locked
Windows 7 Build 7601 Non-genuine RRS feed

  • Question

  • We have an Acer Aspire laptop over 4 years old, bought new with Windows 7 installed. There is a sticker with the product key on the laptop. It has recently started to slow down and display the message "Windows 7 Build 7601 This copy of windows is not genuine". In System properties, Windows Activation, Status not available, Product ID not available. slui.exe returns error code 0x80070005. Below is the MGA diagnostic report. The product key in the report is not the product key on the label. My son was using the laptop and allowed it to become infested with malware which I have now managed to eradicate. I have not been able to sort this out despite working my way through the forums. I would be grateful for any help.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x80070005
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {BA26E1FB-496B-4BFA-9377-2117BA0E32A3}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.140303-2144
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{BA26E1FB-496B-4BFA-9377-2117BA0E32A3}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-10646417-2111989276-2139805992</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire 5742</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>V1.05</Version><SMBIOSVersion major="2" minor="6"/><Date>20100824000000.000000+000</Date></BIOS><HWID>C34F3707018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>A98ABC406A416D0</Val><Hash>cmAeuAWldqWRk2DLVS0xMdswUEo=</Hash><Pid>81599-872-8727821-65947</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text.
    Error: 0x46 

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:9:2014 22:09
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAABAAAAAgABAAEA6GEms0RioMTAajIs7CwQ5SALXF0=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC ACRSYS ACRPRDCT
      FACP ACRSYS ACRPRDCT
      HPET ACRSYS ACRPRDCT
      BOOT ACRSYS ACRPRDCT
      MCFG ACRSYS ACRPRDCT
      ASF! ACRSYS ACRPRDCT
      SLIC ACRSYS ACRPRDCT
      ASPT ACRSYS ACRPRDCT
      SSDT PmRef CpuPm
      SSDT PmRef CpuPm
      SSDT PmRef CpuPm

    Tuesday, September 30, 2014 12:59 PM

Answers

  • Just an update to explain how I solved this problem and now have a working windows installation with no error messages relating to the authenticity of windows.

    We were trying to tinker with the symptoms rather than looking for the cause.

    As suggested above, I attempted repair install on a couple of occasions but failed and it rolled back. I had tried running CHKDSK previously but this had also failed by going into a restart loop. I tried again, and this time I noticed that CHKDSK terminated in a "blue screen of death", which I had missed because the operation was taking hours and the blue screen was visible for only a few seconds.

    I entered the boot options screen (F8) and  disable the automatic restart after a crash, and was then able to read the blue screen, which pointed to a non-Microsoft .sys file, which I researched and removed it's parent program. I was then able to run CHKDSK /R, which took about 6 hours and found several errors. (There is a program on Hirens Boot CD where you can read the last blue screen)

    On reboot, amazing... a few seconds only (was taking 1 hour + to reboot before), and NO ERROR MESSAGES. And the missing registry key HKU\S1-5-20 is sat in it's correct place in the registry!

    I think a new disk might be advisable though.

    • Marked as answer by gghar1 Saturday, October 11, 2014 7:54 AM
    Saturday, October 11, 2014 7:54 AM

All replies

  • Verify that the Software Protection service is started.
    Tuesday, September 30, 2014 2:19 PM
  • Thanks. sppsvc is running.
    Tuesday, September 30, 2014 3:07 PM
  • Should have said that sppsvc was already running.
    Tuesday, September 30, 2014 8:47 PM
  • This is a curious error: "The remote server has been paused or is in the process of being rebooted." I cannot locate any actual fixes that others have used. Juse the usual "reinstalled windows" or "I fixed it but didn't know what I did" type of solutions, which isn't very helpful. I suspect that some part of Windows or the registry is damaged. It is possible that the malware or the removal of it has not helped in this regard. There are a couple things I can think of here.

    Have you run the sfc /scannow to see if Windows has found any files it needs to repair?

    Is Windows up to date with Windows Updates?

    Try to create a new user profile and log in with that and see if the problem persists.

    Wednesday, October 1, 2014 3:02 PM
  • @gghar1 - 

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text.
    Error: 0x46

    The error listed above indicates you need to do the following.  See the numbered footnotes for additional information on each step:

    Please run the following command from an Elevated Command Prompt window (1)
    Copy and paste set of commands below into the window – once completed, hit the Enter Key to ensure that the last command has run (2)

    REG QUERY HKU
    REG QUERY HKU\S-1-5-20
    REG QUERY HKU\S-1-5-20\Environment
    REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20"
    REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"

    Copy the whole output to your response (3)    

    Here are some instructions to make life easier :)
    (1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 
    (2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 
    (3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.


    Please do not read this sentence. Please ignore the previous sentence.


    Wednesday, October 1, 2014 3:39 PM
  • Thanks to both of you for your replies.

    Please see results of sfc /scannow and the registry data.

    Windows updates are up to date except for one (KB2977629) Culmulative security update for IE11.

    I have not yet tried to create a new user profile in view of the registry data results

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>sfc /scannow

    Beginning system scan.  This process will take some time.

    Beginning verification phase of system scan.
    Verification 35% complete.

    Windows Resource Protection could not perform the requested operation.

    C:\Windows\system32>REG QUERY HKU

    HKEY_USERS\.DEFAULT
    HKEY_USERS\S-1-5-19
    HKEY_USERS\S-1-5-21-10646417-2111989276-2139805992-1001
    HKEY_USERS\S-1-5-21-10646417-2111989276-2139805992-1001_Classes
    HKEY_USERS\S-1-5-18

    C:\Windows\system32>REG QUERY HKU\S-1-5-20
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY HKU\S-1-5-20\Environment
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    \ProfileList\S-1-5-20"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-20
        ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkServi
    ce
        Flags    REG_DWORD    0x0
        State    REG_DWORD    0x0


    C:\Windows\system32>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    \ProfileList"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
        ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
        Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
        Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
        ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-18
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-19
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-20
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-21-10646417-2111989276-2139805992-1001
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
    5-21-10646417-2111989276-2139805992-1003

    C:\Windows\system32>

    Wednesday, October 1, 2014 6:06 PM
  • (If Kamin doesn't mind me stepping on his toes??)

    Your problem appears to be that one of the major Windows Built-in user accounts is not running properly.

    C:\Windows\system32>REG QUERY HKU\S-1-5-20
    ERROR: The system was unable to find the specified registry key or value.

    This would imply that the Network Service account is not being properly initiated - either because of corruption or malware. The fact that the rest of the entries are OK would tend to indicate that the problem is from corruption of the NetworkService profile.

    Please run the following command in an Elevated Command Prompt, and post the results, then compress the resulting file created on your desktop (NTUSER.DAT) and upload it to your favoured fileshare account, and post a link.

    COPY C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT "%userprofile%\desktop"
    DIR C:\Windows\ServiceProfiles\NetworkService\NTUSER.*
    ICACLS C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    ICACLS C:\Windows\ServiceProfiles\NetworkService
     
    .


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, October 1, 2014 9:22 PM
    Moderator
  • By all mean Noel - my toes were asking to be stepped on with this report!  :P

    Thanks for taking over.  :)


    Please do not read this sentence. Please ignore the previous sentence.

    Wednesday, October 1, 2014 9:26 PM
  • Below is the output of your instruction set. As you can see, no file was created.

    Although this instruction returns file not found, I have found NTUSER.DAT in the correct directory

    C:\Windows\system32>COPY C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT "%
    userprofile%\desktop"
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    The system cannot find the file specified.
            0 file(s) copied.

    C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService\NTUSER.*
     Volume in drive C is Acer
     Volume Serial Number is B8E6-153A

     Directory of C:\Windows\ServiceProfiles\NetworkService

    File Not Found

    C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT NT AUTHORITY\SYSTEM:(I)(F)
                                                         BUILTIN\Administrators:(I)(
    F)
                                                         NT AUTHORITY\NETWORK SERVIC
    E:(I)(F)

    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\NetworkService
    C:\Windows\ServiceProfiles\NetworkService NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                              BUILTIN\Administrators:(OI)(CI)(F)
                                              NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(
    F)

    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>

    Thursday, October 2, 2014 9:21 AM
  • I think this possibly means that the File Table is corrupt - although it could be a 'by design' safety element. What happens if you attempt to open the folder using Windows Explorer? You will probably be told that you don't have access and asked if you want it.

    Say Yes, then wait for the system to update permissions.

    Then run the first two commands again - with luck, they'll work this time.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, October 2, 2014 12:49 PM
    Moderator
  • I have found the file in Windows explorer, after being asked if I want permission. Running the first 2 commands in an elevated cmd window returns "file not found" after each command.
    Thursday, October 2, 2014 1:16 PM
  • I have discovered a previous thread with a missing HKU\S-1-5-20 registry entry, which you helped to solve by renaming NTUSER.DAT via Windows Explorer and rebooting. I won't try it unless you suggest it but I wonder whether it might be the solution?
    Friday, October 3, 2014 8:33 AM
  • It's certainly 'a' solution ;)

    - and probably worth trying, since on my machine the COPY command gives a different result (File in use).

    This definitely implies that the file is corrupted.

    Give it a go and see what happens.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, October 3, 2014 9:12 AM
    Moderator
  • Unfortunately that did not work. (It takes over an hour for the machine to reboot!) It has not created a new NTUSER.dat file, so I have restored the previous one.
    Friday, October 3, 2014 11:07 AM
  • In that case we must have some serious corruption - and I would recommend a repair install.

    See the tutorial here... http://www.sevenforums.com/tutorials/3413-repair-install.html?ltr=R


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, October 3, 2014 11:31 AM
    Moderator
  • Ok. Looks like a dead end. Thanks for your help.
    Saturday, October 4, 2014 6:28 AM
  • You're welcome - good luck with the repair!

    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, October 4, 2014 7:14 AM
    Moderator
  • Just a further query on the above "detective work".

    I was trying a little investigative work myself and it appears that the command COPY C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT "%userprofile%\desktop" returns "file not found" for ...\LocalService\NTUSER.DAT and similarly for c:\Users\Default\NTUSER.DAT, although the equivalent registry entries are present (whereas S-1-5-20 is clearly missing)All these NTUSER.DAT files are visible in Windows Explorer. Is there any significance in this?


    Sunday, October 5, 2014 4:19 PM
  • It may  mean that the permissions for the files/folders have been corrupted - and if that's the case, it's likely that other files and folders are affectred as well. Sorting that sort of problem out is definitely beyond my capabilities!


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, October 5, 2014 5:46 PM
    Moderator
  • Thanks. I'll definitely give in now.

    Sunday, October 5, 2014 6:00 PM
  • Just an update to explain how I solved this problem and now have a working windows installation with no error messages relating to the authenticity of windows.

    We were trying to tinker with the symptoms rather than looking for the cause.

    As suggested above, I attempted repair install on a couple of occasions but failed and it rolled back. I had tried running CHKDSK previously but this had also failed by going into a restart loop. I tried again, and this time I noticed that CHKDSK terminated in a "blue screen of death", which I had missed because the operation was taking hours and the blue screen was visible for only a few seconds.

    I entered the boot options screen (F8) and  disable the automatic restart after a crash, and was then able to read the blue screen, which pointed to a non-Microsoft .sys file, which I researched and removed it's parent program. I was then able to run CHKDSK /R, which took about 6 hours and found several errors. (There is a program on Hirens Boot CD where you can read the last blue screen)

    On reboot, amazing... a few seconds only (was taking 1 hour + to reboot before), and NO ERROR MESSAGES. And the missing registry key HKU\S1-5-20 is sat in it's correct place in the registry!

    I think a new disk might be advisable though.

    • Marked as answer by gghar1 Saturday, October 11, 2014 7:54 AM
    Saturday, October 11, 2014 7:54 AM
  • Well done!

    The auto-reboot on BSOD is something I disable on all machines on which I work for precisely your reason - It hides something you need to know about.

    You need to replace the HD ONLY if the CHKDSK showed that there were bad sectors - you can check the results in Event Viewer >Application Logs > Wininit event source

    Some corruptions happen for other reason than physical problems, and it's only physical problems that necessitate a new HD s a rule.

    What was the errant software causing the BSOD?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Saturday, October 11, 2014 8:13 AM
    Moderator
  • The file was iaStor.sys, part of Intel Rapid Storage Technology. The laptop doesn't seem to be missing it's presence.

    Looks like it was all bad clusters rather than bad sectors. I'm all for saving money. Thanks.

    Saturday, October 11, 2014 8:57 AM
  • Unusual - unless the problem was that the driver was broken in some way. It may also explain the CHKDSK results, since a broken driver could well leave files partially-written when it crashes.

    I frequently advise people to install the IRST drivers to fix other WGA problems - so they are not inherently unstable.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, October 11, 2014 9:51 AM
    Moderator