'Counterfeit Software' Error - now runs slow - updates deleted

[jdp13]

Have been running Windows 7 fine for months but recently it started acting strange. Randomly, I would get the 'not genuine version of Window' text on the bottom right of desktop screen. Then I noticed my Microsoft Security Essentials getting turned off sometimes and then the PC just started running terribly slow. I got a popup message about 'you may have been a victim of counterfeit software - click to download further Microsoft software' - I didn't download anything but clicked the link which took me to the legit MS site. I also got the message that because of this, I could not download any further updates.

Today, I clicked 'Windows update' and it gives me 70 updates totalling 1.2gb to download. I checked some of these and they were released in 2012 - so it looks like MS has wiped all my updates - have now reinstalled most of them. Prior to this, because MS stopped allowing updates for my Ryzen processor, I used the following workaround to continue receiving updates - this worked fine but maybe now MS is targeting people who used this?

Unofficial Patch Unblocks Windows 7 and 8.1 Updates for Kaby Lake, Ryzen - ExtremeTech

Have run multiple anti-virus scans and although they run around 20x slower than usual they find nothing wrong so I'm guessing it a Microsoft backdoor process which is causing the problems.

I legally bought Windows 7 from MS and my key was verified in the past. It is possible that the Windows disk used to install the current version of Windows was not the legit disk but I can't remember.

Any ideas how to get my system running properly again or what is causing the issues?

Thanks

 

[torchwood]

Hi JDP13,

run this little tool please, copy/paste the output
http://go.microsoft.com/fwlink/?LinkID=52012

Not sure when you replaced the motherboard, but as its given you 70 updates id guess about a year+

Roy

 

[jdp13]

Hi Roy,

I should state that since my first post, I had to keep re-checking and downloading tonnes more updates but I cannot download any more as I get an error code '80248014' which means Windows cannot check for further updates. The PC was a new build as of around 3 months but it worked fine for that time.

Pasted the results below:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-F7V4F-9FV9C-RTT37
Windows Product Key Hash: ubpPn8os6/mau4rDUsqnUBdaExY=
Windows Product ID: 00359-112-1235091-85929
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {D6328D85-DBF7-4D3B-A60A-282B432A3070}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.170913-0600
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D6328D85-DBF7-4D3B-A60A-282B432A3070}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RTT37</PKey><PID>00359-112-1235091-85929</PID><PIDType>5</PIDType><SID>S-1-5-21-1953990104-1170266762-2545482004</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P3.00</Version><SMBIOSVersion major="3" minor="0"/><Date>20170713000000.000000+000</Date></BIOS><HWID>2AF63D07018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-112-123509-00-2057-7600.0000-0702017
Installation ID: 019956589425149223161996007605440614216842109521411540
Processor Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88338[/URL]
Machine Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88339[/URL]
Use License URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88341[/URL]
Product Key Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88340[/URL]
Partial Product Key: RTT37
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 28/10/2017 15:43:22

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:21:2017 10:33
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAEABQABAAEAAAACAAAAAQABAAEAHKJwWPAqdMS4jmQKRins3IZjwupCKxQxEuL0Vw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            ALASKA        A M I 
  FACP            ALASKA        A M I 
  HPET            ALASKA        A M I
  MCFG            ALASKA        A M I
  FPDT            ALASKA        A M I 
  SSDT            AMD        AMD ALIB
  FIDT            ALASKA        A M I
  SSDT            AMD        AMD ALIB
  CRAT            AMD        AMD CRAT
  CDIT            AMD        AMD CDIT
  SSDT            AMD        AMD ALIB
  AAFT            ALASKA        OEMAAFT 
  SSDT            AMD        AMD ALIB
  UEFI                    
  BGRT            ALASKA        A M I 
  IVRS            AMD          AMD IVRS
  SSDT            AMD        AMD ALIB
  SSDT            AMD        AMD ALIB

Thanks!

 

[torchwood]

Hi JDP13,

interesting the 80248014 code, is basically saying its an unknown service.

from the tool i asked you to run the key is reported as retail, however part of it also tells me that its possibly part of the MS MSDN subscription service.
Note if you bought this from MS then you should also have the relevant email, quoting the key.
IF NOT then its possible that you have purchased a not for resale key, and they are being blocked
These keys have not even been sold by MS for at least 2 years, and they cost megabucks

The OS was re-installed march 21, and has been re-armed since then. Thats why you have had all those updates, the fact your running KabyLake is irrellevant, as you have reinstalled your starting from a base SP1 install.

please post the CBS log
C >> Windows >> logs >> CBS .... the top text, 1 please

Roy

 

[jdp13]

Hi Roy,

I tried to acess the text file you mention but I get Access denied' even though I am an adminstrator and have closed other processes.

I have the physical DVD which shows I bought this from MS - I installed it most recently in July 2017 with a new CPU/MOBO/RAM - cannot remember reinstalling in March 2017 (don't think I did).

Even Windows Explorer is running like a dog.

Any advice appreciated.....

 

[jdp13]

OK found a fix and have attached the txt file as it is too long to post here.

Also, I re-tried to check for updates and it worked - no more updates suggested for download.

 

[torchwood]

Hi JDP13,

Looks like windows updates are running fine now.
CBS updated itself, the last cbs persistant log, an archive, would contain the failures,
(post it if you want to)

you could run KB947821 - see if it picks up any errors
and from an elevated command mode
sfc /scannow.

Re the non genuine pop up, Based on your July install comment.
WAT, Windows Activation Technologies, works on 2 levels,
a daily minor check
And a 90 day major check
The workaround to give an extra 30 days "genuine" is to use the slmgr/rearm option


Roy

 

[jdp13]

Hi Roy,

I tried to run the sfc / scannow as admin and it got to 22% complete and gave the following error - 'Windows resource protection could not perform the requested operation'. Attached the SFC details from the CBS log file.

Also noteworthy is that even when task manager shows my CPU at 0%, the physical memory (RAM?) is stuck around 13-20% for some reason.

My AV (Bitdefender) is also failing on updates.

Maybe I should try to delete the workaround update which I posted in my first post - I can see it in control panel > programs - can I just hit 'uninstall' or might that causes stability issues?

Thanks

 

[torchwood]

Hi JDP13,

I dont know what that patch has changed, so you could uninstall it see if it makes any difference.

Please run KB947821, post the log.

As for BitDefender not updating, try installing/running Malwarebytes free see if it picks up anything


Roy