Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Genuine Windows 7 starts giving "counterfeit" messages


  • Please log in to reply
11 replies to this topic

#1 mcduck

mcduck

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 23 September 2014 - 02:22 PM

My three-year old genuine OEM Windows 7 began giving me "counterfeit" messages a few days ago. I can still use Windows, but it occasionally nags me to enter the license key. I tried to do so with a copy of the key that I noted three years ago when I got the laptop in the UK, but it did not accept it. Also, as I have not seen the "counterfeit" messages before, so I did not know if they are legitimate from Microsoft, or malware. So I posted on the malware forum, and after doing the various tests malware has been ruled out as a cause (here).  The messages began after someone in a laptop maintenance place pulled the battery when it was switched on but unplugged. After that incident CHKDSK appeared to need to fix quite a few issues on the HD. Those HD fixes *might* have caused Windows to forget its licence key, though it seems improbable. 

 

Here is the MGAdiag log:

 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
 
Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-xxxxx-xxxxx-xxxxx
Windows Product Key Hash: wgci5Gdejx4esg7++zTOe3LWF+4=
Windows Product ID: xxxxx-OEM-xxxxxxx-xxxxx
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {1392FAEC-3378-4C26-8152-25E6ABAAF9FD}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error: T:20140917184738676-
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1392FAEC-3378-4C26-8152-25E6ABAAF9FD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-24367</PKey><PID>00371-OEM-8992671-00437</PID><PIDType>2</PIDType><SID>S-1-5-21-677832004-1690524382-748576713</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>4287CTO</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>8DET69WW (1.39 )</Version><SMBIOSVersion major="2" minor="6"/><Date>20130718000000.000000+000</Date></BIOS><HWID>17CE0D00018400FE</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-8D   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.1.7601.17514
 
Name: Windows® 7, Professional edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700437-02-2057-7601.0000-2602014
Installation ID: 020806575521659741767476232153829664182545021534976205
Partial Product Key: 24367
License Status: Notification
Notification Reason: 0xC004F200 (non-genuine).
Remaining Windows rearm count: 5
Trusted time: 23/09/2014 20:16:59
 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
 
 
HWID Data-->
HWID Hash Current: LgAAAAAAAQABAAEAAAABAAAABAABAAEAonY8nVam8DhuP24GPi0Q8noQkr4ucw==
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC LENOVO TP-8D   
  FACP LENOVO TP-8D   
  HPET LENOVO TP-8D   
  MCFG LENOVO TP-8D   
  SLIC LENOVO TP-8D   
  SSDT LENOVO TP-SSDT2
  SSDT LENOVO TP-SSDT2
  SSDT LENOVO TP-SSDT2
  ECDT LENOVO TP-8D   
  ASF! LENOVO TP-8D   
  TCPA PTL LENOVO
  SSDT LENOVO TP-SSDT2
  SSDT LENOVO TP-SSDT2
  UEFI LENOVO TP-8D   
  UEFI LENOVO TP-8D   
  UEFI LENOVO TP-8D   
 
 

 



BC AdBot (Login to Remove)

 


#2 rockysosua

rockysosua

  • Members
  • 772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Caribbean
  • Local time:07:07 AM

Posted 23 September 2014 - 02:28 PM

Are your updates turned off.

I've had several clients call me with a similar issue and it was due to having Windows Updates turned off, leaving me with the impression that MSC REALLY doesn't like to have that "in and out door" closed on them, so they terrorize users with that "Not Genuine" notification.

On the other hand, if your updates are turned on, then I have no idea what's causing it but you might be able to fix it by opening a command window as administrator and copying and pasting in the following text,

sfc /scannow

then hit enter.

Job will take around 20 minutes.


All is well in Paradise.

#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:07 AM

Posted 23 September 2014 - 02:46 PM

Go to the start menu and right click on Computer, then choose Properties.

 

When Properties opens look at Windows activation and see if it is activated.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 mcduck

mcduck
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 23 September 2014 - 04:59 PM

Thanks Rockysosua and dc3 !

 

Before trying those things, I am curious about what might have happened to my product key. When I bought this laptop 3 years ago I made a note the product key, which has the format xxxxx-OEM-yyyyyyy-zzzzz . Now, when I do 'Computer' -> 'Right Click' -> 'Properties at the bottom of the dialogue box I see a product key which is like the one I noted back then, except for the first five numbers 'xxxxx', which are different. Could someone (e.g. the laptop maintenance guys) have hacked those numbers? I suppose someone with the necessary knowledge could have edited my registry, taken my five digits and inserted some random ones in their place? 



#5 rockysosua

rockysosua

  • Members
  • 772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Caribbean
  • Local time:07:07 AM

Posted 23 September 2014 - 05:02 PM

You can download BelArc which will, amongst other things, give you the key to your Windows activation.


All is well in Paradise.

#6 technonymous

technonymous

  • Members
  • 2,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 23 September 2014 - 07:46 PM

Generally when you install Windows it asks for the Activation key which tells Microsoft you have a genuine Windows. During installation it then generates and creates a hash product ID specific to your machine and no other machine can be activated with that Activation key. Sometimes a repair shop will replace something in the pc and Microsoft red flags it. You can call Microsoft and explain what's up, but they may say they cannot do anything and want you to purchase another Windows OS. It's best to take it to the shop and have them reactivate. A legitmate business with work order in hand and proof of their certifications can pull some weight in that aspect. Microsoft will not put up much of a stink then. 



#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,559 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:07 AM

Posted 24 September 2014 - 06:53 AM

...and sometimes an OEM system will start throwing out "not genuine" messages, for whatever reason.  I've seen HP systems do this and I'm sure they are not alone.

 

http://support.microsoft.com/kb/2008385

 

https://www.google.com/search?q=windows+7+not+genuine%2C+OEM&hl=en&gbv=2&oq=&gs_l=

 

Louis



#8 rockysosua

rockysosua

  • Members
  • 772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Caribbean
  • Local time:07:07 AM

Posted 24 September 2014 - 06:59 AM

Typically, when I see the "non Genuine" watermark at the bottom right of the screen, I just right click on "Computer" and hit properties and scroll down to the bottom where it shows the system as being activated, and the watermark disappears immediately.

According to the clients who experienced it in the past, they get "harrassed for a couple of months and then it dissappears.


All is well in Paradise.

#9 mcduck

mcduck
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 24 September 2014 - 10:07 AM

Thanks hamluis and technonymous

 

Since my previous post, I spent nearly and hour each chatting with Microsoft and Lenovo tech support. Both understood the problem but were unable to fix. I would rather not edit the registry, especially not on the road. I inadvisedly came on this trip without my Lenovo recovery media (which has the Product ID baked in I believe), so I will wait until I get back home and then reinstall Windows. 



#10 JohnC_21

JohnC_21

  • Members
  • 23,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 24 September 2014 - 10:14 AM

Before reinstalling Windows you can try the following. If you have autoupdates on Microsoft will add an update called WGA notification where it phones home at every boot to determine if the windows is genuine. You can remove it with a utility. WGA has caused a lot of problems with calling legitimate Windows installs not genuine. When running the utility it will tell you if it is installed and will attempt to remove WGA. Reboot the computer and see if you still get the not genuine message. If this is against forum rules, moderator please delete link.

 

Limitations:
This program is advertising supported and may offer to install third party programs that are not required for the program to run. These may include a toolbar, changing your homepage, default search engine or other third party programs. Please watch the installation carefully to opt out. For more information:

 



#11 Racket_Man

Racket_Man

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheese Head Land
  • Local time:05:07 AM

Posted 27 September 2014 - 03:13 AM

I had the same thing happen on my Win 7 machine maybe 2 years ago.  After a Windows Update, the machine kept harressing for like a week or so me that my copy of Win 7 was not legit and that the OS would not work in due time.   Finally it quit working and I had to call MS Support..  I had to read off the serial/activation number off the side of my machine from the genuine MS Sticker/hologram and they gave me a NEW activation/serial number to enter into Windows.

 

No problems since.



#12 Go The Power

Go The Power

  • BC Advisor
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 PM

Posted 30 September 2014 - 04:12 AM

Hello,

First there is no need to hash out the product key or the PID, because it is impossible to get the reset of the Product key. Thats my MS made this program is so it can be used safely online. Along with that you have an OEM_SLP license, which means that every person that has a LENOVA Windows 7 Professional computer will have the exact same license key as you. The OEM SLP key authentic with the BIOS using the SLIC table along with the PID and the Manufacture name. Now the PID itself is useless without the key, it cannot be stolen or used illegally, because the PID is used to tell Windows what sort of license the machine has.
Luckily (for me) you forgot to hash out one area and I was able to look up the partial match of this key with the SLIC table and it matches.
Now the error here is the Trusted Store Tamper license is broken:
TTS Error: T:20140917184738676-
  • Click on the Win7Orb_zps4dae3b32.jpg button. Inside the search box type in CMD
  • Right click on CMD => Choose Run as Administrator
  • Inside the Command Prompt windows copy and paste the following commands
    net stop sppsvc (wait for the service to stop before trying to enter any more commands)

    CD %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
    REN tokens.dat tokens.bar
    net start sppsvc
    slui.exe
  • Please wait for this to Finish before continuing with the rest of the steps.
After a couple of seconds the Windows activation dialog will appear. If you are asked to enter in a product key please use the one from your COA sticker, instructions can be found Here.

Once done please restart your computer and most a new MGADiag report.

Edited by Go The Power, 30 September 2014 - 04:13 AM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users