locked
Windows not genuine Build 7601 + black screen on normal startup RRS feed

  • Question

  • Hello there,

    I recently acquired the UKASH virus. After attempts to remove it, I suddenly was unable to start windows normally. In the right side corner I see build 7601 not genuine. For the rest I can't do anything at all.

    I can start the PC up in safe mode, but from there I cannot reactivate my windows license (which I've had for 3 or 4 years now).

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x8007043c
    Windows Product Key: *****-*****-MXWWB-RY23V-XX9H7
    Windows Product Key Hash: dLH+cCWi/yIZmTor0Q/oJrj0lqY=
    Windows Product ID: 00359-OEM-8703613-36803
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {C1BBFC3D-D862-4E34-9578-CE9CC0351C86}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{C1BBFC3D-D862-4E34-9578-CE9CC0351C86}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XX9H7</PKey><PID>00359-OEM-8703613-36803</PID><PIDType>3</PIDType><SID>S-1-5-21-3460305397-3989301542-127633979</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.00</Version><SMBIOSVersion major="2" minor="6"/><Date>20110711000000.000000+000</Date></BIOS><HWID>50723907018400FE</HWID><UserLCID>0413</UserLCID><SystemLCID>0413</SystemLCID><TimeZone>West-Europa (standaardtijd)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Voer op een computer waarop Microsoft Windows (niet-kern) wordt uitgevoerd de opdracht 'slui.exe 0x2a 0x8007043C' uit om de fouttekst weer te geven.
    Fout: 0x8007043C

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 5:27:2014 02:37
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Not Registered - 0x8007043c
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NAAAAAIABAABAAEAAQAAAAAAAgABAAEAln0mUXcWFg5K3doBOKFiNBoLgmvWwDKZ6Bcucw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALASKA  A M I
      FACP   ALASKA  A M I
      HPET   ALASKA  A M I
      MCFG   ALASKA  A M I
      SSDT   AMICPU  PROC
      AAFT   ALASKA  OEMAAFT

    Hope someone can help me. Thanks in advance,

    Robert


    ps: just after writing this my scan with Mbam finished. Detected a couple of malwares. Removed them, but problem still persisted on startup.
    • Edited by Robert0480 Tuesday, May 27, 2014 1:25 AM finished scan
    Tuesday, May 27, 2014 1:17 AM

Answers

  • Well I managed to defeat Ukash for now and get my system up and running again.

    I did all the things described at first with no avail. I performed various virus scans, also from USB boot stick. I used a reg cleaner, I tried disabling various processes. Various virusses and stuff were removed.

    Nothing worked.

    Eventually I called it a day and went to sleep. The next day (with a fresh mind) I ran the thing in safe mode again. Safe mode wasn;t working anymore.....

    I restatred the Pc normally and found the black screen gone and the normal Ukash screen appeared. I then restarted again and managed to safe mode somehow.

    I looked closely one more time at the processes that were running and found one strange proces called "explorer.exe" from an unknown source. Now explorer.exe is normally not from an unknown source I would say, but rather from Microsoft.

    So I disabled the explorer.exe from an unknown source service, and next thing I knew the Pc was working normally again.

    This worked for me anyways. might have gotten Lucky or otherwise did something that influenced everything. I tried a whole lot of things and tampered here and there in various settings, but this last thing was the straw and made everything work again.

    Now for the first time I can also normally update my windows explorer, java and create restorepoints again. These functions were gone for me for a couple of months...

    Tuesday, May 27, 2014 11:34 AM