windows 7 non genuine issue

NoelDP · 31 Mar 2013

Interesting - please post a new MGADiag report, as it may show differences now.

winstonpinto · 01 Apr 2013

Code:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070005
Windows Product Key: *****-*****-RBV79-QMVK9-PTMXQ
Windows Product Key Hash: RVPQaUf1pt3sdh4lgPOLdnLL830=
Windows Product ID: 00346-OEM-8992752-50213
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.002
ID: {922BD9E8-F0DF-41C2-808C-26871A646456}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Basic
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130104-1431
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{922BD9E8-F0DF-41C2-808C-26871A646456}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.002</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PTMXQ</PKey><PID>00346-OEM-8992752-50213</PID><PIDType>2</PIDType><SID>S-1-5-21-1836982260-1520228119-2296431884</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>20079                           </Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>40CN08WW(V2.07)</Version><SMBIOSVersion major="2" minor="7"/><Date>20110523000000.000000+000</Date></BIOS><HWID>9CB33A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>CB-01   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text.
Error: 0x46 

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:27:2013 06:53
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAMAAAABAAAAAwABAAEA6GGGwwx0xOXW8SRD1FJkkRwJNAUwbXybLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			INSYDE		HR CRB  
  FACP			LENOVO		CB-01   
  HPET			LENOVO		CB-01   
  BOOT			INSYDE		HR CRB  
  MCFG			LENOVO		CB-01   
  WDAT			INSYDE		HR CRB  
  SLIC			LENOVO		CB-01   
  ASF!			INSYDE		HR CRB  
  SSDT			INSYDE		HR CRB  
  ASPT			INSYDE		HR CRB  
  SSDT			INSYDE		HR CRB  
  SSDT			INSYDE		HR CRB  
  SSDT			INSYDE		HR CRB

NoelDP · 01 Apr 2013

Open Windows Explorer (Computer)
Navigate to the C:\Windows folder
Find the System32 sub-folder and right-click on it
select Properties

Clear the 'blob' from the 'Read-only (Only applies to files in folder)' box by clicking on it until it's plain white.
Click on Apply.

Make sure that the radio button for 'Apply changes to this folder, subfolders and files' is set, and click OK.

Accept the Administrator prompt. After a couple of seconds, you'll be told there is an error - click on the 'Ignore all' button.

Wait for it to finish - it could take a couple of minutes.

OK out, and exit Windows Explorer.

Reboot twice

Post another MGADiag report.

winstonpinto · 01 Apr 2013

Code:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070005
Windows Product Key: *****-*****-RBV79-QMVK9-PTMXQ
Windows Product Key Hash: RVPQaUf1pt3sdh4lgPOLdnLL830=
Windows Product ID: 00346-OEM-8992752-50213
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.002
ID: {922BD9E8-F0DF-41C2-808C-26871A646456}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Basic
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130104-1431
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{922BD9E8-F0DF-41C2-808C-26871A646456}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.002</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PTMXQ</PKey><PID>00346-OEM-8992752-50213</PID><PIDType>2</PIDType><SID>S-1-5-21-1836982260-1520228119-2296431884</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>20079                           </Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>40CN08WW(V2.07)</Version><SMBIOSVersion major="2" minor="7"/><Date>20110523000000.000000+000</Date></BIOS><HWID>9CB33A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>CB-01   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text.
Error: 0x46 

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:27:2013 06:53
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAMAAAABAAAAAwABAAEA6GGGwwx0xOXW8dRSZJEkQxwJNAUwbXybLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			INSYDE		HR CRB  
  FACP			LENOVO		CB-01   
  HPET			LENOVO		CB-01   
  BOOT			INSYDE		HR CRB  
  MCFG			LENOVO		CB-01   
  WDAT			INSYDE		HR CRB  
  SLIC			LENOVO		CB-01   
  ASF!			INSYDE		HR CRB  
  SSDT			INSYDE		HR CRB  
  ASPT			INSYDE		HR CRB  
  SSDT			INSYDE		HR CRB  
  SSDT			INSYDE		HR CRB  
  SSDT			INSYDE		HR CRB

NoelDP · 01 Apr 2013

I'm missing something, somewhere...

Please run these commands (again?)
post the results.

Please run the following command from an Elevated Command Prompt window(1)

Copy and paste set of commands below into the window – once completed, hit the Enter Key to ensure that the last command has run (2)

REG QUERY HKU
REG QUERY HKU\S-1-5-20
REG QUERY HKU\S-1-5-20\Environment
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20"
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"

Copy the whole output to your response(3)

winstonpinto · 01 Apr 2013

Code:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\WINSTON>REG QUERY HKU

HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-20
HKEY_USERS\S-1-5-21-1836982260-1520228119-2296431884-1000
HKEY_USERS\S-1-5-21-1836982260-1520228119-2296431884-1000_Classes
HKEY_USERS\S-1-5-18

C:\Users\WINSTON>REG QUERY HKU\S-1-5-20

HKEY_USERS\S-1-5-20\AppEvents
HKEY_USERS\S-1-5-20\Console
HKEY_USERS\S-1-5-20\Control Panel
HKEY_USERS\S-1-5-20\Environment
HKEY_USERS\S-1-5-20\EUDC
HKEY_USERS\S-1-5-20\Keyboard Layout
HKEY_USERS\S-1-5-20\Printers
HKEY_USERS\S-1-5-20\Software
HKEY_USERS\S-1-5-20\System

C:\Users\WINSTON>REG QUERY HKU\S-1-5-20\Environment

HKEY_USERS\S-1-5-20\Environment
    TEMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp
    TMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp


C:\Users\WINSTON>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Pr
ofileList\S-1-5-20"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-20
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkServi
ce
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0


C:\Users\WINSTON>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Pr
ofileList"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-21-1836982260-1520228119-2296431884-1000

C:\Users\WINSTON>
C:\Users\WINSTON>

NoelDP · 01 Apr 2013

(By the way - the problems in the thread you linked to were very different to yours, which is why I hadn't offered that solution)

Please run the following commands, and post the results...

REG QUERY HKLM\System\CurrentControlSet\Services\SPPSVC /s
REG QUERY HKLM\System\CurrentControlSet\Services\SPPUINotify /s
REG QUERY HKLM\System\CurrentControlSet\Services\SPLDR /s
REG QUERY HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SPLDR /s
SC QUERYEX SPLDR

winstonpinto · 01 Apr 2013

Code:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\WINSTON>REG QUERY HKLM\System\CurrentControlSet\Services\SPPSVC /s

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPPSVC
    DisplayName    REG_SZ    @%SystemRoot%\system32\sppsvc.exe,-101
    Description    REG_SZ    @%SystemRoot%\system32\sppsvc.exe,-100
    ObjectName    REG_SZ    NT AUTHORITY\NetworkService
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    DelayedAutoStart    REG_DWORD    0x1
    Type    REG_DWORD    0x10
    DependOnService    REG_MULTI_SZ    RpcSs
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeAuditPrivilege\0SeChangeNotifyPrivil
ege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege
    FailureActions    REG_BINARY    80510100000000000000000003000000140000000100
0000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPPSVC\Security
    Security    REG_BINARY    010014804C00000058000000140000003000000002001C0001
00000002801400FF010F0001010000000000010000000002001C000100000000001400FD01020001
0100000000000512000000010100000000000512000000010100000000000512000000


C:\Users\WINSTON>REG QUERY HKLM\System\CurrentControlSet\Services\SPPUINotify /s


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPPUINotify
    DisplayName    REG_SZ    @%SystemRoot%\system32\sppuinotify.dll,-103
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\system32\svchost.exe -k LocalServ
ice
    Description    REG_SZ    @%SystemRoot%\system32\sppuinotify.dll,-102
    ObjectName    REG_SZ    NT AUTHORITY\LocalService
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x3
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    EventSystem
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeChangeNotifyPrivilege\0SeImpersonate
Privilege
    FailureActions    REG_BINARY    80510100000000000000000003000000140000000100
0000E093040001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPPUINotify\Parameters
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\system32\sppuinotify.dll
    ServiceDllUnloadOnStop    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPPUINotify\Security
    Security    REG_BINARY    01001480C8000000D4000000140000003000000002001C0001
00000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001
010000000000051200000000002800FD010200010600000000000550000000F05B5807C3438C9AC7
8A72DD8F8CB4DF4447E7F800001800FF010F0001020000000000052000000020020000000014008D
010200010100000000000504000000000014008D0102000101000000000005060000000000140000
01000001010000000000050B000000010100000000000512000000010100000000000512000000


C:\Users\WINSTON>REG QUERY HKLM\System\CurrentControlSet\Services\SPLDR /s

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPLDR
    DisplayName    REG_SZ    Security Processor Loader Driver
    ErrorControl    REG_DWORD    0x3
    Start    REG_DWORD    0x0
    Type    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPLDR\Enum
    0    REG_SZ    Root\LEGACY_SPLDR\0000
    Count    REG_DWORD    0x1
    NextInstance    REG_DWORD    0x1


C:\Users\WINSTON>REG QUERY HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SPLDR
/s

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_SPLDR
    NextInstance    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
    Service    REG_SZ    spldr
    Legacy    REG_DWORD    0x1
    ConfigFlags    REG_DWORD    0x400
    Class    REG_SZ    LegacyDriver
    ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
    DeviceDesc    REG_SZ    Security Processor Loader Driver
    Capabilities    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control
    ActiveService    REG_SZ    spldr


C:\Users\WINSTON>SC QUERYEX SPLDR

SERVICE_NAME: SPLDR
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

C:\Users\WINSTON>

NoelDP · 01 Apr 2013

That does explain something, at least!

Please run the following command

SC CONFIG SPPSVC /binPath= %SystemRoot%\System32\sspsvc.exe

post the results, then reboot and run another MGADiag report.

winstonpinto · 01 Apr 2013

Code:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\WINSTON>SC CONFIG SPPSVC /binPath= %SystemRoot%\System32\sspsvc.exe
DESCRIPTION:
        Modifies a service entry in the registry and Service Database.
USAGE:
        sc <server> config [service name] <option1> <option2>...

OPTIONS:
NOTE: The option name includes the equal sign.
      A space is required between the equal sign and the value.
 type= <own|share|interact|kernel|filesys|rec|adapt>
 start= <boot|system|auto|demand|disabled|delayed-auto>
 error= <normal|severe|critical|ignore>
 binPath= <BinaryPathName>
 group= <LoadOrderGroup>
 tag= <yes|no>
 depend= <Dependencies(separated by / (forward slash))>
 obj= <AccountName|ObjectName>
 DisplayName= <display name>
 password= <password>

C:\Users\WINSTON>