Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Not a genuine copy of Windows7 display, after unauthorised entry!HELP!


02 Jan 2014   #1

Windows Home Premium x64
 
 
Not a genuine copy of Windows7 display, after unauthorised entry!HELP!

hi my fellow Windowsians. The computer I'm currently on is the family computer. My mum had Malware uploaded onto it by a third party, receiving a phone call at home saying they were from Microsoft and...the usual rubbish (my poor mum had never heard of people doing 'such a thing'),that our computer will stop working because..... I wont go into it, im more than sure everyone (except my poor mum) has heard it.
Im definatley no Computer Tech, but after having someone come into our home and, the computer being taken to a Computer Shop (twice), it still has the Malware on it. After studying, ALOT of studying, I found out after changing the graphics, down the bottom right hand side it says Window7 build 7600, This copy of Windows is not genuine. If there's anybody who has a bit of time, I can probably be walked through how to fix the problem.
Thanx serena

My System SpecsSystem Spec
.

02 Jan 2014   #2

Windows 8 Core X64
 
 

Sounds like you need to first make sure the malware is gone. Any of these sites can help:

Post here: http://www.sevenforums.com/system-security/

They will also help with the not genuine problem.


All bogus info, sorry. You are already in the right forum as Cottonball said.
My System SpecsSystem Spec
02 Jan 2014   #3

Microsoft Windows 8.1 Professional
 
 

Quote   Quote: Originally Posted by serenarosedavis View Post
hi my fellow Windowsians. The computer I'm currently on is the family computer. My mum had Malware uploaded onto it by a third party, receiving a phone call at home saying they were from Microsoft and...the usual rubbish (my poor mum had never heard of people doing 'such a thing'),that our computer will stop working because..... I wont go into it, im more than sure everyone (except my poor mum) has heard it.
Im definatley no Computer Tech, but after having someone come into our home and, the computer being taken to a Computer Shop (twice), it still has the Malware on it. After studying, ALOT of studying, I found out after changing the graphics, down the bottom right hand side it says Window7 build 7600, This copy of Windows is not genuine. If there's anybody who has a bit of time, I can probably be walked through how to fix the problem.
Thanx serena
Backup your Mom stuff and perform a clean install, dont risk any backdoor or malware to stay active on that computer, remember, an infected computer is not to be trusted anymore.
My System SpecsSystem Spec
.


02 Jan 2014   #4

Windows 7 Home Premium
 
 

serenarosedavis,

There is no need to go anywhere else, you are in the right forum.

Please use Microsoft System Restore to return Windows to a previous point.
To be safe, back up any important files before using System Restore.
Next, Close any open windows.

1, Click Start > All Programs > Accessories > System Tools , and then click: System Restore
The Restore system files and settings window opens.

2. Select a date and time before the incident happened from the list of available Restore Points.
Click: Next

System files are added, removed, or changed to match the same collection of system files that were in the computer's system file configuration on the selected date.

Be aware that software and drivers installed after the selected date might not work correctly and might need to be reinstalled.

3. Make sure this is the Restore Point you want to use, and then click: Finish

4. Click Yes at the confirmation message.

5.The computer should shut down and turn back on automatically, after the restoration completes.

6. Click: Close

Even though you restore your computer to a previous date, during the time "whoever" had access to your computer, your account logon and password information was available, as well as any documents stored on your computer.

It is extremely important that you change all passwords, since access to any of your accounts (banks or credit cards) was available. Monitor you accounts, and notify any banks or credit card companies used. Also change the computer's name, and disable any remote access to your computer.


When done with the above, please do the following:

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.

At the program's console, press theScan button.

When done, the tool produces a log, FRST.txt, in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.
My System SpecsSystem Spec
04 Jan 2014   #5

Windows Home Premium x64
 
 

Thanks so much for the help, its much appreciated. When the hard-drive was taken to the computer shop for repairs (for the second time), the gentlemen explained that he had deleted the malware and restored the computer to its original state. He also made a system restore image disk, and told my mum that she shouldn't need it. Unfortunately that's not the case, it still has a bug and I found myself learning about how the computer runs, the different programs and what they do.

CottonBall, the gentleman at the computer shop did a System Recovery on the computer the 1st time, I can't restore the computer to a date before it was accessed. Im going to do download Farbar Recovery Scan Tool and will return with the 2 logs, ok. Thanx so much for your help and everyone else.!
My System SpecsSystem Spec
04 Jan 2014   #6

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64 Ubuntu 12.04 LTS Tri-Boot
 
 

We should look at the MGADIAG report too:

1. Download and save this tool to your desktop:
http://go.microsoft.com/fwlink/?linkid=52012

2. Run the tool, and then click Copy - ignore any errors if they appear

3. Use CTRL+V to paste the unedited results of the tool here in your next reply
My System SpecsSystem Spec
04 Jan 2014   #7

Windows Home Premium x64
 
 

Thankyou for your concern OldMx, I dont trust this computer with anything!! It's really frustrating using the computer, but I do think it can be fixed!

Can someone explain to me in simple terms how Windows Power Shell works? Or a link that I can find out more about the more complex file types mui, nls, msc, cab, xml......

Also CottonBall I downloaded Farbar Recovery Scan Tool, but an error appeared; AuotIt error

line 15050
error; variable used being without declared
My System SpecsSystem Spec
04 Jan 2014   #8

Windows 7 Home Premium
 
 

Try running Farbar Recovery Scan Tool (FRST) again, and see if the error goes away.

If FRST does not run in normal Windows, please run in Safe Mode:
Restart your computer.
When the computer starts, tap the F8 key repeatedly, until presented with the Advanced Boot Options menu
Using the arrow keys, select: Safe Mode
Press the Enter key on your keyboard to boot into the mode selected..


Windows Power Shell is not 'my thing'. Will use cmd.exe when needed. Maybe someone else here has the required knowledge.

Here is some info: Windows PowerShell

Is there a reason why you want to use WPS?
My System SpecsSystem Spec
11 Jan 2014   #9

Windows Home Premium x64
 
 

G'day yŠll.
I have the information that's been requested. I feel like i'm handing in an exam paper, knowing full well there's alot of problem area's!

My mum has just informed me, that she has received more phone call's last week from the Microsoft support team. I can't believe the audasity of these people! They simply don't care that their stealing from us, we work hard for our money!!

It makes me feel better knowing people who are genuinely concerned, are helping to restore order. I can't thank-you enough for helping me ( and everyone else) it's nice to know, there are still good people in the world!!

Here is the Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {66F1F381-4E17-44B9-82D9-C97F62B5B907}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-458-80070005_025D1FF3-344-80070005_025D1FF3-229-80070005_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Disabled
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{66F1F381-4E17-44B9-82D9-C97F62B5B907}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-1331442415-3772729297-1220732176</SID><SYSTEM/><BIOS/><HWID>D1B83607018400FE</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x1A8' to display the error text.
Error: 0x1A8

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEA6GFu7ZTiEjFkT0BMAkyBP9QXdlY=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
OEMB HPQOEM SLIC-CPC
SSDT HPQOEM SLIC-CPC
GSCI HPQOEM SLIC-CPC
SSDT HPQOEM SLIC-CPC
My System SpecsSystem Spec
12 Jan 2014   #10

Windows 7 Home Premium
 
 

serenarosedavis,

Must make you aware that Windows Activation and Validation issues are not my forte by any chance. Please follow Golden's instructions on the next post # 11.

Now, on malware removal, which is what I enjoy...any luck using FRST?

If not, please do the following:

Please use the tool Zoek:
Download > Download zoek.exe version 5.0.0.0
Click on: Download the Zoek.exe version

When the download appears, save to the Desktop.
On the Desktop, double-click the Zoek.exe file to start the program. (Give it a few seconds to appear.)

If your AntiVirus warns you about the program, either allow Zoek to run, or temporarily disable your AV program.
Info on how to disable your security applications > How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Next, please copy/paste the entire script inside the code box below to the input field of Zoek:

Code:
createsrpoint; 
process; 
filesrcm; 
startupall; 
installedprogs;
installer-list; 
uninstall-list;
hijackthis; 
firefoxlook; 
chromelook;  
srinfo; 
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b





Now...
  • Close any open windows.
  • Click the Run script button, and wait. It takes a few minutes to run the script.
  • When the tool finishes, the zoek-results.log is opened in Notepad.
  • The log is also found on the systemdrive, normally C:\
  • If a reboot is needed log is opened after the reboot.
Please post the zoek-results.log in your reply.
My System SpecsSystem Spec
Reply

 Not a genuine copy of Windows7 display, after unauthorised entry!HELP!




Thread Tools



Similar help and support threads for2: Not a genuine copy of Windows7 display, after unauthorised entry!HELP!
Thread Forum
laptop says copy of windows 7 not genuine but it is genuine Windows Updates & Activation
Message box informs me that windows7 is not genuine! Windows Updates & Activation
Secure and Lock down Computer against Unauthorised Access Tutorials
Solved This copy of Windows7 is not genuine, build 7601 Windows Updates & Activation
Windows7 build 7600 This copy of Windows in not genuine Windows Updates & Activation

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:47 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33