Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Build 7601 is Not Genuine


  • Please log in to reply
21 replies to this topic

#1 jionunez

jionunez

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 25 September 2014 - 07:34 PM

I run Windows 7 on my Dell XPS 1500, which I've had for over two years now. I've only used the preinstalled Windows, so I know that it is genuine. Yesterday, my computer kept glitching and freezing. Once I got that to stop, MalwareBytes alerted me that it was blocking Trojan attacks using a certain file in Program Files (x86). Once I deleted the file and restarted my computer, I got the message that my copy of Windows might be counterfit. My background is replaced with a black screen, and explorer.exe takes almost 5 minute to load after I boot up my computer.


Edited by hamluis, 29 September 2014 - 10:30 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 rockysosua

rockysosua

  • Members
  • 772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Caribbean
  • Local time:10:45 PM

Posted 25 September 2014 - 07:56 PM

As for the slowness, try to do a System Restore to a time that precedes the problem.

I'll post a link in a minute about the "not genuine" issue.

 

Check this thread out, that talks about the same issue.


Edited by rockysosua, 25 September 2014 - 07:58 PM.

All is well in Paradise.

#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:45 PM

Posted 26 September 2014 - 10:25 AM

The following is a quote from Microsoft Support regarding the message Windows is not genuine.

 

 

 

This can be caused by either of the following:
1. There is a lack of permissions in the registry key HKU\S-1-5-20. The Network Service account must have full control and read permissions over that registry key.
This situation may be the result of applying a Plug and Play Group Policy object (GPO).
 
The article goes on to suggest ways to correct this situation.

Edited by dc3, 26 September 2014 - 10:27 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 jionunez

jionunez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 28 September 2014 - 10:19 PM

HKU/S-1-5-20 does have full permissions. And I was able to get the product keye using Belarc Advisor, but when I go online to validate my software with Microsoft again, I get an error saying that there's a script error on the page.



#5 Go The Power

Go The Power

  • Members
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 30 September 2014 - 03:37 AM

Hello

Download MGADiag (by Microsoft) from the link found below:
http://go.microsoft.com/fwlink/?linkid=52012
Run the tool by double-clicking on the file. Press Continue when prompted
When it has finished, press Copy then Paste (Ctrl+V) this into your next post please

Please also mention what version of windows is mention on your COA sticker (if you have one) but don't post the key.
http://www.microsoft.com/en-us/howtotell/Hardware.aspx



#6 jionunez

jionunez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 02 October 2014 - 06:37 PM

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {A9A96427-6E68-4205-BCAB-1924FFA73426}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A9A96427-6E68-4205-BCAB-1924FFA73426}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-19823879-2218008679-2919287783</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS L521X</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="7"/><Date>20120626000000.000000+000</Date></BIOS><HWID>C47F3007018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CL09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
Error: 0xC004F012

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0000000000000010
Event Time Stamp: 9:25:2014 18:06
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll


HWID Data-->
HWID Hash Current: NgAAAAIAAAABAAIAAQABAAAABQABAAEAln2CUXcWjAnGBWCaAmE4gkqq5EH8+lC6xi04YpZj

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            DELL          CL09   
  FACP            DELL          CL09   
  HPET            DELL          CL09   
  BOOT            DELL          CL09   
  MCFG            DELL          CL09   
  TCPA            DELL          CL09   
  SLIC            DELL          CL09   
  UEFI            DELL          CL09   
  ASF!            DELL          CL09   
  SSDT            COMPAL        CRV ORB
  ASPT            DELL          CL09   
  FPDT            DELL          CL09   
  SSDT            COMPAL        CRV ORB
  SSDT            COMPAL        CRV ORB
  DMAR            DELL          CL09   
  SSDT            COMPAL        CRV ORB
  SSDT            COMPAL        CRV ORB

 



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:45 PM

Posted 03 October 2014 - 08:53 AM

You need to install the latest Intel Rapid Storage drivers.


Edited by dc3, 03 October 2014 - 08:54 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Go The Power

Go The Power

  • Members
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 03 October 2014 - 06:57 PM

Hi,

This error is one of the more painful ones to try and repair, there are few different causes for it. Try and fix up the Intel driver first, if that doesn't fix the issue the issue here may be with the corrupt C:\Windows\system32\sppobjs.dll file.

Please run the following

SFC /SCANNOW
  • Click on the Win7Orb_zps4dae3b32.jpg button. Inside the search box type in CMD
  • Right click on CMD => Choose Run as Administrator
  • Inside the Command Prompt windows copy and paste the following command SFC /SCANNOW
  • Please wait for this to Finish before continuing with the rest of the steps.
Convert CBS.log to CBS.txt
  • Click on the Win7Orb_zps4dae3b32.jpg button => Inside the search box copy and paste the following command:
    cmd /c copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  • Press Enter
  • Once this has completed please go to your Desktop and you will find CBS.txt => Please upload CBS.txt to this thread
Please Note:: if the file is too big to upload to you next post please upload via Dropbox or ge.tt

Edited by Go The Power, 03 October 2014 - 06:57 PM.


#9 jionunez

jionunez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 03 October 2014 - 08:42 PM

Ok, so installing the latest drivers didn't fix the problem. I uploaded the CBS.txt file to Dropbox: https://www.dropbox.com/s/uz4vobb95rgewk0/cbs.txt?dl=0



#10 Go The Power

Go The Power

  • Members
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 04 October 2014 - 05:34 AM

These are the files that SFC has detected as being corrupt.
 
\SystemRoot\WinSxS\amd64_microsoft-windows-feedback-service_31bf3856ad364e35_6.1.7600.16385_none_d5c0e508aa96a650\wersvc.dll
[b]\SystemRoot\WinSxS\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_6.1.7601.17514_none_2136d8ac9cfcea8b\sppobjs.dll[/b]
\SystemRoot\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Ding.wav
\SystemRoot\WinSxS\wow64_microsoft-windows-networkprofile_31bf3856ad364e35_6.1.7600.16385_none_dee4ed53c4379077\netprofm.dll
The one is bold is the one that MGADiag is also reporting as corrupt.

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
  • Download SFCFix.exe (by niemiro) and save this to your Desktop.
  • Download SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
  • Save any open documents and close all open windows.
  • On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  • Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  • SFCFix will now process the script.
  • Upon completion, a file should be created on your Desktop: SFCFix.txt.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please.
Once the fix has been done. Please run SFC /SCANNOW and upload the new CBS log to dropbox again.

Once that is done please run MGADiag again and post the contents.

Thanks

#11 jionunez

jionunez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 04 October 2014 - 02:09 PM

I can't get the zip file. Your Dropbox has been locked due to high traffic.



#12 Go The Power

Go The Power

  • Members
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 04 October 2014 - 10:22 PM

Hi,

Try this one Here

Edited by Go The Power, 05 October 2014 - 02:12 PM.


#13 jionunez

jionunez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 05 October 2014 - 02:09 PM

SFCFix version 2.4.1.0 by niemiro.
Start time: 2014-10-05 13:52:13.012
Using .zip script file at C:\Users\Jionunez\Desktop\SFCFix.zip [1]
Not using an additional text script file.




AutoAnalysis::
Success: File Placement Mode successfully identified and repaired all files and folders.
AutoAnalysis:: directive completed successfully.




Successfully processed all directives.
SFCFix version 2.4.1.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2014-10-05 13:52:13.137
Script hash: +Az4QzuHkQUG/cAnqYCU+q4rWIneuHYcTANqBXE/ODQ=
----------------------EOF----------

 

 

CBS: https://dl-web.dropbox.com/get/cbs.txt?_subject_uid=292257379&w=AAAHHX6_ehvAI6CfHzFcy9Y6mHoKGpih9aDf5OzxeMwDjw



#14 Go The Power

Go The Power

  • Members
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 06 October 2014 - 12:57 AM

The settings on your dropbox accountdoes not allow for public view of that file.

Can you please also run MGADiag again and pos the result?

#15 jionunez

jionunez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 09 October 2014 - 06:52 PM

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {A9A96427-6E68-4205-BCAB-1924FFA73426}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A9A96427-6E68-4205-BCAB-1924FFA73426}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-19823879-2218008679-2919287783</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS L521X</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="7"/><Date>20120626000000.000000+000</Date></BIOS><HWID>C47F3007018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CL09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
Error: 0xC004F012

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0000000000000010
Event Time Stamp: 9:25:2014 18:06
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll


HWID Data-->
HWID Hash Current: NgAAAAIAAAABAAIAAQABAAAABQABAAEAln2CUXcW2iCMUWCaAmE4gkqq5EH8+lC6xi04YpZj

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            DELL          CL09   
  FACP            DELL          CL09   
  HPET            DELL          CL09   
  BOOT            DELL          CL09   
  MCFG            DELL          CL09   
  TCPA            DELL          CL09   
  SLIC            DELL          CL09   
  UEFI            DELL          CL09   
  ASF!            DELL          CL09   
  SSDT            COMPAL        CRV ORB
  ASPT            DELL          CL09   
  FPDT            DELL          CL09   
  SSDT            COMPAL        CRV ORB
  SSDT            COMPAL        CRV ORB
  DMAR            DELL          CL09   
  SSDT            COMPAL        CRV ORB
  SSDT            COMPAL        CRV ORB

 


https://www.dropbox.com/s/uz4vobb95rgewk0/cbs.txt?dl=0

 

It should be available to everyone


Edited by jionunez, 09 October 2014 - 06:52 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users