locked
Getting "This copy of Windows is not Genuine" Windows 7, Build 7601 RRS feed

  • Question

  • Brand new Gateway computer from Newegg 3 years ago.  Came with Windows 7 preinstalled.  Has only now just started saying "This computer is not running genuine windows".

    I am sure that it is genuine.  Can you please help me sort out what is wrong?

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE21

    Cached Online Validation Code: N/A, hr = 0xc0000022

    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7

    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=

    Windows Product ID: 00359-OEM-8992687-00006

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.1.7601.2.00010300.1.0.003

    ID: {3E7E587E-DCE9-40E2-8231-696F9085E07A}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Home Premium

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.130828-1532

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

     

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

     

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Professional Edition 2003 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{3E7E587E-DCE9-40E2-8231-696F9085E07A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3397545558-79959989-2965987307</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>DX4840</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P01-A3        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100517000000.000000+000</Date></BIOS><HWID>B7A93907018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>AEA39EB15F9DD9A</Val><Hash>wnxivkYqIg+9YpbFJOH09sO7iNs=</Hash><Pid>70145-717-1270137-57890</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults> 

     

    Spsys.log Content: 0x80070002

     

    Licensing Data-->

    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.

    Error: 0x80070426

     

    Windows Activation Technologies-->

    HrOffline: 0x8004FE21

    HrOnline: N/A

    HealthStatus: 0x0001000000000000

    Event Time Stamp: 3:12:2014 06:09

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered Service: sppsvc

     

     

    HWID Data-->

    HWID Hash Current: KgAAAAEAAQABAAEAAAABAAAAAQABAAEAln2CtbzFioUoonLx2jRIGlxd

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name    OEMID Value            OEMTableID Value

      APIC                         ACRSYS                    APIC1139

      FACP                                    ACRSYS                    FACP1139

      HPET                                    ACRSYS                    OEMHPET

      MCFG                                   ACRSYS                    OEMMCFG

      SLIC                         ACRSYS                    ACRPRDCT

      OEMB                                  ACRSYS                    OEMB1139

      ASF!                         LEGEND                    I865PASF

      AWMI                                  ACRSYS                    OEMB1139

      SSDT                                    DpgPmm                     CpuPm

    Wednesday, March 19, 2014 10:52 PM

Answers

  • Still the same - we'll have to get 'down and dirty' in the registry. :(

    Open Regedit and navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR Key

    Export it to a reg file for safety!

    Right-click on the key name, and Select Permissions,

    Click on Advanced, then the Owner tab

    Make sure that Administrators is the owner, and put a tick in the 'Replace owner...' box at the bottom

    Click OK once

    add Administrators to the 'Groups or Usernames' list, and give them Full permissions

    CLICK OK

    Now move to the 0000 subkey

    Double-click on the ConfigFlags entry

    Change the data value to 400 (make sure that the radio-button is in 'Hexadecimal') and click OK

    Exit Regedit, and reboot.

    Post a new MGADiag report


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, April 3, 2014 1:38 PM
    Moderator

All replies

  • Please run the following commands, and post the results.reg query

    REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC

     They may show something

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, March 20, 2014 5:15 PM
    Moderator
  • Hello Noel,

    Thank you for taking the time to reply.

    I followed your instructions, ran the commands, and posted the results below.

    For some reason, the last 2 commands returned an error "unable to find...".

    When you have an opportunity, let me know what you suggest.

    Thank you so much!

    Tim Phillips

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
        DisplayName    REG_SZ    Security Processor Loader Driver
        ErrorControl    REG_DWORD    0x3
        Start    REG_DWORD    0x0
        Type    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
        0    REG_SZ    Root\LEGACY_SPLDR\0000
        Count    REG_DWORD    0x1
        NextInstance    REG_DWORD    0x1


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
    DR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x401
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLS
    VC
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPP
    SVC
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>

    Sunday, March 30, 2014 6:07 PM
  • The error in the last 2 commands is expected - they are there to catch a variety of rootkit if present.

        ConfigFlags    REG_DWORD    0x401

    is the source of your problem - the value should be 0x400

    This error is typical of having had Norton installed, and uninstalling it without also running the Norton Removal Tool.

    Let's run the tool now and see if it clears the error.

    (If you still have Norton installed, please uninstall it first, then run the fix below, and reinstall it afterwards)

    Download the Norton Removal Tool from here https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

    Close all other programs, then run the tool. When it's complete, reboot the machine  whether it asks for it or not.

    After the reboot, open an Elevated Command Prompt, and run the following command

    NETSH WINSOCK RESET

    You'll be advised to reboot - do so.

    then post another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, March 30, 2014 6:59 PM
    Moderator
  • I followed the instructions and posted the results of the latest MGADiag report below.

    It sounds like you are on the right track with Norton Antivirus.  I vaguely recall Norton being installed on my PC as part of another program install (maybe an Adobe update?).  I tried to uninstall it through Windows.  Another symptom I am having that may be related is my antivirus product (Microsoft Security Essentials) gets the following error when I try to update the spyware definitions, “Virus and spyware definitions could not be updated.  This might be caused by a missing system file, an incorrect system setting, or a problem with a registry file.”  


    MGADiag report*******************MGADiag report

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
        DisplayName    REG_SZ    Security Processor Loader Driver
        ErrorControl    REG_DWORD    0x3
        Start    REG_DWORD    0x0
        Type    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
        0    REG_SZ    Root\LEGACY_SPLDR\0000
        Count    REG_DWORD    0x1
        NextInstance    REG_DWORD    0x1


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
    DR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x401
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLS
    VC
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPP
    SVC

    Sunday, March 30, 2014 10:54 PM
  • Still the same error :(

    We'll have to do the change manually.

    Please open an Elevated Command Prompt

    copy and paste the following commands into the window

    sc config spldr start= boot

    sc start spldr

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    copy and past the output to your reply, then reboot twice - then run the MGADiag tool again, and post the new report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, March 31, 2014 6:32 AM
    Moderator
  • Noel - Thanks again for your time.

    I followed the instructions.  There appear to be some errors.

    Here are the results... 

        Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>sc config spldr start= boot
    [SC] ChangeServiceConfig SUCCESS

    C:\Windows\system32>
    C:\Windows\system32>sc start spldr
    [SC] StartService FAILED 1058:

    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x401
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control

    MGADiag report*******************MGADiag report
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
        DisplayName    REG_SZ    Security Processor Loader Driver
        ErrorControl    REG_DWORD    0x3
        Start    REG_DWORD    0x0
        Type    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
        0    REG_SZ    Root\LEGACY_SPLDR\0000
        Count    REG_DWORD    0x1
        NextInstance    REG_DWORD    0x1

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x401
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC

    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC

    ERROR: The system was unable to find the specified registry key or value.

    Tuesday, April 1, 2014 2:31 AM
  • Looks like we'll have to do it the hard way - that didn't 'take' properly.

    See if this way works...

    Open Device Manager

    Click on View in the menu bar

    Click on Show hidden devices

    Navigate to 'Non-Plug and Play Drivers'

    Find the 'Security Processor Loader Driver' and
    right-click on it.

    Select Properties.

    In the Driver tab...

    Select Boot from the Type dropdown bar

    Click Start

    Click OK, and reboot



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Tuesday, April 1, 2014 6:34 AM
    Moderator
  • When I click start I get the following pop-up message...

    "The system encountered the following error while attempting to start the service.  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. "

    Thursday, April 3, 2014 12:23 AM
  • That's OK - and fairly common.

    Reboot, and post a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, April 3, 2014 6:19 AM
    Moderator
  • Ok... Here is another MGADiag report.

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
        DisplayName    REG_SZ    Security Processor Loader Driver
        ErrorControl    REG_DWORD    0x3
        Start    REG_DWORD    0x0
        Type    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
        0    REG_SZ    Root\LEGACY_SPLDR\0000
        Count    REG_DWORD    0x1
        NextInstance    REG_DWORD    0x1


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x401
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC
    ERROR: The system was unable to find the specified registry key or value.

    Thursday, April 3, 2014 11:14 AM
  • Still the same - we'll have to get 'down and dirty' in the registry. :(

    Open Regedit and navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR Key

    Export it to a reg file for safety!

    Right-click on the key name, and Select Permissions,

    Click on Advanced, then the Owner tab

    Make sure that Administrators is the owner, and put a tick in the 'Replace owner...' box at the bottom

    Click OK once

    add Administrators to the 'Groups or Usernames' list, and give them Full permissions

    CLICK OK

    Now move to the 0000 subkey

    Double-click on the ConfigFlags entry

    Change the data value to 400 (make sure that the radio-button is in 'Hexadecimal') and click OK

    Exit Regedit, and reboot.

    Post a new MGADiag report


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, April 3, 2014 1:38 PM
    Moderator
  • I followed your instructions.

    It looks like the ConfigFlags  REG_DWORD  0x400 change took.

    Here is my latest MGADiag report...

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
        DisplayName    REG_SZ    Security Processor Loader Driver
        ErrorControl    REG_DWORD    0x3
        Start    REG_DWORD    0x0
        Type    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
        0    REG_SZ    Root\LEGACY_SPLDR\0000
        Count    REG_DWORD    0x1
        NextInstance    REG_DWORD    0x1

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x400
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control
        ActiveService    REG_SZ    spldr

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC
    ERROR: The system was unable to find the specified registry key or value.

    Saturday, April 5, 2014 12:43 AM
  • Great!

    Now - are you still getting non-genuine notifications?
    Please post the proper MGADiag report now - as in your opening post :)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, April 5, 2014 9:15 AM
    Moderator
  • Hi Noel,

    I am not seeing the non-genuine notifications anymore!  :)

    Also, I was able to update my Microsoft Security Essentials definitions for the first time since the non-genuine notifications started.

    How does my MGADiag report look?

    Thank you so much Noel!!!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {9F6C035F-EBDD-4177-9DE6-97717E228CA0}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Edition 2003 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{9F6C035F-EBDD-4177-9DE6-97717E228CA0}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3397545558-79959989-2965987307</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>DX4840</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P01-A3        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100517000000.000000+000</Date></BIOS><HWID>B7953107018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>AEA39EB15F9DD9A</Val><Hash>wnxivkYqIg+9YpbFJOH09sO7iNs=</Hash><Pid>70145-717-1270137-57890</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800006-02-1033-7600.0000-1022010
    Installation ID: 018244431624973406370211230712053604118256855130949833
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 4/5/2014 2:49:31 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 3:31:2014 16:47
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: KgAAAAEAAQABAAEAAAABAAAAAQABAAEAln2CtbzFioUoonLx2jRIGlxd

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            ACRSYS        APIC1139
      FACP            ACRSYS        FACP1139
      HPET            ACRSYS        OEMHPET
      MCFG            ACRSYS        OEMMCFG
      SLIC            ACRSYS        ACRPRDCT
      OEMB            ACRSYS        OEMB1139
      ASF!            LEGEND        I865PASF
      AWMI            ACRSYS        OEMB1139
      SSDT            DpgPmm        CpuPm

    Saturday, April 5, 2014 6:55 PM
  • That looks fine now!

    Good luck :)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, April 5, 2014 7:30 PM
    Moderator