WGA troubles

All replies

• 

  

  0

  Sign in to vote

  (Have you EVER used Norton software on this machine?)

  Please run the following commands, and post the results.reg query

  REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

  REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

  REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC

  REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC

   They may show something

    Here are some instructions to make life easier :)

  1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

  2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

  3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Friday, February 21, 2014 10:24 PM

  Moderator
• 

  

  0

  Sign in to vote

  Hi,

  yes on this machine is running a Symantec Endpoint Protection

  and the result of the querys is:

  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

  C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
      DisplayName    REG_SZ    Security Processor Loader Driver
      ErrorControl    REG_DWORD    0x3
      Start    REG_DWORD    0x4
      Type    REG_DWORD    0x1

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
      0    REG_SZ    Root\LEGACY_SPLDR\0000
      Count    REG_DWORD    0x1
      NextInstance    REG_DWORD    0x1

  
  C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
  DR /S

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
      NextInstance    REG_DWORD    0x1

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
      Service    REG_SZ    spldr
      Legacy    REG_DWORD    0x1
      ConfigFlags    REG_DWORD    0x400
      Class    REG_SZ    LegacyDriver
      ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
      DeviceDesc    REG_SZ    Security Processor Loader Driver
      Capabilities    REG_DWORD    0x0

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control

  
  C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLS
  VC
  ERROR: The system was unable to find the specified registry key or value.

  C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPP
  SVC
  ERROR: The system was unable to find the specified registry key or value.

  Thanks in advance of your Help

  Monday, February 24, 2014 2:09 PM
• 

  

  0

  Sign in to vote

  Those results seem normal

  EP doesn't usually cause many problems that we see here, so it's likely something else...

  Please run the following commands in an ELevated COmmand Prompt, and post the results.

  NET START SPLDR
  SC QC SPLDR
  SC QUERYEX SPLDR
  NET START SPPSVC
  SC QC SPPSVC
  SC QUERYEX SPPSVC
  .

  
  

  They may show where the problem is.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Monday, February 24, 2014 2:55 PM

  Moderator
• 

  

  0

  Sign in to vote

  ...I lied!

  The SPLDR service has been disabled - and this is the cause of your problems.

  Please run the following command in an Elevated Command Prompt, and then reboot.

  SC CONFIG SPLDR start= auto

  after the reboot, post another MGADiag report.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  
  

  • Edited by Noel D PatonModerator Monday, February 24, 2014 3:00 PM correct syntax
  • Proposed as answer by Noel D PatonModerator Thursday, February 27, 2014 6:45 PM
  • Marked as answer by Noel D PatonModerator Thursday, March 6, 2014 2:34 PM

  Monday, February 24, 2014 2:59 PM

  Moderator
• 

  

  0

  Sign in to vote

  That was now the software protection service is working fine....

  Diagnostic Report (1.9.0019.0):
  -----------------------------------------
  WGA Data-->
  Validation Status: Genuine
  Validation Code: 0

  Cached Validation Code: 0x0
  Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
  Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.1.7601.2.00010100.1.0.048
  ID: {47DAAEC4-1138-49D4-9684-B0A31EC9C91E}(3)
  Is Admin: Yes
  TestCab: 0x0
  WGA Version: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows 7 Professional
  Architecture: 0x00000009
  Build lab: 7601.win7sp1_gdr.130828-1532
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A

  WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002

  WGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002

  OGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  OGAExec.exe Signed By: N/A, hr = 0x80070002
  OGAAddin.dll Signed By: N/A, hr = 0x80070002

  OGA Data-->
  Office Status: 109 N/A
  OGA Version: N/A, 0x80070002
  Signed By: N/A, hr = 0x80070002
  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

  Browser Data-->
  Proxy settings: N/A
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed

  File Scan Data-->

  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{47DAAEC4-1138-49D4-9684-B0A31EC9C91E}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-61081905-837718168-3433156493</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Precision M4600</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A08</Version><SMBIOSVersion major="2" minor="6"/><Date>20111018000000.000000+000</Date></BIOS><HWID>B7803507018400FE</HWID><UserLCID>0810</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

  Spsys.log Content: 0x80070002

  Licensing Data-->
  Software licensing service version: 6.1.7601.17514

  Name: Windows(R) 7, Professional edition
  Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
  Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
  Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
  Extended PID: 00371-00178-926-700524-02-1033-7601.0000-3572011
  Installation ID: 010692948074642531424603811464312460402182152134192194
  Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
  Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
  Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
  Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
  Partial Product Key: 733WD
  License Status: Licensed
  Remaining Windows rearm count: 2
  Trusted time: 24.02.2014 16:10:31

  Windows Activation Technologies-->
  HrOffline: 0x8004FE21
  HrOnline: 0x00000000
  HealthStatus: 0x0001000000000000
  Event Time Stamp: 2:18:2014 22:00
  WAT Activex: Registered
  WAT Admin Service: Registered

  HWID Data-->
  HWID Hash Current: PgAAAAEAAAABAAMAAwACAAAABgABAAEAHKLsmHIOxHR6JPRdxPUMRpjsQjTOn1YqeFwk/cjCcoq+Qd7xLnM=

  OEM Activation 1.0 Data-->
  N/A

  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20001
  OEMID and OEMTableID Consistent: yes
  BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC   DELL    CBX3  
    FACP   DELL    CBX3  
    HPET   A M I    PCHHPET
    BOOT   DELL    CBX3   
    MCFG   DELL    SNDYBRDG
    TCPA     
    SSDT   DELLTP  TPM
    SSDT   DELLTP  TPM
    SSDT   DELLTP  TPM
    DMAR   INTEL   SNB
    SLIC   DELL    CBX3  
    SSDT   DELLTP  TPM

  Thanks again.

  Monday, February 24, 2014 3:17 PM
• 

  

  0

  Sign in to vote

  :) - That all looks OK now.

  Any idea what may have switched off the SPLDR service? it's possibly some tweaking tool or the like?

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Monday, February 24, 2014 3:28 PM

  Moderator
• 

  

  0

  Sign in to vote

  I know taht's happend on the 12-13 of february,

  I have seen a lot of Microsoft updates on 12, but no idea if one of them has switched of that service.

  Other install I have to check if I have done in that time.

  I'll have a look if I can find something and I'll write again here..

  In the meantime Thanks again.

  Monday, February 24, 2014 3:34 PM
• 

  

  0

  Sign in to vote

  None of those updates should have touched that service - certainly they didn't here.

  It's much more likely to have been third-party software than an update.

  Whatever, at least it's fixed :)

  Good luck!

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Monday, February 24, 2014 4:44 PM

  Moderator