Answered by:
WGA troubles

Question
-
No way to start Security-SPP :
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 21.02.2014 21:59:49
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxx-PC
Description:
The Software Protection service failed to start. 0x80070002
6.1.7601.17514
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="49152">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-02-21T20:59:49.000000000Z" />
<EventRecordID>92000</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>xxxxxxx-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070002</Data>
<Data>6.1.7601.17514</Data>
</EventData>
</Event>Service Control Manager:
Log Name: System
Source: Service Control Manager
Date: 21.02.2014 21:59:50
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxx-PC
Description:
The Software Protection service terminated with the following error:
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-02-21T20:59:50.400065200Z" />
<EventRecordID>270996</EventRecordID>
<Correlation />
<Execution ProcessID="740" ThreadID="10984" />
<Channel>System</Channel>
<Computer>xxxxxxx-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Software Protection</Data>
<Data Name="param2">%%2</Data>
</EventData>
</Event>Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Invalid License
Validation Code: 50Cached Validation Code: N/A, hr = 0xc0000022
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/AWgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{47DAAEC4-1138-49D4-9684-B0A31EC9C91E}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-61081905-837718168-3433156493</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Precision M4600</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A08</Version><SMBIOSVersion major="2" minor="6"/><Date>20111018000000.000000+000</Date></BIOS><HWID>B7803507018400FE</HWID><UserLCID>0810</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>CBX3 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
Error: 0x80070426Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: 0x00000000
HealthStatus: 0x0001000000000000
Event Time Stamp: 2:18:2014 22:00
WAT Activex: Registered
WAT Admin Service: RegisteredHWID Data-->
HWID Hash Current: PgAAAAEAAAABAAMAAwACAAAABgABAAEAHKLsmHIOxHR6JPRdxPUMRpjsQjTOn1YqeFwk/cjCcoq+Qd7xLnM=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL CBX3
FACP DELL CBX3
HPET A M I PCHHPET
BOOT DELL CBX3
MCFG DELL SNDYBRDG
TCPA
SSDT DELLTP TPM
SSDT DELLTP TPM
SSDT DELLTP TPM
DMAR INTEL SNB
SLIC DELL CBX3
SSDT DELLTP TPMThanks if you can help...
- Edited by Roggino Friday, February 21, 2014 9:41 PM
Friday, February 21, 2014 9:34 PM
Answers
-
...I lied!
The SPLDR service has been disabled - and this is the cause of your problems.
Please run the following command in an Elevated Command Prompt, and then reboot.
SC CONFIG SPLDR start= auto
after the reboot, post another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Edited by Noel D PatonModerator Monday, February 24, 2014 3:00 PM correct syntax
- Proposed as answer by Noel D PatonModerator Thursday, February 27, 2014 6:45 PM
- Marked as answer by Noel D PatonModerator Thursday, March 6, 2014 2:34 PM
Monday, February 24, 2014 2:59 PMModerator
All replies
-
(Have you EVER used Norton software on this machine?)
Please run the following commands, and post the results.reg query
REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S
REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S
REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC
REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC
They may show something
Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Friday, February 21, 2014 10:24 PMModerator -
Hi,
yes on this machine is running a Symantec Endpoint Protection
and the result of the querys is:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
DisplayName REG_SZ Security Processor Loader Driver
ErrorControl REG_DWORD 0x3
Start REG_DWORD 0x4
Type REG_DWORD 0x1HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
0 REG_SZ Root\LEGACY_SPLDR\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
DR /SHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
NextInstance REG_DWORD 0x1HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
Service REG_SZ spldr
Legacy REG_DWORD 0x1
ConfigFlags REG_DWORD 0x400
Class REG_SZ LegacyDriver
ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}
DeviceDesc REG_SZ Security Processor Loader Driver
Capabilities REG_DWORD 0x0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control
C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLS
VC
ERROR: The system was unable to find the specified registry key or value.C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPP
SVC
ERROR: The system was unable to find the specified registry key or value.Thanks in advance of your Help
Monday, February 24, 2014 2:09 PM -
Those results seem normal
EP doesn't usually cause many problems that we see here, so it's likely something else...
Please run the following commands in an ELevated COmmand Prompt, and post the results.
NET START SPLDR SC QC SPLDR SC QUERYEX SPLDR NET START SPPSVC SC QC SPPSVC SC QUERYEX SPPSVC
.
They may show where the problem is.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Monday, February 24, 2014 2:55 PMModerator -
...I lied!
The SPLDR service has been disabled - and this is the cause of your problems.
Please run the following command in an Elevated Command Prompt, and then reboot.
SC CONFIG SPLDR start= auto
after the reboot, post another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Edited by Noel D PatonModerator Monday, February 24, 2014 3:00 PM correct syntax
- Proposed as answer by Noel D PatonModerator Thursday, February 27, 2014 6:45 PM
- Marked as answer by Noel D PatonModerator Thursday, March 6, 2014 2:34 PM
Monday, February 24, 2014 2:59 PMModerator -
That was now the software protection service is working fine....
Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0Cached Validation Code: 0x0
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {47DAAEC4-1138-49D4-9684-B0A31EC9C91E}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/AWgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{47DAAEC4-1138-49D4-9684-B0A31EC9C91E}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-61081905-837718168-3433156493</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Precision M4600</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A08</Version><SMBIOSVersion major="2" minor="6"/><Date>20111018000000.000000+000</Date></BIOS><HWID>B7803507018400FE</HWID><UserLCID>0810</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>CBX3 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700524-02-1033-7601.0000-3572011
Installation ID: 010692948074642531424603811464312460402182152134192194
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 733WD
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 24.02.2014 16:10:31Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: 0x00000000
HealthStatus: 0x0001000000000000
Event Time Stamp: 2:18:2014 22:00
WAT Activex: Registered
WAT Admin Service: RegisteredHWID Data-->
HWID Hash Current: PgAAAAEAAAABAAMAAwACAAAABgABAAEAHKLsmHIOxHR6JPRdxPUMRpjsQjTOn1YqeFwk/cjCcoq+Qd7xLnM=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL CBX3
FACP DELL CBX3
HPET A M I PCHHPET
BOOT DELL CBX3
MCFG DELL SNDYBRDG
TCPA
SSDT DELLTP TPM
SSDT DELLTP TPM
SSDT DELLTP TPM
DMAR INTEL SNB
SLIC DELL CBX3
SSDT DELLTP TPMThanks again.
Monday, February 24, 2014 3:17 PM -
:) - That all looks OK now.
Any idea what may have switched off the SPLDR service? it's possibly some tweaking tool or the like?
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Monday, February 24, 2014 3:28 PMModerator -
I know taht's happend on the 12-13 of february,
I have seen a lot of Microsoft updates on 12, but no idea if one of them has switched of that service.
Other install I have to check if I have done in that time.
I'll have a look if I can find something and I'll write again here..
In the meantime Thanks again.
Monday, February 24, 2014 3:34 PM -
None of those updates should have touched that service - certainly they didn't here.
It's much more likely to have been third-party software than an update.
Whatever, at least it's fixed :)
Good luck!
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Monday, February 24, 2014 4:44 PMModerator