none
"Windows Not Genuine" message daily, but activated

    Question

  • I have one user that is getting a "Not genuine" error every day at about noon. However windows is always showing as "Activated".   I suspect this is leftover damage from a virus infection, but I cannot locate anything else wrong. SFC does not reveal any bad files. In addition, I have deleted and recreated his user profile, and tried to reactivate over the phone, which was successful, but did not stop the message.

     Here's the full MGADiag report. (sorry, I don't know how to do a "spoiler" tag on this system)

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-RCF3X-4GCFM-9M2B8
    Windows Product Key Hash: CPBe5ofBCXL0+4KMRdCwd5XKUvw=
    Windows Product ID: 00371-OEM-9045145-68830
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {78315146-99F8-465C-BD2B-CBE0F1C73A0A}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130801-1533
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{78315146-99F8-465C-BD2B-CBE0F1C73A0A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9M2B8</PKey><PID>00371-OEM-9045145-68830</PID><PIDType>3</PIDType><SID>S-1-5-21-3061702117-1192770549-3232660596</SID><SYSTEM><Manufacturer>BOXX Technologies, Inc.</Manufacturer><Model>3DBOXX W3970</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0606</Version><SMBIOSVersion major="2" minor="6"/><Date>20110624000000.000000+000</Date></BIOS><HWID>4E743D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1131, 5) (null): 0xC004F012

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 2:2:2014 17:57
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: MAAAAAEAAAABAAEAAwABAAAAAgABAAEACrZy2mRVfA+yi6yLDqfsubzioo1goy5z

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALASKA  A M I
      FACP   ALASKA  A M I
      HPET   ALASKA  A M I
      MCFG   ALASKA  A M I
      SSDT   AMICPU  PROC


    James A. Helfer | COMPUTER SYSTEMS ADMINISTRATOR WTW ARCHITECTS | PITTSBURGH PA

    Monday, February 3, 2014 9:02 PM

Answers

  •  Well, since I got the user up and running with a replacement machine, the issue has dropped a bit in priority.  I still need to locate drivers and such from the OEM, but yes, reinstallation is the plan.


    James A. Helfer | COMPUTER SYSTEMS ADMINISTRATOR WTW ARCHITECTS | PITTSBURGH PA

    Friday, February 7, 2014 4:08 PM

All replies

  • This error message is a little complex to solve - and can have a number of causes.

    Let's start by checking the file system is 'proper'...

      Please run a full CHKDSK and SFC scan....

      Click on Start > All Programs > Accessories

      Right-click on the Command Prompt entry

      Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

      At the Command prompt, type

      CHKDSK C: /R

      and hit the Enter key.

      You will be told that the drive is locked,

      and the CHKDSK will run at he next boot - hit the Y key, press Enter, and then reboot.

      The CHKDSK will take a few hours depending on the size of the drive, so be patient!

      After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) -

      then run the SFC.

      SFC -System File Checker - Instructions

      Click on Start > All Programs > Accessories

      Right-click on the Command Prompt entry

      Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

      At the Command prompt, type

      SFC /SCANNOW

      and hit the Enter key

      Wait for the scan to finish - make a note of any error messages - and then reboot.

      Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive Public folder (http://skydrive.live.com ) and post a link to it so that I can take a look.

      Post a new MGADiag report with details of any error messages encountered.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, February 3, 2014 9:42 PM
    Moderator
  •  Link to CBS.Log file  http://sdrv.ms/Lv0dHZ

      Yesterday, Windows de-activated itself. I reactivated with a MAK key from our volume license (the original install was an OEM license, it was before my first coffee and I wasn't thinking).   Activation was successful again.

      SFC and CHKDSK ran yesterday without apparent errors.

    Here is the latest MGA:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-*****-*****-KBFTM
    Windows Product Key Hash: OYbwC5zmUmo+gHSF/tT4glFhu0k=
    Windows Product ID: 55041-033-3344511-86534
    Windows Product ID Type: 6
    Windows License Type: Volume MAK
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {78315146-99F8-465C-BD2B-CBE0F1C73A0A}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130801-1533
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{78315146-99F8-465C-BD2B-CBE0F1C73A0A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-033-3344511-86534</PID><PIDType>6</PIDType><SID>S-1-5-21-3061702117-1192770549-3232660596</SID><SYSTEM><Manufacturer>BOXX Technologies, Inc.</Manufacturer><Model>3DBOXX W3970</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0606</Version><SMBIOSVersion major="2" minor="6"/><Date>20110624000000.000000+000</Date></BIOS><HWID>4E743D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
    Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 55041-00172-033-334451-03-1033-7601.0000-0352014
    Installation ID: 006054229745655766579321182902627966325684286014306072
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: KBFTM
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 2/4/2014 9:22:09 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 2:2:2014 17:57
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: MAAAAAEAAAABAAEAAwABAAAAAgABAAEACrZy2mRVfA+yi6yLDqfsubzioo1goy5z

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALASKA  A M I
      FACP   ALASKA  A M I
      HPET   ALASKA  A M I
      MCFG   ALASKA  A M I
      SSDT   AMICPU  PROC


    James A. Helfer | COMPUTER SYSTEMS ADMINISTRATOR WTW ARCHITECTS | PITTSBURGH PA

    Tuesday, February 4, 2014 2:49 PM
  • I'm quite surprised that the system was able to activate - it appears that there are a couple of full SXS assemblies missing, according to the CBS log.

    There are 140 entries similar to this one...

    	Line 45158: 2013-12-15 17:55:03, Error                 CSI    0000004d (F) [SR] Component not found: Microsoft-Windows-Security-SPP-UX, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral[gle=0x80004005]
    	Line 45159: 2013-12-15 17:55:03, Error                 CSI    0000004e@2013/12/15:22:55:03.596 (F) d:\win7sp1_gdr\base\wcp\servicingapi\cmirepair.cpp(312): Error HRESULT_FROM_WIN32(ERROR_SXS_ASSEMBLY_MISSING) originated in function Windows::ServicingAPI::CCSIRepairTransaction::LockComponent expression: HRESULT_FROM_WIN32(14081L)
    

    We may be able to fix this using the CheckSUR tool...

    Please download and save  the CheckSUR tool from http://support.microsoft.com/kb/947821

    (you'll need to look in the details for Windows 7, downloading from the Microsoft Download Center)

    Run it - The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on how much it has to do, and may exit silently - it may appear to freeze for most of that time, but be patient.

    The result is logged in the C:\Windows\Logs\CBS\CheckSUR.log file  - and an archive …\checksur.persist.log file

    Then zip the CheckSUR.log and upload it to your SkyDrive Public folder so I can take a look - post a link in your reply.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, February 4, 2014 4:21 PM
    Moderator
  •  Noel,

      I downloaded the CheckUSR tool. It ran fine on my workstation, but on the user's box with the problem I get the error "0x80096001  - A system-level error occurred while verifying trust." And, I get a similar if I try to run Windows Update.  So, I have no log files.

      I did find a long and involved series of steps on line to try and address this, but I have already taken this PC out of service and gave the user a replacement. I'm not sure how much more effort I want to put into it, seeing as now that it's on the bench  a complete reinstall could be planned easily.

     Jim

     


    James A. Helfer | COMPUTER SYSTEMS ADMINISTRATOR WTW ARCHITECTS | PITTSBURGH PA

    Tuesday, February 4, 2014 8:53 PM
  • The error code would tend to indicate a problem with one of the major dll's - something like wintrust.dll or one of the ecryption-related ones.

    I think Fixit 50202 is the best offering if you want to try and repair it. (I'll understand if you'd rather just reformat, though!)

    1. Please download the tool from the following link:

    http://go.microsoft.com/?linkid=9665683

    2. When the file download window appears, please click "Save", and
    follow the directions to save it to your computer.

    3. Locate the downloaded file and double click it to run the tool.

    4. Follow the steps in the wizard. When you are prompted, please click to check
    the box before the Aggressive option.

    5. After it is finished, please restart the computer.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, February 4, 2014 9:26 PM
    Moderator
  •  Ran the Fixit, but it had no apparent effect.  Same error from the other tool after restart.

    James A. Helfer | COMPUTER SYSTEMS ADMINISTRATOR WTW ARCHITECTS | PITTSBURGH PA

    Tuesday, February 4, 2014 9:46 PM
  • I assume that you've reimaged the machine by now? - sorry about the lack of a response!

    I suspect that is the way to go, anyhow.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, February 7, 2014 8:05 AM
    Moderator
  •  Well, since I got the user up and running with a replacement machine, the issue has dropped a bit in priority.  I still need to locate drivers and such from the OEM, but yes, reinstallation is the plan.


    James A. Helfer | COMPUTER SYSTEMS ADMINISTRATOR WTW ARCHITECTS | PITTSBURGH PA

    Friday, February 7, 2014 4:08 PM