Hi Patrick,
The way Wrench describes is the way pretty much all of us do it. :) There are a couple of tips I've learnt over the years however.
1) If you see Windows 7 Ultimate - be suspicious. Don't instantly condemn the OP, but very few machines come with the Ultimate edition and it's the one that's pirated the most.
2) Compare the Product ID with the manufacturer of the computer. Taking the attached file in Wrench's post as an example:
Code:
OS Name: Microsoft Windows 7 Ultimate
It's ultimate - I'm suspisious
Code:
System Manufacturer: To be filled by O.E.M.
System Model: To be filled by O.E.M.
Custom build PC - In that case, I would expect to see a retail key.
Code:
Product ID: 00426-OEM-8992662-00400
Google the last three parts:
OEM-8992662-00400, and surround them in speech marks for better results.
Google returns a lot of results - I'm now almost certain this is a crack.
One of the pages further down the list shows exactly what I want to see:
Windows 7 OEM SPL KEYS - XiZi's Blog
Code:
XXXXX-OEM-8992662-00400 --- DELL
It's a Dell OEM key used on a custom build PC - It's non genuine.
If the key appears lots in Google but matches the manufacturer of the PC, then it tends to be legit. If it doesn't - then it's a crack.
3) Check how many Updates are installed. Cracked systems are often not updates in order to preserve the crack. In this case:
Code:
Hotfix(s): 1 Hotfix(s) Installed.
[01]: KB958488
4) Ask for an MGADiag report! They look scary, but can be very useful. I like to ask for an MGADiag report before declaring the OS is non-genuine.
My canned speech for MGADiag -
Your reports indicate a possible bad Windows install. Please download the [URL=http://go.microsoft.com/fwlink/?linkid=52012]MGADiag tool[/URL] and run it. When it opens, press continue and wait. When the screen changes, press copy. Post the results in your next post. Note: Please select (highlight) all of the MGADiag report that you pasted, and click on the code box [B]#[/B] toolbar icon to wrap the report in a code box when posted. This will make your post neater and easier to read.
Let's give you a quick guide for MGADiag...
For an OEM SLP key to be genuine, a few things much match up in the MGADiag report - The key itself, the manufacturer and the SLIC key in the BIOS.
Let's look at an example:
Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-Q6MMK-KYK6X-VKM6G
Windows Product Key Hash: 289NoAWl2ZoVfuieux/315WkDIc=
Windows Product ID: 00426-OEM-8992662-00173
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {1639F2BA-8F7F-4704-B327-7B4318142E7C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1639F2BA-8F7F-4704-B327-7B4318142E7C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VKM6G</PKey><PID>00426-OEM-8992662-00173</PID><PIDType>2</PIDType><SID>S-1-5-21-62616032-3399521306-1291915431</SID><SYSTEM><Manufacturer>MSI</Manufacturer><Model>MS-7641</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V17.12</Version><SMBIOSVersion major="2" minor="6"/><Date>20121128000000.000000+000</Date></BIOS><HWID>F0653307018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>MSI_NB</OEMID><OEMTableID>MEGABOOK</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600173-02-1033-7601.0000-3612012
Installation ID: 018992619335663230781142748965295442839531243010475334
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: VKM6G
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/31/2012 6:50:10 AM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:26:2012 14:57
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: MgAAAAEABAABAAEAAAACAAAAAQABAAEAln14V9aWVPIQMxiZmKAmO9oRULDvNvxnFA8=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 7641MS A7641100
FACP 7641MS A7641100
HPET 7641MS OEMHPET
MCFG 7641MS OEMMCFG
OEMB 7641MS A7641100
SSDT A M I POWERNOW
SLIC MSI_NB MEGABOOK
First, look at the key:
It's an ASUS key according to Google.
Now look at the BIOS information at the end of the log:
Code:
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 7641MS A7641100
FACP 7641MS A7641100
HPET 7641MS OEMHPET
MCFG 7641MS OEMMCFG
OEMB 7641MS A7641100
SSDT A M I POWERNOW
SLIC MSI_NB MEGABOOK
The BIOS is reporting MSI_NB as the SLIC value. Looks like an ASUS key on an MSI system.
For one last check, let's find the true manufacturer. OPs sometimes don't say - or just lie.
Find the
Other Data--> line in the report.
Code:
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1639F2BA-8F7F-4704-B327-7B4318142E7C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VKM6G</PKey><PID>00426-OEM-8992662-00173</PID><PIDType>2</PIDType><SID>S-1-5-21-62616032-3399521306-1291915431</SID><SYSTEM><Manufacturer>MSI</Manufacturer><Model>MS-7641</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V17.12</Version><SMBIOSVersion major="2" minor="6"/><Date>20121128000000.000000+000</Date></BIOS><HWID>F0653307018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>MSI_NB</OEMID><OEMTableID>MEGABOOK</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
I've highlighted the bit you're looking for in red. It's an MSI MS-7641 computer.
So, it's an MSI machine with an ASUS key ---> NON GENUINE.
5) If you're really unsure, look at the date of the install. If it's before 28/7/2009 (Windows 7 release date), then it's impossible for a OEM key to be on the machine!
I've highlighted it in blue in the above code block - it's in the format YYYYMMDD. In this case, it's the 28th Nov 2012, so it's fine.
6) If the Product ID is
XXXXX-OEM-8992662-00497
Then it's counterfit - no questions asked. The Key was blocked and destroyed even before launch and no machine in the world has a legal copy.
---
I'm no expert, but that's what I know. Speak to NoelDP if you're really interested in the ins and outs!
Stephen