Windows Suddently Not Genuine (not KB971033 related)

Discussion in 'Windows 7' started by Dunge, Jun 2, 2010.

  1. Dunge

    Dunge MDL Novice

    Jul 30, 2009
    13
    2
    0
    I have Win7 x64 ultimate from the original Microsoft retail ISO when it first got out. I used 7Loader (1.4 or 1.5 at that time, can't remember) and it activated it and worked great for months.

    Then, March 2nd, I installed KB971033 and it wasn't genuine anymore, so I installed "Program Based Windows7 Loader 1.79 (I think)" and redid the validation check on ms website and it worked.

    Yesterday, I receive a new "Windows is not genuine" message. I tried to install Loader 1.8 and do the online-check again, but it still say I'm not genuine. What can I do?

    And no, I did not install any Windows update in the last week.
     
  2. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,511
    66,655
    300
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Dunge

    Dunge MDL Novice

    Jul 30, 2009
    13
    2
    0
    I never use the hibernate feature, but I do reboot from time to time. If you're asking this to know if it installed updates, there's no update installed since 2010-04-17 which is two weeks ago.

    Here's MGADiag report:
     
  4. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,511
    66,655
    300
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. ColdZero

    ColdZero MDL Addicted

    Nov 9, 2009
    653
    2,957
    30
    Nice Daz! Thumbs up!
     
  6. Dunge

    Dunge MDL Novice

    Jul 30, 2009
    13
    2
    0
    Thanks for the quick, clear and concise response.
    Problem is, that didn't do it. I uninstalled the loader from the application, ran your "fix" (which is a single undocumented exe, thing I don't normally execute but since it comes from you I know I can trust it) and when it finished rebooted. I was greeted by a new "Windows is not activated" screen. I then came back here, downloaded loader 1.8.1, installed it, rebooted. Same screen, but I had the option to activate and activation was successful (as it was before). I then went to microsoft.com/genuine and executed the test, unfortunately I still have the same message: "Windows running on this PC is not genuine."

    I ran the diag tool again, and made a diff between the two logs. The only difference is that I now have a (3) at the end of the first ID line, while it was (1) before. The rest stayed exactly the same.

    Would Office have anything to do with that? Or Visual Studio?
     
  7. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,511
    66,655
    300
    C:\system32\drivers\etc\

    Open up the hosts file in notepad, it should have no entries but if it does remove them. Office is also a known problem when you have OGA installed.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Dunge

    Dunge MDL Novice

    Jul 30, 2009
    13
    2
    0
    I did have a few entries in my hosts file, things I added manually and who obviously don't relate to this. I deleted them anyway and ran the test again, no luck. Should I do the whole uninstall/fix/reinstall process again?
    Also, how do I know if I have Office Genuine Advantage installed? I wouldn't think so, and it don't appear in "Programs and Features" nor in "Installed Updates" but you never know.
     
  9. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,511
    66,655
    300
    KB949810 is OGA.

    A new MGADiag report would be handy, I think most files should be fine now if everything was done correctly though.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Dunge

    Dunge MDL Novice

    Jul 30, 2009
    13
    2
    0
    Can't find KB949810, so no I don't have it. Strange since I always installed every updates available.
    As I already said before, a new MGADiag report is exactly the same except the (3). I use a diff application and it don't give false results, and neither does it look different at a quick glance either. If you are talking about the "Tampered File", they are still there and I really wonder why.
    And yes, I did follow these (rather simple) steps correctly. I did reboot after each installation. I'm a linux system admin and professional programmer after all.
    Strange fact, in loader 1.8.1, in the Status field it's written "Licensed (Untouched)". Why untouched?
     
  11. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,069
    270
    type services.msc in start search box and navigate to software protection services. Doeble click and look at start up type. What does it say?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. Dunge

    Dunge MDL Novice

    Jul 30, 2009
    13
    2
    0
    Automatic, currently Stopped.
     
  13. MasterDisaster

    MasterDisaster MDL Expert

    Aug 29, 2009
    1,256
    670
    60
    You need to replace the tampered files with the original ones. Most of them can found in the winsxs folder. Just use the search feature and get your files.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. MasterDisaster

    MasterDisaster MDL Expert

    Aug 29, 2009
    1,256
    670
    60
    Line 3 is important, please post it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,069
    270
    Set it to automatic (delayed start)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. Dunge

    Dunge MDL Novice

    Jul 30, 2009
    13
    2
    0
    #16 Dunge, Jun 3, 2010
    Last edited: Jun 3, 2010
    (OP)
    Delayed start did not change the result.
    Line 3 in the Diag log is "Windows Validation Data-->", I'm guessing you mean the third line with data in it, which is the Product Key, which didn't change and is still "Windows Product Key: *****-*****-Q6MMK-KYK6X-VKM6G". Is that key bad? Should I change it using the loader?
    As for the tempered files (the part where the problem is more plausible to be), I would like to overwrite them from with those from the winsxs folder, but you know I need "Trusted Installer" permission to do that. I know booting on another disk in WinXP or Linux and acceding the files will gives me the same message. Should I use the recovery console or something? How were these files "tampered" anyway? Would that be a virus or something? My installation seems clean based on my anti virus, never had any problem.

    Edit: Nevermind about this permission problem, I can take ownership and give permission. Doing that now, we'll see.
     
  17. Dunge

    Dunge MDL Novice

    Jul 30, 2009
    13
    2
    0
    #17 Dunge, Jun 4, 2010
    Last edited: Jun 4, 2010
    (OP)
    Ok, I did all files one per one (change owner, add full permission, move to backup folder, search winsxs for amd64 version and re-copy at the original place). All 26 files. I run the Diag tool again, no change, files are still "tampered". What the hell?
    Of course I had my doubt it wouldn't work when I saw they were exactly the same size and modification date.
     
  18. Dunge

    Dunge MDL Novice

    Jul 30, 2009
    13
    2
    0
    Still need counseling.... it's been helpful so far but it still don't work and I really wonder why.
     
  19. LQQL

    LQQL MDL Addicted

    Apr 21, 2009
    773
    120
    30
    #19 LQQL, Jun 5, 2010
    Last edited: Jun 5, 2010
    Start all over from sketch.

    Get yourself an untouched win7 iso, burn it or even put on a bootable flashdrive and do a fresh install.

    After that just use whatever option you want to activate. I recommend a BIOS mod or Daz's loader.

    This should be it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...