SysWOW64 Virus then Windows 7 Build 7601 not genuine error

Clutch781

New member
Local time
9:34 PM
Messages
3
Had some issues with a the SysWOW64 virus. In the process of resolving that issue, I rebooted and then out of no where I get the Windows has a discovered a change....non genuine windows error. My report is posted below. Thanks



Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-88C8H-WB8WV-6WRDM
Windows Product Key Hash: vPpZvWjSNMYFbs+Qi3BzYsbem4Q=
Windows Product ID: 00359-031-8683566-85297
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {2B05B71C-CD15-47BA-A2D8-D9A02FFAD50D}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error: T:20141222221445070-
Validation Diagnostic: 
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2B05B71C-CD15-47BA-A2D8-D9A02FFAD50D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6WRDM</PKey><PID>00359-031-8683566-85297</PID><PIDType>5</PIDType><SID>S-1-5-21-4223412974-1607727688-3787765987</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>2001   </Version><SMBIOSVersion major="2" minor="6"/><Date>20110308000000.000000+000</Date></BIOS><HWID>05333407018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17427</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>  
Spsys.log Content: U1BMRwEAAAAAAQAACAAAAMxXAAAAAAAAYWECAAAAAACod9uZXh7QAWbXGpOihAOpMHzDmWxsjuqtTGRqt9EuC5nBokc9Lcu0ZukiBwrJrlqqj1HBEhTPiTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHs9ULIYqhcGRffW9c16+Dx/hXU6QpFI+clIV60GbA1Q0zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-031-868356-01-1033-7601.0000-3562014
Installation ID: 014422137310270371466734789015126993165880808921310822
Processor Certificate URL: [url=http://go.microsoft.com/fwlink/?LinkID=88338]SpcService Web Service[/url]
Machine Certificate URL: [url=http://go.microsoft.com/fwlink/?LinkID=88339]RacService Web Service[/url]
Use License URL: [url=http://go.microsoft.com/fwlink/?LinkID=88341]UseLicenseService Web Service[/url]
Product Key Certificate URL: [url=http://go.microsoft.com/fwlink/?LinkID=88340]PkcService Web Service[/url]
Partial Product Key: 6WRDM
License Status: Notification
Notification Reason: 0xC004F200 (non-genuine).
Remaining Windows rearm count: 5
Trusted time: 12/22/2014 11:58:23 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004C4A8
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:22:2014 22:30
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: PgAAAAIABgABAAIAAAAEAAAAAQABAAEAln1MG9QR+AUQM7byJOa8IELIVPKUvDJbNAhOkQiA6F7TbCyJji4=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   030811  APIC1042
  FACP   030811  FACP1042
  SRAT   AMD     FAM_F_10
  HPET   030811  OEMHPET 
  MCFG   030811  OEMMCFG 
  OEMB   030811  OEMB1042
  SSDT   A M I   POWERNOW
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 BitAMD Phenom II X4 965 3.4G8.0 GBNVIDIA GEFORCE GTX 570
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64 Bit
CPU
AMD Phenom II X4 965 3.4G
Motherboard
ASUS M4A79XTD EVO
Memory
8.0 GB
Graphics Card(s)
NVIDIA GEFORCE GTX 570
Antivirus
Avast
Hmmm - try this...


Please first try recreating Licensing Store.

Recreate the Licensing Store
Go to Start > All Programs > Accessories
Right-Click on Command Prompt and select Run as Administrator - accept the UAC prompt
Run the following commands in the Command Prompt window, using the Enter key at the end of each

net stop sppsvc
(wait until the service has stopped before entering the following lines)

CD %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
REN tokens.dat tokens.bar
net start sppsvc
slui.exe

After a couple of seconds the Windows Activation dialog will appear.
You may be asked to re-activate and/or re-enter your product key, or Activation may occur automatically.
If you are asked for your Key, use the one on the COA sticker on the machine's case

Reboot and Post back with a new MGADiag report.

(Note: the Line 'CD %win......\SoftwareProtectionPlatform' is all on one line - it may be broken in the Forum listing)
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Here is the new log

Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-88C8H-WB8WV-6WRDM
Windows Product Key Hash: vPpZvWjSNMYFbs+Qi3BzYsbem4Q=
Windows Product ID: 00359-031-8683566-85297
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {2B05B71C-CD15-47BA-A2D8-D9A02FFAD50D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error: T:20141222221445070-
Validation Diagnostic: 
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Disabled
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2B05B71C-CD15-47BA-A2D8-D9A02FFAD50D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6WRDM</PKey><PID>00359-031-8683566-85297</PID><PIDType>5</PIDType><SID>S-1-5-21-4223412974-1607727688-3787765987</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>2001   </Version><SMBIOSVersion major="2" minor="6"/><Date>20110308000000.000000+000</Date></BIOS><HWID>05333407018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17427</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>  
Spsys.log Content: U1BMRwEAAAAAAQAACAAAAMxXAAAAAAAAYWECAAAAAACod9uZXh7QAWbXGpOihAOpMHzDmWxsjuqtTGRqt9EuC5nBokc9Lcu0ZukiBwrJrlqqj1HBEhTPiTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHs9ULIYqhcGRffW9c16+Dx/hXU6QpFI+clIV60GbA1Q0zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-031-868356-01-1033-7601.0000-3572014
Installation ID: 014422137310270371466734789015126993165880808921310822
Processor Certificate URL: [url=http://go.microsoft.com/fwlink/?LinkID=88338]SpcService Web Service[/url]
Machine Certificate URL: [url=http://go.microsoft.com/fwlink/?LinkID=88339]RacService Web Service[/url]
Use License URL: [url=http://go.microsoft.com/fwlink/?LinkID=88341]UseLicenseService Web Service[/url]
Product Key Certificate URL: [url=http://go.microsoft.com/fwlink/?LinkID=88340]PkcService Web Service[/url]
Partial Product Key: 6WRDM
License Status: Notification
Notification Reason: 0xC004F200 (non-genuine).
Remaining Windows rearm count: 5
Trusted time: 12/23/2014 8:21:23 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004C4A8
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:22:2014 22:30
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: PgAAAAIABgABAAIAAAAEAAAAAQABAAEAln1MG9QR+AUQM7byJOa8IELIVPKUvDJbNAhOkQiA6F7TbCyJji4=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   030811  APIC1042
  FACP   030811  FACP1042
  SRAT   AMD     FAM_F_10
  HPET   030811  OEMHPET 
  MCFG   030811  OEMMCFG 
  OEMB   030811  OEMB1042
  SSDT   A M I   POWERNOW
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium 64 BitAMD Phenom II X4 965 3.4G8.0 GBNVIDIA GEFORCE GTX 570
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64 Bit
CPU
AMD Phenom II X4 965 3.4G
Motherboard
ASUS M4A79XTD EVO
Memory
8.0 GB
Graphics Card(s)
NVIDIA GEFORCE GTX 570
Antivirus
Avast
No change :( were you asked to re-input your Product Key?
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
No, it went straight to the "this copy of windows is not genuine, go online and resolve now" page. I did however go though the control panel and re enter the key but it didn't fix anything.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 BitAMD Phenom II X4 965 3.4G8.0 GBNVIDIA GEFORCE GTX 570
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64 Bit
CPU
AMD Phenom II X4 965 3.4G
Motherboard
ASUS M4A79XTD EVO
Memory
8.0 GB
Graphics Card(s)
NVIDIA GEFORCE GTX 570
Antivirus
Avast
OK - we'll have to go through the normal troubleshooting methods, then...

Please run a full CHKDSK and SFC scan....
Click on Start > All Programs > Accessories
Right-click on the Command Prompt entry
Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.
At the Command prompt, type
CHKDSK C: /R
and hit the Enter key.
You will be told that the drive is locked, and the CHKDSK will run at the next boot - hit the Y key, and then reboot.
The CHKDSK will take a few hours depending on the size of the drive, so be patient!
After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) - then run the SFC.

SFC -System File Checker - Instructions
Click on Start > All Programs > Accessories
Right-click on the Command Prompt entry
Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.
At the Command prompt, type
SFC /SCANNOW
and hit the Enter key
Wait for the scan to finish - make a note of any error messages - and then reboot.

Upload the CBS.log file (compressed, please!) to your reply - also post a new MGADiag report.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Back
Top