none
Windows is not genuine - Build 7601

    Question

  • Per other forums I have run a diagnostics test. Here is complete recap of the issue and where I'm at along with the error messages.

    • OS - Windows 7

    1) First noticed an issue with a Firefox update; computer started to go screwy here. I don't recall downloading any random programs or visiting any strange websites. 

    2) Had a number of pop-ups on reboot related to .dll files (sorry, didn't copy exact message / screenshots) and also the black screen telling me my Windows is not genuine. 

    3) Ran my antivirus (VIPRE), which cleaned two trojans:

    • trojan.JS.Medfos (v)
    • trojan.java.generic (v)

    4) Pop-ups are now gone, but still have black screen letting me know my Windows is not genuine

    5) I did a disk clean-up, uninstalled java, removed programs I haven't used much (just in case) and backed up files.

    6) Ran Diagnostics (test results below)

    7) Also used Belarc Advisor, which updated Adobe Shockwave. Shows Virus Protection & Security Updates as "Up-to-date".

    Diagnostics Errors:

    File Scan Data-->
    File Mismatch: C:\Windows\system32\sppobjs.dll[Hr = 0x80092003]

    Spsys.log Content: 

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x800700C1' to display the error text.
    Error: 0x800700C1 

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0000000000000110
    Event Time Stamp: 1:22:2013 13:50
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Monday, February 04, 2013 4:41 PM

Answers

All replies

  • To properly evaluate your issue, please post the entire MGA Report.  Thank you.

    Carey Frisch

    Monday, February 04, 2013 4:53 PM
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0x800700c1
    Windows Product Key: *****-*****-3P6R9-YJ9JD-4BCY2
    Windows Product Key Hash: ExVfKs6tD2MAy/rLMFQ+YhnKibo=
    Windows Product ID: 00371-221-4352016-86098
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {7842FCCA-549A-4D2B-81C2-EC37EC73F42D}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: 
    Architecture: 
    Build lab: 
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\sppobjs.dll[Hr = 0x80092003]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7842FCCA-549A-4D2B-81C2-EC37EC73F42D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-4BCY2</PKey><PID>00371-221-4352016-86098</PID><PIDType>5</PIDType><SID>S-1-5-21-735009014-2976234301-1339708973</SID><SYSTEM><Manufacturer>VMware, Inc.</Manufacturer><Model>VMware Virtual Platform</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>6.00</Version><SMBIOSVersion major="2" minor="4"/><Date>20120702000000.000000+000</Date></BIOS><HWID>6F563C07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x800700C1' to display the error text.
    Error: 0x800700C1 

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0000000000000110
    Event Time Stamp: 1:22:2013 13:50
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui


    HWID Data-->
    HWID Hash Current: MgAAAAEAAgABAAIAAQABAAAAAgABAAEAJJSY/6QRDFzmt2IF/BQsUechY6mRbn3OtsE=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC PTLTD APIC  
      FACP INTEL 440BX   
      SRAT VMWARE MEMPLUG 
      WAET VMWARE VMW WAET
      HPET VMWARE VMW HPET
      BOOT PTLTD $SBFTBL$
      MCFG PTLTD $PCITBL$

    Monday, February 04, 2013 4:58 PM
  • According to your MGA Report, the Product ID (Windows Product ID: 00371-221-4352016-86098) indicates the installed Windows 7 Professional license was taken from a not-for-resale MSDN Subscription account.  It will need to be replaced with a genuine "Full Version" Windows 7 Professional product key.  Example: Windows 7 Professional

    Carey Frisch

    Monday, February 04, 2013 5:12 PM
  • Strange. Thanks Carey.
    Monday, February 04, 2013 5:23 PM
  • ..and to be able to do that with the current install, you will need to fix it first.

    Please run a full CHKDSK and SFC scan....

     

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    CHKDSK C: /R

     

    and hit the Enter key.

    You will be told that the drive is locked,

    and the CHKDSK will run at he next boot - hit the Y key, press Enter, and then reboot.

     

    The CHKDSK will take a few hours depending on the size of the drive, so be patient!

     

    After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) -

    then run the SFC.

     

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    SFC /SCANNOW

     

    and hit the Enter key

     

    Wait for the scan to finish - make a note of any error messages - and then reboot.

     

     

    Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive Public folder (http://skydrive.live.com ) and post a link to it so that I can take a look.

     

    Post a new MGADiag report with details of any error messages encountered.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, February 04, 2013 6:58 PM
    Moderator