Windows 7: Windows 7 Pro x64 Build 7601 "This copy of Windows is not genuine"

ViniH · 02 Dec 2012

Self built computer built in 2009 (upgraded since), upgraded to Windows 7 OS approximately 18 months ago I originally downloaded and then bought a license, Microsoft sent me a disc shortly thereafter so I formatted and re-installed from this. I have had few problems since then.

All of a sudden today I noticed the old "Windows 7 Build 7601 This copy of Windows is not genuine" in the bottom right of the screen.

I did some Googling and tried following the instructions in this thread and after rebooting the message had disappeared - but it reappeared again a few hours later.#

Edit: I also remembered that today I turned on both my MySQL and Apache services after being off for some time. I doubt this makes any difference but I thought I would mention it.

Code:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0x80070422
Windows Product Key: N/A, hr=0x80070422
Windows Product Key Hash: N/A, hr=0x80070422
Windows Product ID: 55041-090-3201906-86818
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D07AD9-E602-4ABC-8B8F-947EDB5CAE10}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: D:\Users\Vini\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070422' to display the error text.
Error: 0x80070422 

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 11:12:2012 12:16
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc


HWID Data-->
HWID Hash Current: OAAAAAIABAABAAEAAQACAAAAAgABAAEACra8VqvRTjQIhQqAqn8YsD65mq3eiJQivX4U9Uyk6oI=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			040909		APIC1821
  FACP			040909		FACP1821
  HPET			040909		OEMHPET 
  MCFG			040909		OEMMCFG 
  OEMB			040909		OEMB1821
  OSFR			040909		OEMOSFR 
  SSDT			DpgPmm		CpuPm

NoelDP · 03 Dec 2012

It looks like at least one service has been disabled.
Please run the following commands in an Elevated Command prompt window, and post the results.

SC QC sppsvc
SC QUERYEX SPPSVC
SC QC SPPUINOTIFY
SC QUERYEX SPPUINOTIFY
SC QC SPLDR
SC QUERYEX SPLDR

ViniH · 03 Dec 2012

Code:

C:\Windows\system32>SC QC sppsvc

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: sppsvc
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START  (DELAYED)
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\sppsvc.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Software Protection
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

Code:

C:\Windows\system32>SC QUERYEX SPPSVC

SERVICE_NAME: SPPSVC
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

Code:

C:\Windows\system32>SC QC SPPUINOTIFY

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: SPPUINOTIFY
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : SPP Notification Service
        DEPENDENCIES       : EventSystem
        SERVICE_START_NAME : NT AUTHORITY\LocalService

Code:

C:\Windows\system32>SC QUERYEX SPPUINOTIFY

SERVICE_NAME: SPPUINOTIFY
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

Code:

C:\Windows\system32>SC QC SPLDR

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: SPLDR
        TYPE               : 1  KERNEL_DRIVER
        START_TYPE         : 0   BOOT_START
        ERROR_CONTROL      : 3   CRITICAL
        BINARY_PATH_NAME   :
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Security Processor Loader Driver
        DEPENDENCIES       :
        SERVICE_START_NAME :

Code:

C:\Windows\system32>SC QUERYEX SPLDR

SERVICE_NAME: SPLDR
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

NoelDP · 03 Dec 2012

Those values appear normal.

Please download the Farbar Service Scanner from

http://www.bleepingcomputer.com/download/farbar-service-scanner/

Run it, and tick all the options, then click on the Scan button - copy and paste the report to your response.

ViniH · 03 Dec 2012

The message has randomly disappeared again without a reboot and running MGADiag shows a product key and product key hash now.

Do I still need to download and run the above?

NoelDP · 03 Dec 2012

Yes please - and a new MGADiag report (which may well bring the message back)

ViniH · 03 Dec 2012

Right I first ran it from the downloads folder but when I read the report it seems that the program assumes windows is on the same drive, which it isn't.

So I ran it again from the disk designated as C:/ - unfortunately the same results occurred.

I will paste the results below but you should ignore the "File Check:" results as Windows is not installed on the disk designated D:/.

Code:

Farbar Service Scanner Version: 01-12-2012 02
Ran by Vini (administrator) on 04-12-2012 at 00:50:31
Running from "C:\"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.


System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========

ATTENTION!=====> D:\Windows\System32\nsisvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\drivers\nsiproxy.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\dhcpcore.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\Drivers\tcpip.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\dnsrslvr.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\mpssvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\bfe.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\vssvc.exe FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\wuaueng.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\qmgr.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\es.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\cryptsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\ipnathlp.dll FILE IS MISSING.


ATTENTION!=====> D:\Windows\System32\iphlpsvc.dll FILE IS MISSING.


ATTENTION!=====> D:\Windows\System32\svchost.exe FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> D:\Windows\System32\rpcss.dll FILE IS MISSING AND SHOULD BE RESTORED.



**** End of log ****

ViniH · 03 Dec 2012

New MGADiag:

Code:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-F3FF7
Windows Product Key Hash: qG8CVc9vpOq3EdcOByBbTOfiOGU=
Windows Product ID: 55041-090-3201906-86818
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D07AD9-E602-4ABC-8B8F-947EDB5CAE10}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: D:\Users\Vini\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-090-320190-03-2057-7600.0000-1412011
Installation ID: 010130808564140291901324505350540936248420071621399360
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: F3FF7
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 04/12/2012 00:54:22

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x80072EE7
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:3:2012 08:20
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OAAAAAIABAABAAEAAQACAAAAAgABAAEACra8VqvRTjQIhQqAqn8YsD65mq3eiJQivX4U9Uyk6oI=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			040909		APIC1821
  FACP			040909		FACP1821
  HPET			040909		OEMHPET 
  MCFG			040909		OEMMCFG 
  OEMB			040909		OEMB1821
  OSFR			040909		OEMOSFR 
  SSDT			DpgPmm		CpuPm

NoelDP · 04 Dec 2012

That sounds as if there are problems in the registry from which FSS is taking the system paths.

Open an Elevated Command Prompt - at the prompt, type

REG QUERY HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

post the results

ViniH · 04 Dec 2012

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Control\Session Mana
ger\Environment
ERROR: Invalid syntax.
Type "REG QUERY /?" for usage.

Windows 7: Windows 7 Pro x64 Build 7601 "This copy of Windows is not genuine"

Windows 7 Pro x64 Build 7601 "This copy of Windows is not genuine" problems?