locked
Error "windows build 7601 - This copy of Windows is not Genuine" then windows activated on it own again RRS feed

  • Question

  • I bought my toshiba from PC world with windows 7 preinstalled. I got automatic updates without any problems for 2 years. Suddenly today as I was boot up my system I noticed a black screen and with three small lines of white text in the bottom right corner with the message "this copy of windows is not geniune". However after a few seconds - my desktop loaded again. 

    When I open systems properties it says "windows is now activated". I have no idea what happened and I'm now scared to turn off my computer because it might happen again.

    I haven't installed anything lately - not even windows updates as I am already up to date. The only thing I can think of is a malicious software tried to download but I stopped it in the middle of its download by closing chrome: It was from this address:

    http://www.amoninst.com/download.php?version=1.1.1.72&campid=2114&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/+download/Lightspark-0.5.3-win32.exe&instid[cmdline]=&instid[appimageurl]=http://www.tsxnrey.com/i/White%20Smoke%20Inc/FlashLogo/150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=20omgX3oP494Ui3y3eWuLC1v4gzC000.&ce_cid=20omgX3oP494Ui3y3eWuLC1v4gzC000.

    Apparently its a well known virus site but my avast antivirus which is up to date has detected anything on the boot up scan. 

    I ran a system diagnostic test but the only thing that came up is that the security center cannot detect an antivirus program.

    Here's my log:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-BFF84-6GFC2-BWX77
    Windows Product Key Hash: EkRG02noirn1etiserf2jJnVqlM=
    Windows Product ID: 00359-OEM-8992687-00017
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {6BF22D56-966C-4A91-A6DD-8DDB73604152}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130318-1533
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{6BF22D56-966C-4A91-A6DD-8DDB73604152}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BWX77</PKey><PID>00359-OEM-8992687-00017</PID><PIDType>2</PIDType><SID>S-1-5-21-3711240878-914800616-829237901</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L650</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>2.20</Version><SMBIOSVersion major="2" minor="6"/><Date>20110627000000.000000+000</Date></BIOS><HWID>87073A07018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>10763B2EB2E4586</Val><Hash>7EsHkwgMSaDn9yl1wAiKoaC6IDk=</Hash><Pid>89388-707-2864503-65841</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800017-02-1033-7600.0000-0962010
    Installation ID: 004555258754372775381776909030311834739643424086426081
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: BWX77
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 31/07/2013 02:23:08

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:12:2013 21:00
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NgAAAAMAAQABAAEAAgABAAAAAwABAAEA6GFACE40FT8SiQif9jzqzt6Id/aiMDRXmOlWD1xd

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC TOSINV TOSINV00
      FACP TOSINV TOSINV00
      HPET TOSINV TOSINV00
      BOOT TOSINV TOSINV00
      MCFG TOSINV TOSINV00
      WDAT INTEL Calpella
      ASF! TOSINV TOSINV00
      SLIC TOSINV TOSINV00
      SSDT INTEL SataAhci
      ASPT INTEL Calpella
      SSDT INTEL SataAhci


    Wednesday, July 31, 2013 1:04 AM

Answers

  • There is nothing amiss in your report.

    It's likely that you experienced a transient race condition as your Anti-Virus scanned the system on boot, and locked out the Software Protection Service for a while.

    It may continue to happen if there is any malware present - I suggest that you run a full system scan with your AV, and also MalwareBytes Anti-Malware....

    Please download and install  Malwarebytes Anti-malware (free version) from  http://www.malwarebytes.org/products/malwarebytes_free/ - UNtick 'Enable free trial of MBAM PRO' at the end of the installation -  and update it, then run a full scan  in your main account, and Quick scans in any other user accounts.

     

    Delete everything it finds   


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, July 31, 2013 9:12 AM
    Moderator