locked
Windows suddenly determined it was not genuine. RRS feed

  • Question

  • Windows 7 was pre-installed on a HP desktop.  Here is the results of the scan.  Please help!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0x80070005
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {9CF39156-B978-4838-993B-0DF50BE21674}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130104-1431
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070005]
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{9CF39156-B978-4838-993B-0DF50BE21674}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-2100884855-2775781281-3054790307</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>NY638AA-ABA p6203w</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 5.49</Version><SMBIOSVersion major="2" minor="5"/><Date>20090806000000.000000+000</Date></BIOS><HWID>97683907018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 1:9:2013 16:20
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Not Registered - 0x80070005
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEA6GFsjb6UxNeepkqEWhErn9RqGHk=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   HPQOEM  SLIC-CPC
      FACP   HPQOEM  SLIC-CPC
      HPET   HPQOEM  SLIC-CPC
      MCFG   HPQOEM  SLIC-CPC
      SLIC   HPQOEM  SLIC-CPC
      SSDT   HPQOEM  SLIC-CPC

    Saturday, March 23, 2013 1:47 AM

Answers

  • Your SFC scan failed because of the following error

    2013-03-25 16:18:47, Error                 CSI    00000196 (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #3822382# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile(flags = (AllowFileNotFound|AllowSharingViolation|AllowAccessDenied), handle = {provider=NULL, handle=0}, da = (SYNCHRONIZE|FILE_READ_ATTRIBUTES|FILE_READ_DATA), oa = @0xc1d250->OBJECT_ATTRIBUTES {s:48; rd:NULL; on:[96]"\SystemRoot\WinSxS\amd64_mscorlib_b77a5c561934e089_6.1.7601.17952_none_5469d8a0697ed550\big5.nlp"; a:(OBJ_CASE_INSENSITIVE)}, iosb = @0xc1d300, as = (null), fa = 0, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), cd = FILE_OPEN, co = (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT), eab = NULL, eal = 0, disp = Invalid)
    [gle=0xd0000185]
    2013-03-25 16:18:47, Error                 CSI    00000197@2013/3/25:20:18:47.685 (F) d:\win7sp1_gdr\base\wcp\sil\merged\ntu\ntsystem.cpp(2057): Error c0000185 [Error,Facility=(system),Code=389 (0x0185)] originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile expression: (null)
    [gle=0x80004005]
    2013-03-25 16:19:20, Error                 CSI    00000198 (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #3822381# from Windows::Rtl::SystemImplementation::CDirectory::OpenExistingFile(...)[gle=0xd0000185]
    2013-03-25 16:19:20, Error                 CSI    00000199 (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #3822380# from Windows::Rtl::SystemImplementation::CDirectory_IRtlDirectoryTearoff::OpenExistingFile(flags = (MissingFileIsOk|SharingViolationIsOk|AccessDeniedIsOk), da = (SYNCHRONIZE|FILE_READ_DATA), oa = @0xc1d8f8->SIL_OBJECT_ATTRIBUTES {s:40; on:"big5.nlp"; a:(OBJ_CASE_INSENSITIVE)}, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), oo = (FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE), file = NULL, disp = Invalid)
    [gle=0xd0000185]
    2013-03-25 16:29:26, Info                  CBS    Reboot mark refs incremented to: 1
    

    This implies that there is a major problem with the .NET installation

    It may be worth trying the SFC scan from the Repair environment.

     

    Your best option in that case is to run the CHKDSK and SFC in offline mode from a Repair Environment boot.

     

    Reboot the computer, and tap the F8 key until you get the advanced boot menu up - one option should be 'Repair your computer'. Pick that one.

     

    Log into your normal account.

    You'll get a set of options - pick the Command Prompt one.

    At the command prompt, type  DIR C:\

    - if we're lucky this will bring up a listing of your normal C: drive contents, including the Program Files folder(s) and the Windows folder.

    If not, try D:\ or E:\ (etc. until you get the right letter)

    then type the following command

     

    CHKDSK <drive>: /R

     

    and wait for it to complete - it could take a few hours, depending on the size of the drive.

     

    Once complete, type  

     

    sfc /scannow /OFFBOOTDIR=<drive>:\ /OFFWINDIR=<drive>:\Windows

     

    where <drive> is the letter you found above.

    (example - sfc   /scannow    /OFFBOOTDIR=P:\    /OFFWINDIR=P:\Windows)

     

    Wait for the command to complete. (make a note of the response!).

     

    Once it has, type  EXIT and the pick the option to reboot.

     

    If the Offline SFC completed, please try another SFC from normal Windows, then post a new CBS.log file.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, March 26, 2013 8:12 AM
    Moderator

All replies

  • Some more information.  The system was running fine, then the internet connection dropped and when it came back up, it gave a black background screen with windows not genuine.  I looked around to see how to get rid of the message, and was advised to delete some of the files that are now showing as missing.  So I don't know how to get them back.  The system is running extremely slow.  I tried the windows validation site and got no response. Office now tries to re-install itself.  I do not have the windows disk since it was installed at the factory.  What can I do to recover?
    Saturday, March 23, 2013 3:54 PM
  • Open an Elevated
    Command Prompt, and run the following commands

     

    sc sdshow plugplay
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18" /S
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19" /S
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20" /S 
     
    .

    Copy and paste the results to your reply

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Saturday, March 23, 2013 5:57 PM
    Moderator
  • Here are the results

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>sc sdshow plugplay

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
    RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    C:\Windows\system32>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
    CurrentVersion\ProfileList\S-1-5-18" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-18
        Flags    REG_DWORD    0xc
        State    REG_DWORD    0x0
        RefCount    REG_DWORD    0x1
        Sid    REG_BINARY    010100000000000512000000
        ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprof
    ile


    C:\Windows\system32>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
    CurrentVersion\ProfileList\S-1-5-19" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-19
        ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService

        Flags    REG_DWORD    0x0
        State    REG_DWORD    0x0


    C:\Windows\system32>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
    CurrentVersion\ProfileList\S-1-5-20" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-20
        ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkServi
    ce
        Flags    REG_DWORD    0x0
        State    REG_DWORD    0x0


    C:\Windows\system32>

    Sunday, March 24, 2013 3:47 AM
  • Close all open windows.

    Open an Elevated Command Prompt window, and type the following command

     

    wusa /uninstall /kb:971033

     

    and hit the Enter key

    Accept the warnings/confirmations, and wait for it to complete

     

    copy and paste the output (if any) from the command prompt window to a reply here,

    Reboot

     

    reinstall the update from http://support.microsoft.com/kb/971033

    Reboot

     

    run another MGADiag report, and post it.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, March 24, 2013 7:48 AM
    Moderator
  • Here are the results

    There were no outputs at the Elevated Command Prompt. Now when I run MGADiag.exe, it runs and displays information in the various tabs, but when I press the 'copy' button I get this message: 'Failed to create output files, hr=0x80070002'. Please contact Support.
    The Windows tab for Validation Status says 'Genuine' (in green). On the Licensing tab, it says 'Input Error: Can not find script file C:\Windows\system32\slmgr.vbs '. I can not print or copy/paste the information from the tabs to provide snapshots of  the tab information.
    Sunday, March 24, 2013 8:58 PM
  • The MGADiag output error is  common - and only indicates that it couldn't save the backup files it creates to disk. The data almost always will still paste to your reply.

    The slmgr error sounds a little worrying....

    Please run a full CHKDSK and SFC scan....

     

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    CHKDSK C: /R

     

    and hit the Enter key.

    You will be told that the drive is locked,

    and the CHKDSK will run at he next boot - hit the Y key, press Enter, and then reboot.

     

    The CHKDSK will take a few hours depending on the size of the drive, so be patient!

     

    After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) -

    then run the SFC.

     

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    SFC /SCANNOW

     

    and hit the Enter key

     

    Wait for the scan to finish - make a note of any error messages - and then reboot.

     

     

    Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive Public folder (http://skydrive.live.com ) and post a link to it so that I can take a look.

     

    Post a new MGADiag report with details of any error messages encountered.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, March 24, 2013 9:15 PM
    Moderator
  • Skydrive link

    https://skydrive.live.com/redir?resid=978B898F380953DE!105&authkey=!ABquYuntdGUCA_U

    I am new to skydrive so I hope that works

    First, the 'Windows 7, Build 7601, This copy of Windows is not genuine' message has reappeared in the bottom right hand corner of my desktop screen. The color of the desktop remained unchanged.

    2-Chkdsk did not run. I took a camera picture of the screen with the error message; it is the attached .jpg file (7935.jpg).

    3-When I attempted to run System File Checker, I got this information on the Command Prompt screen:


    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>sfc /scannow

    Beginning system scan.  This process will take some time.

    Beginning verification phase of system scan.
    Verification 52% complete.

    Windows Resource Protection could not perform the requested operation.

    C:\Windows\system32>

     


    Attached .jpg files 7936 through 7941 show the MDGAdiag information; once again it did not create an output file.


    Tuesday, March 26, 2013 12:44 AM
  • Your SFC scan failed because of the following error

    2013-03-25 16:18:47, Error                 CSI    00000196 (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #3822382# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile(flags = (AllowFileNotFound|AllowSharingViolation|AllowAccessDenied), handle = {provider=NULL, handle=0}, da = (SYNCHRONIZE|FILE_READ_ATTRIBUTES|FILE_READ_DATA), oa = @0xc1d250->OBJECT_ATTRIBUTES {s:48; rd:NULL; on:[96]"\SystemRoot\WinSxS\amd64_mscorlib_b77a5c561934e089_6.1.7601.17952_none_5469d8a0697ed550\big5.nlp"; a:(OBJ_CASE_INSENSITIVE)}, iosb = @0xc1d300, as = (null), fa = 0, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), cd = FILE_OPEN, co = (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT), eab = NULL, eal = 0, disp = Invalid)
    [gle=0xd0000185]
    2013-03-25 16:18:47, Error                 CSI    00000197@2013/3/25:20:18:47.685 (F) d:\win7sp1_gdr\base\wcp\sil\merged\ntu\ntsystem.cpp(2057): Error c0000185 [Error,Facility=(system),Code=389 (0x0185)] originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile expression: (null)
    [gle=0x80004005]
    2013-03-25 16:19:20, Error                 CSI    00000198 (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #3822381# from Windows::Rtl::SystemImplementation::CDirectory::OpenExistingFile(...)[gle=0xd0000185]
    2013-03-25 16:19:20, Error                 CSI    00000199 (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #3822380# from Windows::Rtl::SystemImplementation::CDirectory_IRtlDirectoryTearoff::OpenExistingFile(flags = (MissingFileIsOk|SharingViolationIsOk|AccessDeniedIsOk), da = (SYNCHRONIZE|FILE_READ_DATA), oa = @0xc1d8f8->SIL_OBJECT_ATTRIBUTES {s:40; on:"big5.nlp"; a:(OBJ_CASE_INSENSITIVE)}, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), oo = (FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE), file = NULL, disp = Invalid)
    [gle=0xd0000185]
    2013-03-25 16:29:26, Info                  CBS    Reboot mark refs incremented to: 1
    

    This implies that there is a major problem with the .NET installation

    It may be worth trying the SFC scan from the Repair environment.

     

    Your best option in that case is to run the CHKDSK and SFC in offline mode from a Repair Environment boot.

     

    Reboot the computer, and tap the F8 key until you get the advanced boot menu up - one option should be 'Repair your computer'. Pick that one.

     

    Log into your normal account.

    You'll get a set of options - pick the Command Prompt one.

    At the command prompt, type  DIR C:\

    - if we're lucky this will bring up a listing of your normal C: drive contents, including the Program Files folder(s) and the Windows folder.

    If not, try D:\ or E:\ (etc. until you get the right letter)

    then type the following command

     

    CHKDSK <drive>: /R

     

    and wait for it to complete - it could take a few hours, depending on the size of the drive.

     

    Once complete, type  

     

    sfc /scannow /OFFBOOTDIR=<drive>:\ /OFFWINDIR=<drive>:\Windows

     

    where <drive> is the letter you found above.

    (example - sfc   /scannow    /OFFBOOTDIR=P:\    /OFFWINDIR=P:\Windows)

     

    Wait for the command to complete. (make a note of the response!).

     

    Once it has, type  EXIT and the pick the option to reboot.

     

    If the Offline SFC completed, please try another SFC from normal Windows, then post a new CBS.log file.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, March 26, 2013 8:12 AM
    Moderator