locked
Software Protection service fails to run. W7Pro works as if not Genuine. RRS feed

  • Question

  • I acquired a license for Windows 7 Professional from an official entity that has an agreement with Microsoft. (If Microsoft wants to know which entity, I will be glad to say, but not in public)

    I activated it normally and no error occurred. My problem is that, after a while, I started getting the window that states I am not running a genuine copy of Windows and invites me to rectify the problem. That is to say, it assumes the system is not properly activated.

    I searched the forum for some help and I found some very similar problems here. I found a possible fix in a thread of very similar nature. The solution was to run services.msc (that manages services) and manually start the Software Protection service.

    The problem is I have to do it every single time I open Windows (if I want to appear genuine). Moreover, now the service stops and it is very difficult to keep it working. It came to the point where I start the service and it stops working right in front of me with the properties window still open!

    I've tried "Automatic" and "Automatic (delayed start)" as initialization methods. When I saw the service stop working, I moved to manual (in despair) and it kept stopping even after I had manually started it... again and again. It is down right now.

    Please keep in mind that all attempts to validate the system are successful. Every time I activate that service, Windows re-analysis the system and everything is ok.

    Is there any problem with the license? Is it a system glitch?

    Also, I can't copy the information returned by the genuine advantage diagnostic tool. The program seems made to prevent copy-paste by selecting the result, but the "copy" button gives an error message.

    "Failed to create output files, hr=0x800706b5. Please contact support."

    And I was running the program with administrator privileges.

    I'll write just the information, that I saw in the GADT, that seems relevant:

    Validation Code    0x8004FE21

    The last digits of the Product Key and the its Hash are, supposedly, mathematically/computationally too difficult to use to find the original key but, nevertheless, that's something I'm not keen to experiment with. If there might be a problem with the key itself, then that has to be solved privately with Microsoft.

    Product ID           00371-838-0021684-85633

    Product ID type   5   -   Retail

    Windows OS version    6.1.7600.2.00010100.0.0.048

    Architecture and Build    0x00000000     7600.win7_gdr.100618-1621

    Please keep in mind that the key works.

    I need Windows on my laptop. I bought the English version and installed it on my desktop and then I downloaded this version and asked for a key (or was it the other way around?).

    I even tried to change the place where the system was installed and it failed because I think it is locked with this computer, so security measures are working! I didn't know about that restriction, but it proves the system is completely protected.

    Thank you.

    Friday, September 23, 2011 2:28 PM

Answers

  • When I first mentioned the "flaw", I said it was, obviously,  known. I also said I am convinced Microsoft is working on it. Also, I didn't want to say it because many people who share PCs with other people don't know the first thing about Linux and have absolutely no idea that this is possible. If they read this here, anyone of them with the wrong intentions would obviously try to learn how to disrespect the privacy of the other users.

     

    As for what I'm going to do. My only solution is to do as someone has indicated: re-install everything. I knew this would solve the problem, obviously, but I wanted to avoid it. That's why I came here.

     

    I want to thank those who were helpful and apologize for the trouble I caused. You gave me good hints and I really thought they would work... anyway, thank you very much for the effort. I didn't want to come over too weird, but that's just the way I am. Sorry.

     

    Now... off to do everything from scratch...

    Friday, September 30, 2011 9:20 PM

All replies

  • Also, I can't copy the information returned by the genuine advantage diagnostic tool. The program seems made to prevent copy-paste by selecting the result, but the "copy" button gives an error message.

    "Failed to create output files, hr=0x800706b5. Please contact support."

     

     

    When you run the MGA diagnostic tool ignore the error message. it should still copy and paste.

    Friday, September 23, 2011 2:42 PM
    Answerer
  • It will paste (cntl-v).  The output the message is talking about is a file.
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Friday, September 23, 2011 4:34 PM
    Answerer
  • As Colin explained, the error is regarding a file that we do not use. The copy functionality will still work.
    Darin MS
    Friday, September 23, 2011 9:52 PM
  • I can't update windows even with security patches only. If this is a bug, I can't correct it.

    The first information that appears in the diagnostic is

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *
    Windows Product Key Hash: *
    Windows Product ID: 00371-838-0021684-85633
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {64656892-CF7A-4E77-9342-6437BA81CE60}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    But closer to the end of the report, something very disturbing appears

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys

    Is this the reason behind my problem? Perhaps I installed something that damaged windows, though I fail to see what and I have an antivirus and a firewall running all the time.

    All I want to know is how to solve the "genuine" issue.

    Can someone help, please?

    Saturday, September 24, 2011 7:47 PM
  • "ArkAlbus" wrote in message news:019adcbc-334d-452d-95bf-1ab8e833f09f...

    I can't update windows even with security patches only. If this is a bug, I can't correct it.

    The first information that appears in the diagnostic is

     

     

    All I want to know is how to solve the "genuine" issue.

    Can someone help, please?

    again we need the FULL contents of the report to be able to properly assist....
    To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
    Once saved, run the tool.
    Click on the Continue button, which will produce the report.
    To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
    - IN YOUR OWN THREAD, please

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, September 24, 2011 8:37 PM
    Moderator
  • I understand this might have not crossed your mind, but this is my thread. Also, there is no need to shout.
    Saturday, September 24, 2011 8:56 PM
  • As requested

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *
    Windows Product Key Hash: *
    Windows Product ID: 00371-838-0021684-85633
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {64656892-CF7A-4E77-9342-6437BA81CE60}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-

    80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{64656892-CF7A-4E77-9342-6437BA81CE60}

    </UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-

    *****-*****-*****-JW3D7</PKey><PID>00371-838-0021684-85633</PID><PIDType>5</PIDType><SID>S-1-5-21-522580915-4095957632-

    3693996501</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite

    P300</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V3.00   </Version><SMBIOSVersion major="2"

    minor="5"/><Date>20090305000000.000000+000</Date></BIOS><HWID>B6BB3607018400F8</HWID><UserLCID>0816</UserLCID><SystemLCID

    >0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)

    </TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSQCI</OE

    MID><OEMTableID>TOSQCI00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products

    /><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-838-002168-00-2070-7600.0000-2632011
    Installation ID: 006936067352758052352552771931828006386672684250095495
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: JW3D7
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 24-09-2011 11:39:17

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: MgAAAAEAAgABAAEAAQACAAAAAgABAAEAeqgWKtqPWgl6fzR3BiumsJqIVAWw4tZGRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            INTEL         CRESTLNE
      FACP            T0SQCI        TOSQCI00
      HPET            TOSQCI        TOSQCI00
      BOOT            PTLTD         $SBFTBL$
      MCFG            TOSQCI        TOSQCI00
      APIC            INTEL         CRESTLNE
      SLIC            TOSQCI        TOSQCI00
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci

    Saturday, September 24, 2011 8:58 PM
  • Who is shouting?  "Shouting" means all caps.  And who is taking over your thread?  There is no one here stating his own problem in your thread.  Four people have replied to your posts:  Noel, Darin, Cbarnhorst, and George.  What are you talking about?
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Saturday, September 24, 2011 9:09 PM
    Answerer
  • "ArkAlbus" wrote in message news:1df9ffb4-a7ee-4c82-998f-f4afdca1fbb2...
    I understand this might have not crossed your mind, but this is my thread. Also, there is no need to shout.
     
     
    FYI, I probably post that message 20-30 times a day – it is designed to try and get readers to post to their own thread, not upbraid the OP

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, September 24, 2011 9:37 PM
    Moderator
  • "ArkAlbus" wrote in message news:83fbaf95-128d-4953-9724-ea6733bd6281...

    As requested

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *
    Windows Product Key Hash: *
    Windows Product ID: 00371-838-0021684-85633
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048

    File Scan Data-->
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100


    Other data-->
    SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite

    P300</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V3.00   </Version><SMBIOSVersion major="2" minor="5"/><Date>20090305000000.000000+000</Date></BIOS

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Partial Product Key: JW3D7
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 24-09-2011 11:39:17


    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0

    As you suspected, the problem lies with the File mismatches highlighted above. The group of files affected is familiar, but the error messages are slightly different to the usual ones we would expect from the common source of this set, namely using disk cloning software to copy the operating system from one drive to another.
     
    I’d start by using the CHKDSK and SFC
    Click on the Start button
    type in the Search box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator
    - the Elevated Command Prompt window should pop up
    At the Command prompt, type
    CHKDSK C: /R
    and hit the Enter key
    You will be told that the drive is locked, and the CHKDSK will run at he next boot - hit the Y key, and then reboot. The chkdsk will take a few hours depending on the size of the drive, so be patient!

    After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) - then run the SFC

    SFC -System File Checker - Instructions
    Click on the Start button
    type in the Search box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator
    - the Elevated Command Prompt window should pop up
    At the Command prompt, type

    SFC /SCANNOW

    and hit the Enter key
    Wait for the scan to finish - make a note of any error messages - and then reboot.

    run another MGADiag report, and post the results.

     
    You may want to follow that up by using the CheckSUR Tool
    upload the resulting log files to your SkyDrive, and post the link here
    post a new MGADiag report.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Proposed as answer by Darin Smith MS Monday, September 26, 2011 9:53 PM
    Saturday, September 24, 2011 9:37 PM
    Moderator
  • "ArkAlbus" wrote in message news:1df9ffb4-a7ee-4c82-998f-f4afdca1fbb2...
    I understand this might have not crossed your mind, but this is my thread. Also, there is no need to shout.
     
     
    FYI, I probably post that message 20-30 times a day – it is designed to try and get readers to post to their own thread, not upbraid the OP

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    I partially agree with the OP, the "IN YOUR OWN THREAD, please" part can be confusing to some people. (on more then one occasion, I've seen the owner of one thread create a new thread to post their Diag report, in because of this).  Also, some people could interpret it as yelling, but personally, as long as whole paragraphs aren't written in all Caps (real pain to read) it doesn't bother me.

    Darin MS
    Monday, September 26, 2011 9:52 PM
  • "Darin Smith MS" wrote in message news:25506617-e47b-4a4f-8885-95881aa70ff0...
    "ArkAlbus" wrote in message news:1df9ffb4-a7ee-4c82-998f-f4afdca1fbb2...
    I understand this might have not crossed your mind, but this is my thread. Also, there is no need to shout.
     
     
    FYI, I probably post that message 20-30 times a day – it is designed to try and get readers to post to their own thread, not upbraid the OP

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    I partially agree with the OP, the "IN YOUR OWN THREAD, please" part can be confusing to some people. (on more then one occasion, I've seen the owner of one thread create a new thread to post their Diag report, in because of this).  Also, some people could interpret it as yelling, but personally, as long as whole paragraphs aren't written in all Caps (real pain to read) it doesn't bother me.

    Darin MS
     
     
    One of the biggest problems we have, both here and in the Answers forums, is that readers like to hit the Reply button instead of starting a new thread – that’s why I include that phrase, in an effort to at least make readers think before they post.
    How about if I change the it to “**in your own thread**, please!”
    I don’t want to use bold or italics – the boilerplate is a simple text file – but it does need emphasis of some kind.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, September 27, 2011 10:28 AM
    Moderator
  • I would never copy the operating system from one computer to another, and the only place I make that kind of backup is on my desktop. But when I do that, I use my own method, using known windows security flaws, and, as far as I can tell so far, it is seamless. Nothing would appear in any test.

    So, not only didn't I do that as it would not be detected if I did.

    I did what you advised but checkdisk gave no error while the SFC failed to solve the tampered files issue.

    I'm puzzled about this. Anyway, here's the result of the GAD after I did what you advised.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *
    Windows Product Key Hash: *
    Windows Product ID: 00371-838-0021684-85633
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {64656892-CF7A-4E77-9342-6437BA81CE60}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{64656892-CF7A-4E77-9342-6437BA81CE60}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-JW3D7</PKey><PID>00371-838-0021684-85633</PID><PIDType>5</PIDType><SID>S-1-5-21-522580915-4095957632-3693996501</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite P300</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V3.00   </Version><SMBIOSVersion major="2" minor="5"/><Date>20090305000000.000000+000</Date></BIOS><HWID>B6BB3607018400F8</HWID><UserLCID>0816</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSQCI</OEMID><OEMTableID>TOSQCI00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-838-002168-00-2070-7600.0000-2632011
    Installation ID: 006936067352758052352552771931828006386672684250095495
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: JW3D7
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 26-09-2011 10:39:07

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys

      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            INTEL         CRESTLNE
      FACP            T0SQCI        TOSQCI00
      HPET            TOSQCI        TOSQCI00
      BOOT            PTLTD         $SBFTBL$
      MCFG            TOSQCI        TOSQCI00
      APIC            INTEL         CRESTLNE
      SLIC            TOSQCI        TOSQCI00
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci

    I've checked and I was wrong. There was one program that is not from an entirely reliable source. I've removed it but I didn't have it installed the last time I had this problem, so I cannot be sure if it was important or not. Still, it is not dangerous software...

    I would rather not re-install because microsoft will probably do with this version of the OS the same it did with my copy/license of windows XP. After a few (necessary) installations, I couldn't install anymore. The installations were all in the exact same computer, with the exact same components (with the exception of a sound card once) but the activation system didn't recognize that and now I can't install windows XP anywhere.

    Also, this error might happen again so, I would like to learn how to solve it now.

    By the way, I'm sorry but I don't use skydrive. Also, I plan to avoid using it for as long as I can. Sorry but I won't place any information there.

    Well... here's the data. Thank you for your help so far.

    Tuesday, September 27, 2011 11:38 AM
  • "ArkAlbus" wrote in message news:9bc20e64-2765-472f-ad4f-ecf63ec659fa...

    I would never copy the operating system from one computer to another, and the only place I make that kind of backup is on my desktop. But when I do that, I use my own method, using known windows security flaws, and, as far as I can tell so far, it is seamless. Nothing would appear in any test.

    So, not only didn't I do that as it would not be detected if I did.

    I did what you advised but checkdisk gave no error while the SFC failed to solve the tampered files issue.

    I'm puzzled about this. Anyway, here's the result of the GAD after I did what you advised.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *
    Windows Product Key Hash: *
    Windows Product ID: 00371-838-0021684-85633
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048


    File Scan Data-->
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    I've checked and I was wrong. There was one program that is not from an entirely reliable source. I've removed it but I didn't have it installed the last time I had this problem, so I cannot be sure if it was important or not. Still, it is not dangerous software...

    I would rather not re-install because microsoft will probably do with this version of the OS the same it did with my copy/license of windows XP. After a few (necessary) installations, I couldn't install anymore. The installations were all in the exact same computer, with the exact same components (with the exception of a sound card once) but the activation system didn't recognize that and now I can't install windows XP anywhere.

    Also, this error might happen again so, I would like to learn how to solve it now.

    By the way, I'm sorry but I don't use skydrive. Also, I plan to avoid using it for as long as I can. Sorry but I won't place any information there.

    Well... here's the data. Thank you for your help so far.

    Since you seem to be saying that you’ve been tweaking this system in non-approved ways, I can only suggest a repair install, or a nuke&pave, since there is no way that we can know what you’ve done to the system.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, September 27, 2011 12:35 PM
    Moderator
  • Is this about the whole backup thing? I said " the only place I make that kind of backup is on my desktop."

    I never messed with windows on my laptop and I know not to come to an official forum asking for help to rectify this kind of mistakes.

    That's not an issue, and the problem is still on Windows' side, not on mine.

    So, did you find something out from the new data?

    Tuesday, September 27, 2011 7:47 PM
  • Your evasive and convoluted bro...just the way a hacker/pirate would be. Take a look at the mood of the posts here: everyone comes for help, pastes there MGDIAG dump, no problems, no secrets...your all paranoid and evasive because you know you pirated your shi* bro...you know it and we know it...pony up the 200 bucks....be smart, be legal....be Microsoft!
    Tuesday, September 27, 2011 8:04 PM
  • I would never copy the operating system from one computer to another, and the only place I make that kind of backup is on my desktop. But when I do that, I use my own method, using known windows security flaws, and, as far as I can tell so far, it is seamless. Nothing would appear in any test.

    What are you talking about?  Copying an operating system is not making a backup.  Anyway you're using a Type 5 Retail license.  Type 5 licenses are transferrable.  Copying operating systems is a concern with people who copy Type 2 OEM SLP systems because those are not transferrable.  That doesn't apply to you unless the license is installed on more than one computer at any one time. 

    And what do you mean by "using known windows security flaws"?  Are you a hacker?  Nobody knows what you are talking about. 

    Just describe the symptoms you are seeing and let the gurus here figure out what is going on. 


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Tuesday, September 27, 2011 8:43 PM
    Answerer
  • If I had pirated my version of windows, I would certainly not come here. I decided long, long ago not to use ilegal copies of Windows. The fact I come here for help is a sign that I really haven't pirated anything... I'm not a hacker. I would like to have the knowledge a hacker has, *not *be one, but that's for cases like this and to know how to correctly defend my OS/programs (if I knew, and I'm explicitly saying I don't, I would know how people can harm my system and place more specific countermeasures). What kind of hacker would have the unfortunate idea of coming to a Microsoft Forum to talk about a pirated copy of windows??? One with worst morals than an average hacker, I guess, or a really dumb one.

    As for the security flaws, if I tell you what they are here, wouldn't it be dangerous?

    I said that to reply to what you said about the problem having similar symptoms as using an image of windows to fill a partition. Just that. I wanted you to know I wouldn't do that and that, if I did, it wouldn't mess with windows. I know about this by pure coincidence. I don't go to hacking websites. It was just something that appeared right in front of me. I said it is known because there's no way Microsoft doesn't know about it and isn't working to solve it.

    Please, I'm just being honest. If I have shown clearly that there are tampered files in my installed windows and that I am aware of them, why would I ask for help solving it unless my problem is legitimate? Tampered files are usually the result of hacking: it would be like placing a huge flag over me saying I hacked windows. Having it otherwise would be as saying to microsoft “here! come and get me! I'm a complete idiot of a hacker and I want to ruin my relationship with you!” That's something I do not want to do.

    Let's just start over, can we? I should have been more tactful in all of this.

    I have a legal license of windows 7.

    I didn't even know it is transferable.

    I cannot keep it in genuine mode.

    This happens because the “Software Protection” service keeps stoping.

    Apparently, from what I learned here, it is because some of the system files have been unlawfully tampered with.

    I don't know how that happened.

    I don't want to have to reinstall windows.

    I have followed the instructions someone was kind enough to share with me.

    They haven't worked.

    Can something more be done?

    That's all there is. Sorry, I tend to write more than necessary. I apologize. Please don't ignore my problem based on an assumption that you made because I talk too much.

    You’re right, I mess up conversations, but that is just the way I communicate. I don't mean any harm. I always assume everyone will understand my convoluted writing.

     

    You are doing the same as a general in the Manhattan Project did with Richard P. Feynman, creator of quantum electrodynamics (well, one of the greatest physicists of the twentieth century).

    He noticed the secure vault of the installations had been left open/unlocked and decided to bring the security problem to the general's notice by showing him, in his own way, that the security was not as tight as it should be.

    He called the general and said he would open the vault with a straw. He messed with it using the straw and then, obviously, he opened the vault.

    Instead of becoming worried about the facility's security, the general said, behind Feynman's back, something like “Keep an eye on that one.” He was more worried about one individual who had breached security than with the security problem itself, forgetting that, if that person could do that then others could too.

    I hope you understand that I'm not a hacker by seeing what I mean.



    • Edited by ArkAlbus Wednesday, September 28, 2011 10:08 AM minor corrections
    Wednesday, September 28, 2011 8:36 AM
  • Sorry, I tend to write more than necessary.  Agreed.

    I apologize.  Accepted.

    I always assume everyone will understand my convoluted writing.  Wrong.

    Please don't ignore my problem based on an assumption that you made because I talk too much.  We are volunteers here.  Please don't waste our time with conspiracy theory talk.  Just state the problem and what the COMPUTER is doing.


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Wednesday, September 28, 2011 12:05 PM
    Answerer
  • "What kind of hacker would have the unfortunate idea of coming to a Microsoft Forum to talk about a pirated copy of windows??? One with worst morals than an average hacker, I guess, or a really dumb one."

    No, you would be smart: this is where the knowledge of the inner workings of the OS can be found...guarantee that there are plenty of "hackers" hanging around here!

    "As for the security flaws, if I tell you what they are here, wouldn't it be dangerous?"

    The flaws are not hard to find: theres info all over the 'net about them. Which "flaw" are you specifically referring to, is what they want to know here.
    Dude, you talk to much and say too little...you don't need hacker knowledge to protect your OS. A child can do that, with common sense and easily available security tools.
    These folks here are volunteers and are gracious enough to donate their time and energy to helping people out....don't make their task more difficult and don't waste time with movie reviews or nonsense....


    • Edited by TrailbossMCT Wednesday, September 28, 2011 1:00 PM
    Wednesday, September 28, 2011 12:59 PM
  • The flaw: It is possible to have complete access to every and any file in a Windows installation through Linux. It is possible to open, change, copy or erase them. That includes files of users protected by a password and all system files too. It is not even necessary to install Linux. All that is needed is a bootable cd, dvd or pen drive with a "Live" installation.

     

    Now that that's dealt with, the issue... again.

     

    I have a legal license of windows 7.

    I cannot keep it in genuine mode.

    This happens because the “Software Protection” service keeps stopping.

    Apparently, from what I learned here, it is because some of the system files have been unlawfully tampered with.

    I don't know how that happened.

    I don't want to have to reinstall windows.

    I have followed the instructions someone was kind enough to share with me.

    They haven't worked.

    Can something more be done?

    This is the problem. I am grateful for your help.

     

    The MGAD result is as follows:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *
    Windows Product Key Hash: *
    Windows Product ID: 00371-838-0021684-85633
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {64656892-CF7A-4E77-9342-6437BA81CE60}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{64656892-CF7A-4E77-9342-6437BA81CE60}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-JW3D7</PKey><PID>00371-838-0021684-85633</PID><PIDType>5</PIDType><SID>S-1-5-21-522580915-4095957632-3693996501</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite P300</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V3.00   </Version><SMBIOSVersion major="2" minor="5"/><Date>20090305000000.000000+000</Date></BIOS><HWID>B6BB3607018400F8</HWID><UserLCID>0816</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSQCI</OEMID><OEMTableID>TOSQCI00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-838-002168-00-2070-7600.0000-2632011
    Installation ID: 006936067352758052352552771931828006386672684250095495
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: JW3D7
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 26-09-2011 10:39:07

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: MgAAAAEAAgABAAEAAQACAAAAAgABAAEAeqgWKtqPWgl6fzR3BiumsJqIVAWw4tZGRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            INTEL         CRESTLNE
      FACP            T0SQCI        TOSQCI00
      HPET            TOSQCI        TOSQCI00
      BOOT            PTLTD         $SBFTBL$
      MCFG            TOSQCI        TOSQCI00
      APIC            INTEL         CRESTLNE
      SLIC            TOSQCI        TOSQCI00
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci

    • Edited by ArkAlbus Wednesday, September 28, 2011 5:49 PM
    Wednesday, September 28, 2011 5:48 PM
  • Have you tried a clean start?  If not, do a clean start (the link is to an automated KB) and run the MGADiag report again.

    http://support.microsoft.com/kb/331796

    The objective here is to isolate the cause to Microsoft software and eliminate third party apps and services.  Please note that the label "tampered file" in your report does not imply "hacked".  It can be a registry problem, etc.  This error profile sometimes appears as the result of using registry cleaners.

    If the problem does not appear in clean start mode, then re-enable programs until the problem reappears.  That will identify the culprit.  It may be an antimalware suite.  Clean start mode does not just disable AV, it shuts it down.  That is part of the troubleshooting process.

    If the problem appears in clean start mode then you may need to do an upgrade in place to correct it. 

    Disconnect any unneccessary hardware while perfoming an upgrade in place.


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

    Wednesday, September 28, 2011 6:49 PM
    Answerer
  • "The flaw: It is possible to have complete access to every and any file in a Windows installation through Linux. It is possible to open, change, copy or erase them. That includes files of users protected by a password and all system files too. It is not even necessary to install Linux. All that is needed is a bootable cd, dvd or pen drive with a "Live" installation."

     

    That's it? Dude...last time I heard about that flaw I fell off my dinosaur.....it's an old one, for sure.

    Wednesday, September 28, 2011 7:06 PM
  • "TrailbossMCT" wrote in message news:36677657-603c-486f-80f8-3445a225a861...

    "The flaw: It is possible to have complete access to every and any file in a Windows installation through Linux. It is possible to open, change, copy or erase them. That includes files of users protected by a password and all system files too. It is not even necessary to install Linux. All that is needed is a bootable cd, dvd or pen drive with a "Live" installation."

     

    That's it? Dude...last time I heard about that flaw I fell off my dinosaur.....it's an old one, for sure.

     
     
    It’s not a flaw – it’s simply a fact of life. You can do exactly the same thing in ANY operating system that doesn’t encrypt its files.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, September 29, 2011 6:47 AM
    Moderator
  • When I first mentioned the "flaw", I said it was, obviously,  known. I also said I am convinced Microsoft is working on it. Also, I didn't want to say it because many people who share PCs with other people don't know the first thing about Linux and have absolutely no idea that this is possible. If they read this here, anyone of them with the wrong intentions would obviously try to learn how to disrespect the privacy of the other users.

     

    As for what I'm going to do. My only solution is to do as someone has indicated: re-install everything. I knew this would solve the problem, obviously, but I wanted to avoid it. That's why I came here.

     

    I want to thank those who were helpful and apologize for the trouble I caused. You gave me good hints and I really thought they would work... anyway, thank you very much for the effort. I didn't want to come over too weird, but that's just the way I am. Sorry.

     

    Now... off to do everything from scratch...

    Friday, September 30, 2011 9:20 PM