows\ServiceProfiles\NetworkService NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                            BUILTIN\Administrators:(OI)(CI)(F)
                                            NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(
  F)
  
  Successfully processed 1 files; Failed processing 0 files
  
  C:\Users\Kagus1>ICACLS %systemroot%\system32\config\systemprofile
  C:\Windows\system32\config\systemprofile NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                           BUILTIN\Administrators:(OI)(CI)(F)
  
  Successfully processed 1 files; Failed processing 0 files
  
  C:\Users\Kagus1>DIR C:\windows\NTUSER.DAT /S
   Volume in drive C has no label.
   Volume Serial Number is 463B-C3F0
  
   Directory of C:\windows\ServiceProfiles\LocalService
  
  08/07/2012  07:21 AM           249,856 NTUSER.DAT
                 1 File(s)        249,856 bytes
  
   Directory of C:\windows\ServiceProfiles\NetworkService
  
  08/07/2012  02:20 AM           249,856 NTUSER.DAT
                 1 File(s)        249,856 bytes
  
   Directory of C:\windows\System32\config\systemprofile
  
  05/31/2012  06:59 PM           262,144 ntuser.dat
                 1 File(s)        262,144 bytes
  
       Total Files Listed:
                 3 File(s)        761,856 bytes
                 0 Dir(s)  682,298,859,520 bytes free
  
  C:\Users\Kagus1>

  Tuesday, August 7, 2012 3:29 PM
• 

  

  0

  Sign in to vote

  Very strange - all the SysWOW64 entries are missing.
  I need to play (and may be offline for 24 hours - real life intervenes!)

  See you tomorrow.

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, August 7, 2012 3:48 PM

  Moderator
• 

  

  0

  Sign in to vote

  Yeah that sounds bad, okay thanks for your help so far and have a good one

  Tuesday, August 7, 2012 3:49 PM
• 

  

  0

  Sign in to vote

  Hmmm - looks like it's my system that's teh odd one out here :( - the SysWOW64 entries I have don't seem to exist on my other systems!

  I still neeed to play :)

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Tuesday, August 7, 2012 4:09 PM

  Moderator
• 

  

  0

  Sign in to vote

  I was hoping to find a 'lock' somewhere that produces your specific error - but I've failed in that.

  It could be that there are a number of problems which together give that error, or that the error is somewhere I haven't looked....

  Let's try it from a different angle.

  Go to the Validation diagnostics page -- www.microsoft.com/genuine/diag and see what it has to say. You will have to use IE or Chrome for this, unless you have enabled ActiveX in Firefox.

  Do you get any error messages there?

  what exact error message do you get if you attempt validation at www.microsoft.com/genuine/validate ?

   

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Thursday, August 9, 2012 9:00 AM

  Moderator
• 

  

  0

  Sign in to vote

  ...also, please download the CheckSUR tool for your system from here... http://support.microsoft.com/kb/947821

  Run it (it actually 'installs' itself) and upload the resulting CheckSUR.log (and possibly checkSUR.persist.log) file to your SkyDrive or other favoured fileshare site - post a link to the file in your reply.

  Note that if there is a lot of work to do, the process can take over an hour - the quickest I have seen it run is about 5 minutes - so don't get diheartened and break out of it if nothing seems to happen for quite a while!

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  • Proposed as answer by Noel D PatonModerator Tuesday, August 14, 2012 1:07 PM
  • Marked as answer by Noel D PatonModerator Sunday, August 26, 2012 12:49 AM

  Thursday, August 9, 2012 10:39 AM

  Moderator
• 

  

  0

  Sign in to vote

  No issue with the validation diagnostics page all came up green, though it seems the validation is still running without an end and i tried it with both ie and firefox and starting the download on the checkSUR tool but it will pry be abit fairly large filesize

  Thursday, August 9, 2012 11:27 AM
• 

  

  0

  Sign in to vote

  The validation problem doesn't surprise me, as far as FireFox is concerned - FF always barfs on validation unless you've installed ActiveX add-ons.

  The fact that the system is failing with IE also may give us a clue.....

  try this (if CheckSUR doesn't change the results of the MGADiag)

  Uninstall the KB971033 WAT Update from Installed Updates, then download and insall a fresh copy, from http://support.microsoft.com/kb/971033

  run another MGADiag report and post it.

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  
  

  • Edited by Noel D PatonModerator Thursday, August 9, 2012 11:49 AM typos

  Thursday, August 9, 2012 11:47 AM

  Moderator
• 

  

  0

  Sign in to vote

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  
  Validation Code: 50
  Cached Online Validation Code: N/A, hr = 0x80070005
  Windows Product Key: *****-*****-CH3WW-WQJXV-H64MW
  Windows Product Key Hash: bXmZOUotC0NQ5PWvo1VgPJvTdX4=
  Windows Product ID: 00359-OEM-8802064-66961
  Windows Product ID Type: 3
  Windows License Type: OEM System Builder
  Windows OS version: 6.1.7601.2.00010300.1.0.003
  ID: {95F6E8E6-9EED-46E1-A32A-0F4E5D37F459}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows 7 Home Premium
  Architecture: 0x00000009
  Build lab: 7601.win7sp1_gdr.120503-2030
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A
  
  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  
  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002
  
  OGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  OGAExec.exe Signed By: N/A, hr = 0x80070002
  OGAAddin.dll Signed By: N/A, hr = 0x80070002
  
  OGA Data-->
  Office Status: 109 N/A
  OGA Version: N/A, 0x80070002
  Signed By: N/A, hr = 0x80070002
  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
  
  Browser Data-->
  Proxy settings: N/A
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed
  
  File Scan Data-->
  
  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{95F6E8E6-9EED-46E1-A32A-0F4E5D37F459}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-H64MW</PKey><PID>00359-OEM-8802064-66961</PID><PIDType>3</PIDType><SID>S-1-5-21-853042216-459107193-2144995166</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>GA-870A-UD3</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>FA</Version><SMBIOSVersion major="2" minor="4"/><Date>20110107000000.000000+000</Date></BIOS><HWID>692F3D07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
  
  Spsys.log Content: 0x80070002
  
  Licensing Data-->
  On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text.
  Error: 0x46
  
  Windows Activation Technologies-->
  HrOffline: 0x00000000
  HrOnline: 0x80072EE7
  HealthStatus: 0x0000000000000000
  Event Time Stamp: 6:1:2012 15:48
  ActiveX: Registered, Version: 7.1.7600.16395
  Admin Service: Registered, Version: 7.1.7600.16395
  HealthStatus Bitmask Output:
  
  
  HWID Data-->
  HWID Hash Current: PAAAAAIABwABAAEAAQACAAAAAQABAAEA6GHGSgEteKp8h1TyEDMIhdzf3BXCjyrqGvF1DmI9WJp+nI4u
  
  OEM Activation 1.0 Data-->
  N/A
  
  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes, but no SLIC table
  Windows marker version: N/A
  OEMID and OEMTableID Consistent: N/A
  BIOS Information:
    ACPI Table Name    OEMID Value    OEMTableID Value
    APIC            GBT           GBTUACPI
    FACP            GBT           GBTUACPI
    HPET            GBT           GBTUACPI
    MCFG            GBT           GBTUACPI
    SSDT            PTLTD         POWERNOW
    MATS            GBT           
    TAMG            GBT           GBT   B0
  
  

  Thursday, August 9, 2012 1:08 PM
• 

  

  0

  Sign in to vote

  No change :(

  Was that after the CheckSUR run? or have you done the KB reinstall while you were waiting for the download?

  If after CheckSUR, please post the log - it may tell us if it found anything, and if anything still remains to be done.

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Thursday, August 9, 2012 2:04 PM

  Moderator
• 

  

  0

  Sign in to vote

  That was after the kb install i figured i'd try that while i waited

  Thursday, August 9, 2012 3:25 PM
• 

  

  0

  Sign in to vote

  :)  I know the feeling :)

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Thursday, August 9, 2012 5:25 PM

  Moderator
• 

  

  0

  Sign in to vote

  Anything new on the CheckSUR run?

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Saturday, August 11, 2012 10:13 AM

  Moderator