locked
Windows7 - This computer is not running genuine Windows RRS feed

  • Question

  • Hi,

    I have a computer that randomly pops up the 'This computer is not running genuine Windows'. This started happening as a consequence of resolving a malware issue. Also, windows update is failing to complete with

    Diagnostic so far has been;

    Full image backup

    Full antivirus scan with AVG both whilst running in Windows7 AND using AVG Rescue CD - all scans clear

    CHKDSK /R - complete no problems found.

    MGADIAG.EXE - Result Below

    SFC /SCANNOW - Result Below

    And lots of Googling which has led me to believe I need someone with expert knowledge to view my logs hence posting here.

    Any advice or help greatly recieved.

    Cheers

    --- MGADIAG Output ---

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
    Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
    Windows Product ID: 00359-OEM-8992687-00095
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {EB2EDF4F-FACD-49C4-B9E7-5341D6B7C930}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{EB2EDF4F-FACD-49C4-B9E7-5341D6B7C930}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-615872041-2320479271-1043359899</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 400                 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A01</Version><SMBIOSVersion major="2" minor="6"/><Date>20090904000000.000000+000</Date></BIOS><HWID>84A43807018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>WN09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800095-02-1033-7600.0000-2582010
    Installation ID: 022240628726592683295891425721368013425535232372503632
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: RMV82
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 02/03/2013 08:15:55

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 2:28:2013 22:16
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: MAAAAAEAAgABAAEAAAACAAAAAgABAAEAln1qG+BTVPmiqurxAu+aiCzboEweecj0

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    APIC1531
      FACP   DELL    FACP1531
      HPET   DELL    OEMHPET
      MCFG   DELL    OEMMCFG
      SLIC   DELL    WN09  
      OSFR   DELL    FX09  
      OEMB   DELL    OEMB1531
      SSDT   A M I   POWERNOW

    --- SFC /SCANOW Screen Output ---

    C:\>sfc /scannow

    Beginning system scan.  This process will take some time.

    Beginning verification phase of system scan.
    Verification 100% complete.
    Windows Resource Protection found corrupt files but was unable to fix some of th
    em.
    Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
    C:\Windows\Logs\CBS\CBS.log

    C:\>

    Copy of CBS.LOG at http://tinyurl.com/ab4fffl

    Saturday, March 2, 2013 10:50 AM

Answers

  • Interesting - I would have expected some results from that.

    Please run the following commands in an Elevated Command Prompt

     

    NET STOP CRYPTSVC
    REN C:\WINDOWS\SYSTEM32\CATROOT2 CATROOT2OLD
    NET START CRYPTSVC

     

    once complete, leave the system alone for at least an hour to rebuild the database, then reboot, and run another MGADiag report.
    Note that this will delete your Update History - but all updates will remain installed, and can be viewed in the Installed Updates listing.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    • Marked as answer by gkerwin Saturday, March 2, 2013 11:56 PM
    Saturday, March 2, 2013 5:33 PM
    Moderator

All replies

  • Please download and save  the CheckSUR tool from http://support.microsoft.com/kb/947821

    (you'll need to look in the details for Windows 7, downloading from the Microsoft Download Center)

     

    Run it - The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on how much it has to do, and may exit silently - it may appear to freeze for most of that time, but be patient.

    The result is logged in the C:\Windows\Logs\CBS\CheckSUR.log file  - and an archive …\checksur.persist.log file

     

    Then zip the CheckSUR.log and upload it to your SkyDrive Public folder so I can take a look - post a link in your reply.

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, March 2, 2013 12:04 PM
    Moderator
  • Hi Noel,

    Thank you for your time and prompt response. No need to upload as log file small, contents checkSUR.log are listed below;

    Cheers


    =================================
    Checking System Update Readiness.
    Binary Version 6.1.7601.21645
    Package Version 18.0
    2013-03-02 10:28

    Checking Windows Servicing Packages

    Checking Package Manifests and Catalogs

    Checking Package Watchlist

    Checking Component Watchlist

    Checking Packages

    Checking Component Store

    Summary:
    Seconds executed: 688
     No errors detected

     

    Saturday, March 2, 2013 12:49 PM
  • Interesting - I would have expected some results from that.

    Please run the following commands in an Elevated Command Prompt

     

    NET STOP CRYPTSVC
    REN C:\WINDOWS\SYSTEM32\CATROOT2 CATROOT2OLD
    NET START CRYPTSVC

     

    once complete, leave the system alone for at least an hour to rebuild the database, then reboot, and run another MGADiag report.
    Note that this will delete your Update History - but all updates will remain installed, and can be viewed in the Installed Updates listing.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    • Marked as answer by gkerwin Saturday, March 2, 2013 11:56 PM
    Saturday, March 2, 2013 5:33 PM
    Moderator
  • Good evening Noel,

    Have carried out the above instructions and my untrained eye tells me this is looking better.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
    Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
    Windows Product ID: 00359-OEM-8992687-00095
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {EB2EDF4F-FACD-49C4-B9E7-5341D6B7C930}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{EB2EDF4F-FACD-49C4-B9E7-5341D6B7C930}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-615872041-2320479271-1043359899</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 400                 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A01</Version><SMBIOSVersion major="2" minor="6"/><Date>20090904000000.000000+000</Date></BIOS><HWID>84A43807018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>WN09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800095-02-1033-7600.0000-2582010
    Installation ID: 022240628726592683295891425721368013425535232372503632
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: RMV82
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 02/03/2013 19:38:37

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 2:28:2013 22:16
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAEAAgABAAEAAAACAAAAAgABAAEAln1qG+BTVPmiqurxAu+aiCzboEweecj0

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    APIC1531
      FACP   DELL    FACP1531
      HPET   DELL    OEMHPET
      MCFG   DELL    OEMMCFG
      SLIC   DELL    WN09  
      OSFR   DELL    FX09  
      OEMB   DELL    OEMB1531
      SSDT   A M I   POWERNOW

    Saturday, March 2, 2013 7:45 PM
  • That looks fine now - you shouldn't be seeing any notifications any more :)

    Good luck!


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, March 2, 2013 8:56 PM
    Moderator
  • i have same prob, but how to write that comand in cmd?

    i get a message like: is not recognized as an internal or external command,
    operable program or batch file

    • Edited by Kissa16 Saturday, March 2, 2013 9:30 PM
    Saturday, March 2, 2013 9:26 PM
  • Hi Noel,

    Yes, no more pop-ups, passes genuine advantage validation and windows updates applied. so all good :-)

    Thankyou very much for your assistance today, much appreciated.

    Enjoy rest of weekend. 

    Saturday, March 2, 2013 11:34 PM
  • Hi Kissa16,

    Firstly be very sure that you have exact same problem. I've read many threads to resolve this, all very similar but each have a subtle difference in the log files that indicates a different approach is required to resolve the specific issue. If in doubt start a new thread posting a copy of the output of MGADiag.exe - http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/e73cf15c-5bbf-47c1-bfd2-25c49f7216dc

    Your message would indicate a typo as the commands Noel has provided do work.

    Note that each line is a command line so you need to press 'enter' to run each command;

    net stop cryptsvc (press enter)

    ren c:\windows\system32\catroot2 catroot2old (press enter)

    net start cryptsvc (press enter)

    Best regards


    • Edited by gkerwin Saturday, March 2, 2013 11:58 PM
    Saturday, March 2, 2013 11:52 PM
  • Kissa16 - please start a NEW thread of your own, and post your own MGADiag report there.

    Many problems look the same on the surface - but have very different causes.

    To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool
    (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
     Once saved, run the tool.
    Click on the Continue button, which will produce the report.
     To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
      - **in your own thread**, please
     
    Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine (or inside the battery compartment), but do NOT quote the Key on the sticker!
    http://www.microsoft.com/en-us/howtotell/Hardware.aspx


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, March 3, 2013 7:50 AM
    Moderator