HELP-Windows 7 not genuine error-Windows will not run

You can try combofix

http://www.bleepingcomputer.com/download/combofix/


Reboot and check ...after that you can malwarebytes free version.



Ded9

You can also try Knoppix Linux live cd. This is helpful for scanning for virii outside of the Windows environment. What happens when you try a system restore?

I left out some information that may be helpful.  I ran sfc /scannow & it said it found errors but couldn't fix them.  Thanks for the suggestion Ded9.  Haven't tried Combofix, but do have MBAM installed, but can't run it.

Did you run sfc in Safe Mode? If not, try that. Also try chkdsk x: /r where X: is your drive. The /r switch forces it to repair errors automatically. It will ask you if you want to schedule for the next restart, say yes and then restart.

http://www.knopper.net/knoppix/index-en.html
http://www.sysresccd.org/SystemRescueCd_Homepage
http://www.ultimatebootcd.com/

These are all Linux based boot cds that have various system recovery and analysis tools that can be helpful when Windows isn't working.

Let me provide some more details.  Obviously I haven't tried all of the suggestions yet.  My system is about a year old.  The OS drive is a SSD (Drive C).  When I boot to the recovery console (for Restore), I have to select the primary drive before entering the recovery console (If it is still called that in Windows 7?)  When I attempt a restore it says it is trying to recover windows on drive F.  Drive F is also an SSD, but it is a data drive & twice as large & I know I'm not booting to that drive...so I don't know what is going on here.  I am going to try some other options now.  Thanks

I thought you meant something else by system restore. Try (in safe-mode) the System Restore program that comes bundled with windows. Type system restore in the search bar or go Start-> all programs-> Accessories->System Tools->System Restore

FYI, I selected a different drive during boot with the same results.  Under system Recovery options it says operating system is F:\Windows.  When I start restore it says drives affected are C & D (D is another SSD that has some apps installed).  It fails with an unspecified error 0x800700057.

Do you have any antivirus installed? There are various forums on Microsoft sites suggesting that an antivirus may cause this issue. Norton in particular has a fix for it:

https://support.norton.com/sp/en/us/home/current/solutions/v51118464_EndUserProfile_en_us?entsrc=redirect_pubweb&pvid=f-home

I do have nortons installed, but can't disable it because Windows Explorer is continuously restarting.  I ran combofix and MBAM.  I'm attaching the log file as well as a windows log file from an error it gave.  If anyone can help it would be greatly appreciated.  Thanks!
combolog.txt
CBS.log

I don't see anything especially suspicious in those logs, but I am not too familiar with those applications. Can you get into safe mode and disable Norton from there?

Thanks for looking at the logs.  I used Norton Removal Tool and completely removed it.  SFC /scannow seemed to finish, but Restore didn't work & problem is still there.  I think this is either malware or corrupt file(s), but haven't found anything yet.

Did you run a chkdsk /r from an elevated command prompt?

I ran chkdsk /r from safemode & normal mode via task manager.  Each time it said that it would run on restart--needed access to the drive, but couldn't tell that it helped.  The only way I can run any program is via task manager.  In addition to the errors, my system said "Windows Explorer is Restarting" every few seconds...which I should have mentioned earlier.  However, I have made some progress by disabling all Non-Microsoft shell extensions.  Now I do NOT get the Explorer restarting error.  But it is still saying Windows is not genuine & I'm getting an audible alert every few seconds (no visual alert).  It sounds similar to the sound you get when you plug/unplug a usb device.  Thanks.

I also failed to mention that several of my devices are not working.  In device manager it says that the driver couldn't be loaded.  This includes my NIC.  Thanks

I just found that some of my folders are also inaccessible.  Such as Documents and Settings.  Does this sound like malware/rootkit to anyone else?

Definitely sounds like a virus or malware. Have you tried the system restore application within windows? Start/programs/accessories/system tools / system restore. I would try that first and then an av scan maybe avg or ms security essentials both are free. Personally I like ms security essentials better. Just a reminder though malware is different than virii and malwarebytes will not detect virii.

Those links to recovery boot CDs are the way to go if its a rootkit

Ok I am now able to get to an elevated command prompt.  When attempting to run chkdsk /r...it says "Cannot lock current drive.  Chkdsk cannot run because the volume is in use by another process.  Would you like to schedule...."  Thanks

Yes so schedule as it asks if you want to or not and then reboot. You will see the scan before windows loads. After its done you can load into windows and view the log of the results of the scan.

I've scheduled & ran (I guess it ran) several times.  I haven't been able to find the log in event viewer or a .log or .txt file.  It seems as if I have some registry corruption too.  But given all of the different problems it could be a virus of some sort.  Thanks

It's under wininit in the event viewer. It may be easier to find by creating a custom view and filtering only that source (wininit)

After removing norton ...run combofix again.


Reboot and check.



Ded9

I agree it's probably some type of not-good ware but this would be the last try before removing it manually through a Linux bootcd, especially if its a roootkit. No need to know anything about Linux the recovery CDs are very intuitive and (as much as they can be) user-friendly

I did run combofix after removing Nortons to no avail.  I will try to find that log file now.

Ok.  I created a customview by source and selected Wininit.  The only messages in the past 2 days say "Custom dynamic link libraries are being loaded for every application.  The system admin. should review...to ensure they are related to trusted applications.  Thanks again!!!

Scanning through some of the logs I've noticed an Error about LoadPerf.  It refers to a malformed string that has some Chinese looking characters.

Also see "Windows cannot load classes registry file".  I guess this could be *!x# ware too...

Alright well at the logs aren't littered with errors, that's a good sign. Have you tried the system restore tool in windows accessories

After your run combofix ...create a new user account in control panel...reboot login under the new user account and check.

Old user account might be corrupted.



Ded9

I have attempted system restore from normal mode, safe mode, and recovery console-all failed.  I just noticed that the first error I got after going to bed last night (system messed up sometime before I got on it this AM) was pertaining to "ESET online scanner" which I do not recognize.  This could be it?

Also noted that the error details mention AMD64 & I had run across that before & thought it to be strange as I have an Intel processor.  It gives windows locations for "conflicting components" in C:\Windows\WinSxS\manifests\amd64 and C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_.....   Hope this tells you something.

The 1st thing that happens when logging onto the newly created user account is the "Windows 7 not genuine" error...:(

Get a genuine copy of windows then; you say you didn't install it so maybe someone installed some hacked business on there. Free windows aren't too hard to find just at least take a look a the foundation before you start building a house

What?  I installed it myself.  I ordered it from a reputable business.  I have built computers for over 15 years.  Trust me...this copy of windows is valid.  It is unfortunate that you are not familiar with this issue & I have been wasting my time following your advice.  Take a look on Seven Forums and you will see that there are several problems that can cause this.  In fact I have posted there.  These guys definitely know when a pirated version has been installed and will suggest the user call Microsoft.  Why did you waste my time here on a topic that you don't have a clue about?

I'm sorry, I didn't mean to offend you but I thought that since you said it was a fresh install maybe it wasn't clean. Have you tried any of the other options?

It definitely sounds like some type of infection. Those logs you mention aren't chkdsk logs, can you do a search in event viewer for chkdsk. If it is an infection ClamAV or another Linux based scanner may be your best bet to get the system into a good eenough condition that a restore can be performed.

If you really dont want to go with one of the linux based boot discs you could download kaspersky system recovery disk which is free for non-commercial use. Also, have you tried the system restore in system tools?

Ok...Thanks for the suggestions.  I had already tried ClamAV & Malwarebytes.  Also tried chkdsk /r and System Restore from Normal Mode, Safe Mode & Recovery Console--all failed.  This may be a lost cause.  Thanks again.

Have you tried Knoppix or the Kaspersky Live CD? I just read that ClamAV is bad at root-kits.  From ClamAV Wikipedia page:

ClamAV was included in comparative tests against other antivirus products. In the 2008 AV-Test it rated: on-demand: very poor, false positives: poor, on-access: poor, response time: very good, rootkits: very poor.

Knoppix has a variety of antivirus tools and Kaspersky is more directed at system disinfecting.

http://www.knopper.net/knoppix/index-en.html
https://support.kaspersky.com/viruses/rescuedisk

Also, if it turns out that it is a rootkit, Kaspersky has a rootkit removal tool with a concise guide:

http://support.kaspersky.com/us/5353

I'm trying to download Kaspersky, but the laptop I'm using is slooowww.

I do have some new information.  Here's the current situation:

I ran another checkdisk and found the log.  Although I do not understand everything in the log, about 2/3 of the way down it says "Windows has checked the file system and found no problem".  

I also reran sfc with some options suggested from another forum, then filtered the results to show only errors.  There are MANY errors.  

ClamAV, MBAM, and MRT scans show no infections.

Issue fixed:  Windows Explorer is Restarting - repetitively--I disabled all non-Microsoft shell extensions

Obvious Issues still present:  
Registry appears to be in bad shape, but windows will boot
Many devices can't find the driver files -- No network access
Windows not genuine error
SFC cannot fix errors
System Restore Fails

My plan is to:
1)Test the SSD drive.  (Hopefully I can find the Mfr. utility)
2)Do some sort of virus/malware scan with a good utility
3)Attempt to restore whatever is damaged

The recovery options and their caveats are not too clear in my head.  I know there are several options and would appreciate your opinion(s).  My goal is to get this back up and running ASAP with the least amount of loss possible (applications and data).  This drive does not have a great deal of data, and I believe I could pull most of the data off that may not be backed up.  However, some of the apps installed proprietary and will cost $200-$300 to activate...not to mention the time required (2 days to install & configure).  Here are the options that I am considering:
1)Attempt to load registry hives from regback directory
2)Attempt "System Repair" from Recovery Console
3)Attempt to Restore Image File (May 2013)
4)Repair Install
5)Clean Install

Please share your thoughts as I don't know what will be saved or lost with each method, the chance of success, etc.

Thanks

I think those are good options in that order but in my experience system repair from recovery console has only made things worse. How did you run ClamAV? Was it from windows or Linux? If Linux, was it updated? If windows, that may be an issue as some infections can tamper with removal and/or detection.

To be more specific about the system repair, I've had numerous systems that still had hope for restoration but after running system repair were totally lost, just my experience though.

How recent is your regbackup? That might muck things up even more. Why are you considering restoring it... What symptoms is the registry showing?

What SSD do you have?

Also, if it turns out you have a roootkit then it might prevent you from restoring via image or even worse it could mess with it after its started leaving you no choice but to wipe everything. Actually I would pull whatever data I could before trying anything unless you've done that already.

Thanks for your thoughts/suggestions.  I ran ClamAV-portable I believe.  I've done so much reading in the past 24hrs my head is spinning.  I have had mostly similar results from System Repairs from Recovery Console, but in XP.  I've not used the Startup Repair in 7.  I will probably skip that though since I'm not actually having any "startup" issue per se.  From what I've read in the past hour or so, the preferred order would be to try registry repair through Restore or loading the individual hives.  Then, if that don't work-do a Repair Install--if the system is bootable.

The registry has several problems.  More than I can fix with a patch.  It is missing device drivers, and there are many (thousands) of errors/warnings in event viewer-mostly relating to registry issues.  Out of desperation I ran Ccleaner on the registry yesterday, but I exported each Registry Key first.  Better Yet the RegBack folder has the version from 9/11 before the problem began.

I just got Kaspersky d/l'd so I'm going to give that a go & move forward from there.

Thanks Again

This problem can often be fixed with some assistance, apparently mine was beyond repair.