Windows 7 "Isn't genuine" RRS feed

  • Question

  • I've got a black screen with "Windows 7 Build 7600 This copy of Windows is not geniune" in the lower right corner. Legit copy of Windows that came installed on my desktop, have a COA with a number, etc... here's my diag - a little help please? Seems this is a known issue so why no fix?



    Diagnostic Report (1.9.0027.0):


    Windows Validation Data-->


    Validation Code: 0x8004FE21

    Cached Online Validation Code: N/A, hr = 0xc0000022

    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7

    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=

    Windows Product ID: 00359-OEM-8992687-00006

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.1.7600.2.00010300.0.0.003

    ID: {B9D0660C-595E-48AB-958E-8FF0EE719666}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Home Premium

    Architecture: 0x00000009

    Build lab: 7600.win7_gdr.100618-1621

    TTS Error: 

    Validation Diagnostic: 

    Resolution Status: N/A


    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002


    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002


    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002


    OGA Data-->

    Office Status: 109 N/A

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3


    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Users\Veruca\AppData\Local\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed


    File Scan Data-->


    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{B9D0660C-595E-48AB-958E-8FF0EE719666}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3718529835-4112857266-545812067</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>FX6840</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P01-A3        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100517000000.000000+000</Date></BIOS><HWID>D8BA3607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  


    Spsys.log Content: 0x80070002


    Licensing Data-->

    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.

    Error: 0x80070426 


    Windows Activation Technologies-->

    HrOffline: 0x8004FE21

    HrOnline: N/A

    HealthStatus: 0x0001000000000000

    Event Time Stamp: 1:16:2011 22:09

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered Service: sppsvc



    HWID Data-->



    OEM Activation 1.0 Data-->



    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information: 

      ACPI Table Name OEMID ValueOEMTableID Value









      SSDT DpgPmmCpuPm

    Monday, January 17, 2011 3:12 PM


  • Hello Hprzystas,

    The issue I am seeing is that there is a problem with your Windows 7's Software Protection Platform service.  I know this from the line in your Diagnostic Report:  Tampered Service: sppsvc

    I am not aware of any Known Issue that would cause this problem.


    Here is what I have regarding Tampered Services:

    CAVEAT: I have Not seen a large number of Tampered Services with Windows 7 so I still have a limited understanding of then.  I believe it's the same as an issue seen sometimes in Vista but just with a different name, however, I have not yet been able to confirm this. The below description of a Tampered Service is based on my experience with that similar/same issue in Vista.

    Background info: There are system files that when they are Run they spawn a Service (usually with the same name as the file that spawned it). In your case, the services sppsvc is a Services being modified in system memory, but the file sppsvc.exe is not modified since this file is not listed as a Tampered File.

      A Tampered Service is when a Service which is running is system memory is activly being shimmed or hooked into (Modified) in an unsupported way. This is an Active tamper meaning the tamper can only occure while something is making it occure. That 'something' is another program.  That program could be a legitimate program that happens to be doing something in a way that Windows 7 does not allow. Or it could be Malware.

     The resolution for this issue tends to be difficult because a) it involves you tracking down the offending program and b) there is very little I can do to help (none of my tools can tell what program is causing the tamper). 

     A few hints and suggestions I can provide: Run Anti-virus scans. Preferably multple times using different software.  Think back to when the issue first started, did you install any software within three (or so) days before the issue occured? Do you have any freeware/sharware software that may not be of the highest quality?  Confirm all your software is Windows 7 compatible and/or has been upgraded to a compatible version. and so on.


    Lastly, I also suggest trying the below steps.  The steps have been known to resolve a Tampered File, but I am just not sure if they will as effective for a Tampered Service. The steps will not make the issue any worse. 

    a. System Scan. The scan will look for bad Windows files and will attempt to repair them, if possible.

    1) Click the Start Button
    2) Type: cmd.exe
    3) Right-click the cmd.exe file and select 'Run as Administrator'
    4) In the CMD window, type: sfc /scannow
    5) Reboot and see if that resolves the issue.

    b. Repairing Windows using System Restore:

    1) Click the Start button
    2) In the Start Search field, type: System Restore and hit “Enter”
    3) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
    4) Click the "Next" button.
    5) Reboot and see if that resolves the issue.

    If you were unable to resolve the issue using the suggestions I provided above and if neither of these sets of steps resolves the issue, my only other suggestions would be either to contact Microsoft Assisted Support as one of the below URLs for further assistance.

     North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4

    Outside North America:


    Thank you,

    Darin MS
    • Marked as answer by Darin Smith MS Monday, January 17, 2011 11:59 PM
    Monday, January 17, 2011 11:59 PM