locked
Help with "Not Genuine Copy of Windows 7" RRS feed

  • Question

  • I bought my computer at Staples three years ago, this message popped started appearing yesterday. I'm not very computer savvy so if someone could explain to me how to fix this, I would really appreciate it. Thanks.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x80070005
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {D4B0C0F6-7204-4293-8F88-7290A0F1DD8B}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130318-1533
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Ultimate 2007 - 100 Genuine
    2007 Microsoft Office system - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_B4D0AA8B-920-80070057

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{D4B0C0F6-7204-4293-8F88-7290A0F1DD8B}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-3938857873-3566015112-1538617019</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc. </Manufacturer><Model>K50ID               </Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>207    </Version><SMBIOSVersion major="2" minor="5"/><Date>20100112000000.000000+000</Date></BIOS><HWID>C90B3807018400F8</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Canada Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002E-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Ultimate 2007</Name><Ver>12</Ver><Val>E7C68923F4EF7C</Val><Hash>AJmqcBJWueyA8YeqwEqejTLR21s=</Hash><Pid>81608-958-9207316-65635</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0031-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>2007 Microsoft Office system</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text.
    Error: 0x46

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 4:19:2013 11:32
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAEAAAACAAAAAgABAAEA6GEQTm7q2kv81CSByixe9C6szjZGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            011210        APIC1558
      FACP            011210        FACP1558
      DBGP            011210        DBGP1558
      HPET            011210        OEMHPET0
      BOOT            011210        BOOT1558
      MCFG            011210        OEMMCFG
      WDRT            011210        NV-WDRT
      SLIC            _ASUS_        Notebook
      ECDT            011210        OEMECDT
      OEMB            011210        OEMB1558
      SSDT            PmRef        CpuPm

    Monday, May 20, 2013 10:32 PM

Answers

  • Since it's an Asus, it's likely to have shipped with Trend Micro installed - does that sound right?

    You should run their removal tool to ensure that the dregs are gotten rid of.

    http://esupport.trendmicro.com/Pages/How-do-I-remove-old-or-new-versions-of-Trend-Micro-products-in-my-comp.aspx 

    I'm not a fan of Comodo AV - but I know of nothing definite against it.

    Ad-Aware I am definitely no longer a fan of - it became horribly bloated a few years back, and at the same time became a very poor scanning tool. I would suggest uninstalling it, at least temporarily.

    Are you using MalwareBytes in real-time protection mode, or just as a scanner?

    Perhaps we'd better go back to basics -

    After running the Trend Micro removal tool, please run the standard system checks...

    Please run a full CHKDSK and SFC scan....

     

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    CHKDSK C: /R

     

    and hit the Enter key.

    You will be told that the drive is locked,

    and the CHKDSK will run at he next boot - hit the Y key, press Enter, and then reboot.

     

    The CHKDSK will take a few hours depending on the size of the drive, so be patient!

     

    After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) -

    then run the SFC.

     

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    SFC /SCANNOW

     

    and hit the Enter key

     

    Wait for the scan to finish - make a note of any error messages - and then reboot.

     

     

    Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive Public folder (http://skydrive.live.com ) and post a link to it so that I can take a look.

     

    Post a new MGADiag report with details of any error messages encountered.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, June 5, 2013 5:59 PM
    Moderator

All replies

  • Open an Elevated
    Command Prompt, and run the following commands

     

    sc sdshow plugplay

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18" /S

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19" /S

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20" /S

     

    Copy and paste
    the results to your reply

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     

    (Sorry fo the delayed response!)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Tuesday, May 28, 2013 4:56 PM
    Moderator
  • Thank you so much for your help and easy to follow instructions!

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
    CurrentVersion\ProfileList\S-1-5-18" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-18
        Flags    REG_DWORD    0xc
        State    REG_DWORD    0x0
        RefCount    REG_DWORD    0x1
        Sid    REG_BINARY    010100000000000512000000
        ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprof
    ile


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
    CurrentVersion\ProfileList\S-1-5-19" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-19
        ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService

        Flags    REG_DWORD    0x0
        State    REG_DWORD    0x0


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
    CurrentVersion\ProfileList\S-1-5-20" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-20
        ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkServi
    ce
        Flags    REG_DWORD    0x0
        State    REG_DWORD    0x0


    C:\Windows\system32>

    Wednesday, June 5, 2013 3:41 AM
  • You missed the first command (possibly the most important!)

    SC SDSHOW PLUGPLAY

    Please run that and post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, June 5, 2013 6:53 AM
    Moderator
  • oops sorry!

    C:\Windows\system32>sc sdshow plugplay

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
    RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    C:\Windows\system32>
    Wednesday, June 5, 2013 3:51 PM
  • That looks fine to me.

       Please run the following commands from an Elevated Command Prompt window

     

    Copy and paste set of commands below into the window – once completed, hit the Enter Key to ensure that the last command has run

     

    REG QUERY HKU

    REG QUERY HKU\S-1-5-20

    REG QUERY HKU\S-1-5-20\Environment

    REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20"

    REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"

     

         

     

     

     

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, June 5, 2013 4:06 PM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKU

    HKEY_USERS\.DEFAULT
    HKEY_USERS\S-1-5-19
    HKEY_USERS\S-1-5-20
    HKEY_USERS\S-1-5-21-3938857873-3566015112-1538617019-1000
    HKEY_USERS\S-1-5-21-3938857873-3566015112-1538617019-1000_Classes
    HKEY_USERS\S-1-5-18

    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKU\S-1-5-20

    HKEY_USERS\S-1-5-20\AppEvents
    HKEY_USERS\S-1-5-20\Console
    HKEY_USERS\S-1-5-20\Control Panel
    HKEY_USERS\S-1-5-20\Environment
    HKEY_USERS\S-1-5-20\EUDC
    HKEY_USERS\S-1-5-20\Keyboard Layout
    HKEY_USERS\S-1-5-20\Network
    HKEY_USERS\S-1-5-20\Printers
    HKEY_USERS\S-1-5-20\Software
    HKEY_USERS\S-1-5-20\System

    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKU\S-1-5-20\Environment

    HKEY_USERS\S-1-5-20\Environment
        TEMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp
        TMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    \ProfileList\S-1-5-20"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-20
        ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkServi
    ce
        Flags    REG_DWORD    0x0
        State    REG_DWORD    0x0


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    \ProfileList"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
        ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
        Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
        Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
        ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-18
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-19
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-20
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-21-3938857873-3566015112-1538617019-1000

    C:\Windows\system32>
    Wednesday, June 5, 2013 4:42 PM
  • That all looks normal as well.

    What Security software is currently installed?

    What other Anti-Virus programs have EVER been installed on this machine?


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, June 5, 2013 4:52 PM
    Moderator
  • I use Comodo Antivirus, Malwarebytes and Ad-aware. There was another anti-virus program on my computer but I can't remember the name, sorry. Every once in a while, a message will popup that says I need to reinstall windows but I haven't clicked it just in case it was a virus. Do you think it's safe to click it?
    Wednesday, June 5, 2013 5:30 PM
  • Since it's an Asus, it's likely to have shipped with Trend Micro installed - does that sound right?

    You should run their removal tool to ensure that the dregs are gotten rid of.

    http://esupport.trendmicro.com/Pages/How-do-I-remove-old-or-new-versions-of-Trend-Micro-products-in-my-comp.aspx 

    I'm not a fan of Comodo AV - but I know of nothing definite against it.

    Ad-Aware I am definitely no longer a fan of - it became horribly bloated a few years back, and at the same time became a very poor scanning tool. I would suggest uninstalling it, at least temporarily.

    Are you using MalwareBytes in real-time protection mode, or just as a scanner?

    Perhaps we'd better go back to basics -

    After running the Trend Micro removal tool, please run the standard system checks...

    Please run a full CHKDSK and SFC scan....

     

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    CHKDSK C: /R

     

    and hit the Enter key.

    You will be told that the drive is locked,

    and the CHKDSK will run at he next boot - hit the Y key, press Enter, and then reboot.

     

    The CHKDSK will take a few hours depending on the size of the drive, so be patient!

     

    After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) -

    then run the SFC.

     

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    SFC /SCANNOW

     

    and hit the Enter key

     

    Wait for the scan to finish - make a note of any error messages - and then reboot.

     

     

    Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive Public folder (http://skydrive.live.com ) and post a link to it so that I can take a look.

     

    Post a new MGADiag report with details of any error messages encountered.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, June 5, 2013 5:59 PM
    Moderator