 | |
| |
| 10 Mar 2011 | #1 |
| | Query Have a friend who bought a used machine for his young teenage son that I think is dodgy - bought it as seen from one of his wife's work mates. I suspect the 7 he has is not an entirely genuine one as the machine was originally a Vista one and there is no MBR (I think the HDD has been scrubbed or replaced)and I can find no way of factory defaulting it -I've tried numerous ways but nothing. The only thing I have is the OEM Product ID in "System" and I don't want to go checking too deeply as obviously as I don't want to get him into strife, as he is not computer savvy - nor am I for that matter but I can spot something not quite right like this puppy. I did find some cookies of porn sites on it that I cannot get rid of - ideas?? I can clear them with CC but if one uninstalls and reinstalls the CC the cookies come back! |
My System Specs | |
| 11 Mar 2011 | #2 |
| | Can you post the specs of the rig you are working on? & Can you post a screen shot of Disk management? http://www.sevenforums.com/tutorials...en-forums.html Screenshot tools. A Preferred Method of Uploading/Posting Screen Shots How to Use the Snipping Tool in Vista - Vista Forums Snipping Tool - Windows 7 features - Microsoft Windows Use Snipping Tool to capture screen shots Screenshot with Paint Screenshot and Upload using MWSnap fscapture free download Use Snipping Tool to capture screen shots |
| My System Specs |
| 11 Mar 2011 | #3 |
| | Run this tool. http://go.microsoft.com/fwlink/?linkid=52012 Click on the Copy tab at the bottom, paste into notepad, save as .txt file, upload the file here. Looking at the file, I may be able to tell you whether windows is genuine. Also, if its not genuine OEM, there wont be a recovery partition so factory restore will not be possible. |
| My System Specs |
| . |
| |
| 11 Mar 2011 | #4 |
| | Ok Bill Bill I have copied the result form the machine to a stick hopefully this will work ok as I didn't want to risk sending a virus or whatever on it as I did find that rootkit when tidying it up. As I said I am not that savvy re these things yet hence me doing it this way as a precaution. Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QH38Y-JG33F-3PFXV
Windows Product Key Hash: pnqmnE0SPRmC5tlIKYhYTnRp53E=
Windows Product ID: 00359-OEM-8702911-70946
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {B708F032-68EB-4104-9296-A3E3A64E6E37}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B708F032-68EB-4104-9296-A3E3A64E6E37}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3PFXV</PKey><PID>00359-OEM-8702911-70946</PID><PIDType>3</PIDType><SID>S-1-5-21-1543349361-3578065358-67789564</SID><SYSTEM><Manufacturer>NEC</Manufacturer><Model>NEC VERSA series</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080014 </Version><SMBIOSVersion major="2" minor="5"/><Date>20071005000000.000000+000</Date></BIOS><HWID>1F8E3907018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>NECCAP</OEMID><OEMTableID>COMPUTER</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>64BC76978749586</Val><Hash>GW6PzcEVEDTVKeO5Ym5UUm41dBk=</Hash><Pid>89388-707-0441865-65118</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 586bc076-c93d-429a-afe5-a69fbc644e88
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00174-029-170946-02-1033-7600.0000-1332010
Installation ID: 010232956774287960804064072670308165318411899226731915
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3PFXV
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 12-Mar-11 9:16:04 AM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:12:2011 21:54
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: OAAAAAEABQABAAIAAQABAAAAAgABAAEAJJQ2OLhZ4g5Gg3gyvv9a0qJSQjB+UvKAOKCUOxX6KoU=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 100507 APIC1645
FACP 100507 FACP1645
HPET 100507 OEMHPET
MCFG 100507 OEMMCFG
SLIC NECCAP COMPUTER
OEMB 100507 OEMB1645
ASF! LEGEND I865PASF
GSCI 100507 GMCHSCI
SSDT PmRef CpuPm I didn't try those links as I really don't know what they mean or are for. Cheers John Last edited by Brink; 14 Mar 2011 at 11:54 PM.. Reason: code box |
| My System Specs |
| 11 Mar 2011 | #5 |
| | To Theog Theog again I've done what I did with the othe reply and am sending snips of the specs I hopw are the ones you want plus the disk management. Cheers John http://i51.tinypic.com/2udyvk9.png http://i54.tinypic.com/2njbj3p.png |
| My System Specs |
| 11 Mar 2011 | #6 |
| | I had a look at the mgadiag report and the disk management. The mgadiag does not show anything that would immediately identify the system as non-genuine. Its using a system builder license (the types you get from newegg) so there would be a disk lying around that can be used to clean install with. The only odd thing is the remaining rearm count is 4, only 3 rearm counts are available normally. This means the install has been tampered in some way. Also, since the machine bios is dated 2007, it could not possibly have come with Windows 7 preinstalled this is also confirmed by the mgadiag report and the snip which does not show any factory partition. Best bet would be to reinstall windows- get your friend to cough up the disk and product key he used. Till you get around to doing that, you can also visit the MS genuine site and validate the install, there could be other issues like the same key being used on multiple computers. |
| My System Specs |
| 11 Mar 2011 | #7 |
| | 
Quote: Originally Posted by Bill2  The only odd thing is the remaining rearm count is 4, only 3 rearm counts are available normally. This means the install has been tampered in some way.  For those who haven't update to SP1, it will still show 3 rearms. |
| My System Specs |
| 11 Mar 2011 | #8 |
| |
Quote: Originally Posted by D3ftOn3Z
Quote: Originally Posted by Bill2 The only odd thing is the remaining rearm count is 4, only 3 rearm counts are available normally. This means the install has been tampered in some way. For those who haven't update to SP1, it will still show 3 rearms. |
| My System Specs |
| 12 Mar 2011 | #9 |
| |
Quote: Originally Posted by Bill2 I had a look at the mgadiag report and the disk management. The mgadiag does not show anything that would immediately identify the system as non-genuine. Its using a system builder license (the types you get from newegg) so there would be a disk lying around that can be used to clean install with. The only odd thing is the remaining rearm count is 4, only 3 rearm counts are available normally. This means the install has been tampered in some way. Also, since the machine bios is dated 2007, it could not possibly have come with Windows 7 preinstalled this is also confirmed by the mgadiag report and the snip which does not show any factory partition. Best bet would be to reinstall windows- get your friend to cough up the disk and product key he used. Till you get around to doing that, you can also visit the MS genuine site and validate the install, there could be other issues like the same key being used on multiple computers.  |
| My System Specs |
| 14 Mar 2011 | #10 |
| | Thanks Bill Sorry for late reply mate - work and all that. So it's quite an old machine isn't it? Hmmmm as I said my mate got it from one his wife's work colleagues and not knowing that he should have got the disk off this bloke - there isn't one to hand. Yeh the machine was originally Vista as it has the NEC and Microsoft Vista compliance sticker on the bottom (the one with the Vista OEM Activation code, Serial No. etc). So when I tried to factory default it absolutely nothing happened which immediately made me think the original owner had either completely wiped / destroyed the MBR or replaced the drive with new one. Now the second theory I don't think is quite right as the HDD is only a 120Gb one, and who in their right mind would replace it with such a small one?? So I am guessing that the owner put on a pirated or "acquired" OEM version of 7. He has used it for a while himself (or someone has) and then sold it on hence my finding those porn cookies still in it. OR I am beginning to have a rather nasty suspiscion that he might have been sold a "fell off the back of a truck or bought it from a bloke in a pub" machine if you get my drift! I've set some security on it for him - MSE & the free Malwarebytes as it had nothing and it works just fine. I don't know how he wants the email set up as it has Office on it and anyway that is his decision. I am going to contact him in the next couple of days to find out where it came from but am not going to hold my breath that he will be told the truth!! I'm just really angry at some person selling this machine to him as he doesn't have a lot of disposable income being disabled. Plus I guess any chance of him getting his money back is going to be negligable. Hey but look thanks so much for having a look for me as I don't understand that stuff - and to the other guys input too everyone in this forum is SO pleasant and I am in your debt and very appreciative!!  |
| My System Specs |
 |
Query problems?
| Thread Tools | |
| Similar help and support threads for: Query | ||||
| Thread | Forum | |||
| Query regarding SSD | Hardware & Devices | |||
| Query re WLM | Browsers & Mail | |||
| Query | Drivers | |||
| RAM query | Hardware & Devices | |||
| VPN Query | Network & Sharing | |||
All times are GMT -5. The time now is 03:42 AM.
