Answered by:
Windows 7 no longer Genuine

Question
-
Dell Optiplex with Vista 32 upgraded to Windows 7 32. The user keeps getting a message telling her Windows is no longer Genuine.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-*****
Windows Product Key Hash: n6ITWHEafZLU4oQpc29nolWTazM=
Windows Product ID: 00371-OEM-9072917-70870
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {75679929-EE6A-45FD-8E34-B262E1C55D42}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.100226-1909
TTS Error: T:20100628074839081-
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: MicrosoftOGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Plus 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{75679929-EE6A-45FD-8E34-B262E1C55D42}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HK8QG</PKey><PID>00371-OEM-9072917-70870</PID><PIDType>3</PIDType><SID>S-1-5-21-2853736014-4009576497-1761527993</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 760 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="5"/><Date>20090429000000.000000+000</Date></BIOS><HWID>56B83607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B10K </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>A4C8CE79E7F0586</Val><Hash>2bnyGjycwAEEXqdgQ3drz2bmf7I=</Hash><Pid>89409-707-8534071-65136</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: U1BMRwEAAAAAAQAABAAAAIUoAAAAAAAAYWECAEgd/qllTBU7wBbLAWbXGpOihAOpMHzDmWxsjuqVZjESey/M+tCAZpvvnZ152Tn5zidlM1NHFSwQWErwlTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHOSQKscC2XUhl2ZDvsevAp1+wZfMJO5YMUfeBSdlbOA8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
Licensing Data-->
Software licensing service version: 6.1.7600.16385Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: e120e868-3df2-464a-95a0-b52fa5ada4bf
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00180-729-170870-02-1033-7600.0000-2032010
Installation ID: 016964659015764425617300264796278740674900259285361301
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HK8QG
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 7/28/2010 10:46:53 AMWindows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:28:2010 10:08
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: LgAAAAEAAwABAAEAAAABAAAAAQABAAEA6GGeIohANO0ASsjr+Eg2NVpjYkVGyg==OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B10K
FACP DELL B10K
HPET DELL B10K
BOOT DELL B10K
MCFG DELL B10K
SSDT DELL st_ex
ASF! DELL B10K
TCPA DELL B10K
____ DELL B10K
SLIC DELL B10K
SSDT DELL st_ex
SSDT DELL st_ex
SSDT DELL st_ex- Edited by VoodooBilly Thursday, July 29, 2010 12:52 PM
Wednesday, July 28, 2010 4:00 PM
Answers
-
Hello VoodooBilly,
"TTS Error: T:20100628074839081-"
Your Diagnostic Report is telling me that your Windows is suffering from a Trusted Store Tamper. (This type of issue seems to be rare in Windows 7 as I have seen this a few times). In Windows, there are files that have, what is known as, a Digital Signature. A Digital Signature is an industry standard that ensures that a file is, in fact, from the specified source. If a file is modified, in any way, the Diagital Signature is broken.
Example: lets say you get a Printer Driver that is Digitally Signed from HP. Since the Digital Signature was created by a Trusted Source (HP) a Certificate is created within Window's Trusted Store. The Digital Signature is dependent on the file's Hash (think fingerprint) so if the file is changed in any way, it's Digital Signature is broken and becomes invalid. So lets say that the HP Driver got modified by some sort of Malware. The File's Hash would no longer match the hash listed in the Digitally Signature (or the Signature may not even be readable at that point). The Digital Signature become invalid because windows now don't know what has been done to that file, so the file can no longer be trusted. This in turn invalidates the corresponding Certificate within the Trusted Store.
What I have described in the above example is basically what is happening with your Windows 7. Some Digitally Signed file has been modified in some way (replaced, rewritten or just become corrupt) and the Certificate within Windows's Trusted Store has become invalid (i.e. no longer trusted) and that is what has triggered the Non-Genuine messaging.
Unfortunatly, none of my tools are able to pinpoint which file/signature/certificate is causing the problem. However there are a few thing you can try that may correct the issue.
1) First off not all Digitally Signed files are Drivers, but from experience we have found that this issue seems to occure the most with Drivers. So my first suggestion is to confirm that all your hardware drivers are up to date. Note: Figuring out id a Driver is up to date and/or replacing a driver with a more current one can sometimes take semi-advanced computer knowledge and me explaining the process is outside the scope of this forum. If you do not know how to work with Drivers seak assistance or skip down to #2 or #3 below
2) Restore Windows back to a past System Restore Point.
1) Boot into Windows
2) Click the ‘Start’ button
3) In the Start Search field, type: System Restore and hit “Enter” keyboard key
4) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to a date Before you first noticed the issue.
5) Click the "Next" button.
6) Reboot
3) Repair Windows using the 'sfc /scannow' command
The Scan Now will look for any bad Windows files and attempt to repair them, if possible (it isn't always able to)
1) Login to Windows
2) Launch an Internet Browser
3) Type: cmd.exe in the search field
4) Right-click the cmd.exe file and select Run as Administrator
5) In the CMD window, type: sfc /scannow
6) Reboot and see if that resolves the issue.
If none of my suggestions resolves the issue, then the only other thing I can suggest is to either create a (no cost) support request at http://support.microsoft.com/gp/contactwga or reinstall Windows.
Thank you,
Darin MS- Marked as answer by Darin Smith MS Wednesday, July 28, 2010 7:45 PM
Wednesday, July 28, 2010 7:45 PM