locked
Windows 7 displays Windows is not Genuine RRS feed

  • Question

  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-QV3DR-RBQK7-GPYRG
    Windows Product Key Hash: 6wIonIE+f3qd9jhirSnZkd0ekwI=
    Windows Product ID: 00426-066-2334574-86234
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {905A0C03-780E-49E3-9D5B-EF376951CEB2}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.140303-2144
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Expression Web 2 - 121
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 7E90FEE8-198-80004005_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{905A0C03-780E-49E3-9D5B-EF376951CEB2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-GPYRG</PKey><PID>00426-066-2334574-86234</PID><PIDType>5</PIDType><SID>S-1-5-21-1357489681-409546875-3031451717</SID><SYSTEM><Manufacturer>INTEL_</Manufacturer><Model>D975XBX2</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>BX97520J.86A.2813.2008.0114.2256</Version><SMBIOSVersion major="2" minor="4"/><Date>20080114000000.000000+000</Date></BIOS><HWID>F6683207018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0045-0000-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Expression Web 2</Name><Ver>12</Ver><Val>7DC44AA2A8BDD76</Val><Hash>6w2dnsXU7ttP0AfTINjPx3TUWFM=</Hash><Pid>78727-699-0912664-59151</Pid><PidType>0</PidType></Product></Products><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 7:25:2014 20:27
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: NgAAAAIAAgABAAEAAwACAAAAAQABAAEA6GFcsU405kxI5DrDFqqqrf4Q3ohQfLg67V92ECqF

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   INTEL   D975XBX2
      FACP   INTEL   D975XBX2
      MCFG   INTEL   D975XBX2
      WDDT   INTEL   D975XBX2
      ASF!   INTEL   D975XBX2
      SSDT   INTEL   CpuPm
      SSDT   INTEL   CpuPm
      SSDT   INTEL   CpuPm
      SSDT   INTEL   CpuPm
      SSDT   INTEL   CpuPm

    Saturday, July 26, 2014 1:42 AM

Answers

  • Software Protection is SPPSVC - the settings are fine so far as I can see, but MGADiag is seeing a tamper of some kind with it.

    I think the SPPUINotify service is irrelevant here - but that setting is normal.

    If the notification comes and goes, it may simply be some kind of race condition - if that's the case, then they are notoriously difficult to pin down, as the act of looking for them can prevent them appearing.

    I think is may be the SPLDR driver causing the problem...

    (Have you EVER used Norton software on this machine?)

    Please run the following commands, and post the results.

    REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC

     They may show something


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, July 28, 2014 5:45 AM
    Moderator

All replies

  • Please open an Elevated (Administrator) Command Prompt window and use the following
    commands....

    net start sppsvc

    sc qc sppsvc

    sc queryex sppsvc

    sc qprivs sppsvc

    sc qsidtype sppsvc

    sc sdshow sppsvc

    Copy and paste the output to your reply

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, July 26, 2014 7:48 AM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\rfluegge>net start sppsvc
    The requested service has already been started.

    More help is available by typing NET HELPMSG 2182.


    C:\Users\rfluegge>
    C:\Users\rfluegge>sc qc sppsvc
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: sppsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 2   AUTO_START  (DELAYED)
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\sppsvc.exe
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : Software Protection
            DEPENDENCIES       : RpcSs
            SERVICE_START_NAME : NT AUTHORITY\NetworkService

    C:\Users\rfluegge>
    C:\Users\rfluegge>sc queryex sppsvc

    SERVICE_NAME: sppsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 4  RUNNING
                                    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 6420
            FLAGS              :

    C:\Users\rfluegge>
    C:\Users\rfluegge>sc qprivs sppsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: sppsvc
            PRIVILEGES       : SeAuditPrivilege
                             : SeChangeNotifyPrivilege
                             : SeCreateGlobalPrivilege
                             : SeImpersonatePrivilege

    C:\Users\rfluegge>
    C:\Users\rfluegge>sc qsidtype sppsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: sppsvc
    SERVICE_SID_TYPE:  UNRESTRICTED

    C:\Users\rfluegge>
    C:\Users\rfluegge>sc sdshow sppsvc

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO
    CRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LCRP;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCW
    DWO;;;WD)

    C:\Users\rfluegge>
    C:\Users\rfluegge>

    Sunday, July 27, 2014 8:04 PM
  • Very odd - the error in your report indicates a configuration error in the SPPSVC service - but all the data from that service appears to be OK.

    I note that the posted data appears to be from a normal user Command Prompt, rather than an Elevated one, but still contains the expected results from an Elevated one - are you running with UAC switched off?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, July 27, 2014 9:40 PM
    Moderator
  • yes, uac switched off

    Sunday, July 27, 2014 10:38 PM
  • This error mysteriously shows up periodically and then just as mysteriously goes away.  I have an MSDN Pro subscription so my OS upgrades are a download.

    Sunday, July 27, 2014 10:40 PM
  • Under Services, SPP Notification Service is Startup Type "Manual" and Status is "blank".  Software Protection is Automatic (Delayed) and is also "blank".  Is this correct?

    Sunday, July 27, 2014 10:47 PM
  • Software Protection is SPPSVC - the settings are fine so far as I can see, but MGADiag is seeing a tamper of some kind with it.

    I think the SPPUINotify service is irrelevant here - but that setting is normal.

    If the notification comes and goes, it may simply be some kind of race condition - if that's the case, then they are notoriously difficult to pin down, as the act of looking for them can prevent them appearing.

    I think is may be the SPLDR driver causing the problem...

    (Have you EVER used Norton software on this machine?)

    Please run the following commands, and post the results.

    REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC

     They may show something


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, July 28, 2014 5:45 AM
    Moderator
  • Just as it mysteriously started, it has stopped.  I won't see it again for weeks or months ... who knows.

    Thanks for your assistance.

    Sunday, August 17, 2014 5:11 PM