locked
Repeated "You may be a victim of Software Counterfeiting" message RRS feed

  • Question

  • I've been using my Windows 7 Ultimate for sometime now and suddenly since the past two days the annoying popup of "You may be a victim of software couterfeiting" is blocking everything I am doing every few minutes.

    Until last year I had the MSDN Professional Complete suscription and downladed the Ultimate version from my MSDN subscription only. Not sure how that became counterfeiting all of a sudden. My Windows Activation ID and Product ID displyas as "Not Available" and after running the genuine diagnostics tool, this is what I get.

    Can someone help me?

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-XPW46-RDWTD-M6GQC
    Windows Product Key Hash: jbBzSaAE4qKWw+IOfQ7nZ6uaV4k=
    Windows Product ID: 00426-068-0559342-86189
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {424DCE42-F9A8-4384-ADAB-AF90C046B45A}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error: T:20110830011519510-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{424DCE42-F9A8-4384-ADAB-AF90C046B45A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-M6GQC</PKey><PID>00426-068-0559342-86189</PID><PIDType>5</PIDType><SID>S-1-5-21-5925239-437530507-2239966463</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio XPS 9100</Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20101021000000.000000+000</Date></BIOS><HWID>86CF3A07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>GB10   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAOUpAAAAAAAAYWECAAAAAADLqKrP02bMAWbXGpOihAOpMHzDmWxsjupIDR/VHX/HSOPdENXnnCB66U8Ey3w/UPSxMQ3jFZKXvTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHEUP5mSQFQQmqevgUD9Rss/YaoNjq2WjJOVQBP/j5xr8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:23:2012 03:40
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: QAAAAAIAAgABAAMAAAAFAAAABAABAAEACrYk27BU5oWqf2YvQsAu1M5wLFEEUEvugR7B4z31+oQ+ZXKKvkGCKA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    APIC1605
      FACP   DELL    FACP1605
      HPET   DELL    OEMHPET
      MCFG   DELL    OEMMCFG
      SLIC   DELL    GB10  
      OEMB   DELL    OEMB1605
      DMAR   AMI  OEMDMAR
      SSDT   DpgPmm  CpuPm

    Friday, August 24, 2012 4:01 PM

Answers

  • No wonder - the servce is disabled !!!!!

    There are also a couple of strange entries present which make me think of malware (or possibly an anti-virus attemptting to protect the system.

    Please open Regedit.

    Navigate to  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr

    right-click on it, and select Export - export the key to a fle on your desktop called 'spldrkey.reg'

    Now in the right pane, delete the following two data values completely

    13BEE291-9C26-4eeb-9D96-4F7D4104D5B4

    F2F44585-BC96-42ac-82B7-A7468F7EF6D4

    Change the Start value to 0

    Now exit Regedit and reboot.

    Run another MGADiag report and post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    • Marked as answer by ElangoChd Saturday, September 1, 2012 12:49 PM
    Friday, August 31, 2012 9:50 PM
    Moderator

All replies

  • Oh, and I have to mention that when I brought this computer last year, I overwrote/restored the default OS (Windows Home Premium that came with it) with the Image Backup of my windows Ultimate OS from my old Desktop. And that computer has been trashed since then. Could that be the reason? But even then why wait for more than a year to show up with this error message?

    Friday, August 24, 2012 4:06 PM
  • The problem isn't that of being counterfeit - but of being corrupted in some way.

    The rror meesages specifically mean that access is being denied to the software protection system - and that's why you are getting the notification.

    These error messages are often associated with file corruption.....

     

    Please run a full CHKDSK and SFC scan....

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

     At the Command prompt, type

     CHKDSK C: /R

     and hit the Enter key.

     

     You will be told that the drive is locked,

     and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

     The chkdsk will take a few hours depending on the size  of the drive, so be patient!

     After the CHKDSK has run, Windows should boot normally  (possibly after a second auto-reboot) - then run the SFC.

     

     SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     At the Command prompt, type

     SFC /SCANNOW

     and hit the Enter key

     

     Wait for the scan to finish - make a note of any error messages - and then reboot.

     Post an MGADiag report with details of any error messages encountered.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 24, 2012 5:27 PM
    Moderator
  • Thanks for the detailed explanation. I did as instructed. First ran CHKDSK C: /R and when it asked me to reboot, I did and it completed in about 3 hrs.

    Then, when I ran the SFC /SCANNOW option, I got the following error before 100% completion.

    C:\Windows\system32>sfc /scannow

    Beginning system scan.  This process will take some time.

    Beginning verification phase of system scan.
    Verification 100% complete.
    Windows Resource Protection found corrupt files but was unable to fix some of th
    em.
    Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
    C:\Windows\Logs\CBS\CBS.log

    C:\Windows\system32>

    Finally when I rebooted the 2nd time, I got the same "My windows is not Genuine" error message, but upon running the MGADiag, I got this diagnostics information:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-XPW46-RDWTD-M6GQC
    Windows Product Key Hash: jbBzSaAE4qKWw+IOfQ7nZ6uaV4k=
    Windows Product ID: 00426-068-0559342-86189
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {424DCE42-F9A8-4384-ADAB-AF90C046B45A}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error: T:20110830011519510-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{424DCE42-F9A8-4384-ADAB-AF90C046B45A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-M6GQC</PKey><PID>00426-068-0559342-86189</PID><PIDType>5</PIDType><SID>S-1-5-21-5925239-437530507-2239966463</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio XPS 9100</Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20101021000000.000000+000</Date></BIOS><HWID>86CF3A07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>GB10   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAOUpAAAAAAAAYWECAAAAAADLqKrP02bMAWbXGpOihAOpMHzDmWxsjupIDR/VHX/HSOPdENXnnCB66U8Ey3w/UPSxMQ3jFZKXvTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHEUP5mSQFQQmqevgUD9Rss/YaoNjq2WjJOVQBP/j5xr8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:23:2012 03:40
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: QAAAAAIAAgABAAMAAAAFAAAABAABAAEACrYk27BU5oWqf2YvQsAu1M5wLFEEUEvugR7B4z31+oQ+ZXKKvkGCKA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    APIC1605
      FACP   DELL    FACP1605
      HPET   DELL    OEMHPET
      MCFG   DELL    OEMMCFG
      SLIC   DELL    GB10  
      OEMB   DELL    OEMB1605
      DMAR   AMI  OEMDMAR
      SSDT   DpgPmm  CpuPm

    Saturday, August 25, 2012 4:34 AM
  • Please copy the C:\Windows\logs\CBS\CBS.log file to your desktop, and compress it (you can't work on the original) then upload the compressed file to your SkyDrive and post a link to it in your reply.

    Please also open an Elevated (Administrator) Command Prompt window and use the following commands....

     

    net start sppsvc

    sc qc sppsvc

    sc queryex sppsvc

    sc qprivs sppsvc

    sc qsidtype sppsvc

    sc sdshow sppsvc

     

    copy and paste the results to your response.

     

     

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Windows, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, August 25, 2012 6:41 AM
    Moderator
  • Here is the link for the Skydrive zipped file with CBS.Log: https://skydrive.live.com/redir.aspx?cid=60ec1f3a54e0a310&page=self&resid=60EC1F3A54E0A310%21525&parid=60EC1F3A54E0A310%21131&authkey=%21&Bpub=SDX.SkyDrive&Bsrc=Share

    I will post the results of the other commands shortly.

    Saturday, August 25, 2012 1:12 PM
  • Here are the results for the commands. Thanks for your help.

    C:\Windows\system32>net start sppsvc
    The Software Protection service is starting.
    The Software Protection service could not be started.

    A system error has occurred.

    System error 2 has occurred.

    The system cannot find the file specified.


    C:\Windows\system32>sc qc sppsvc
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: sppsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 2   AUTO_START  (DELAYED)
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\sppsvc.exe
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : Software Protection
            DEPENDENCIES       : RpcSs
            SERVICE_START_NAME : NT AUTHORITY\NetworkService

     

    C:\Windows\system32>sc queryex sppsvc

    SERVICE_NAME: sppsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : 2  (0x2)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 0
            FLAGS              :

     

    C:\Windows\system32>sc qprivs sppsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: sppsvc
            PRIVILEGES       : SeAuditPrivilege
                             : SeChangeNotifyPrivilege
                             : SeCreateGlobalPrivilege
                             : SeImpersonatePrivilege

     

    C:\Windows\system32>sc qsidtype sppsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: sppsvc
    SERVICE_SID_TYPE:  UNRESTRICTED

     

    C:\Windows\system32>sc sdshow sppsvc

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO
    CRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LCRP;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCW
    DWO;;;WD)

    Saturday, August 25, 2012 1:37 PM
  • System Error 2

    There are three reasons (that I know of) to get that error when trying to start that Service.

    1) The file is missing

    or

    2) The registry entry that tells Windows where to find that file is malformed (or missing altogether).

    or

    3) the system had an Activation Exploit installed prior to being updated with SP1.

    One other possibility is malware action – try using Malwarebytes Anti-Malware (www.malwarebytes.org) free version. Download it, update it, and do a full system scan (do NOT enable the real-time protection trial – it may conflict with your existing AV or malware scanners)

    Please check that the file C:\Windows\System32\sppsvc.exe exists (indications are that it does, as otherwise it should be listed as a File Mismatch under File Scan Data)

    run the following commands in an elevated command prompt window and copy and paste the ouptut to your reply

    DIR C:\Windows\System32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms

    DIR C:\Windows\SysWOW64\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Windows, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, August 25, 2012 11:36 PM
    Moderator
  • Thanks for the detailed explanation. I've installed the Malwarebytes and updated it, and did a full system scan of all my files and removed all the malwares it displayed. Also, rebooted the pc and ran the commands you've provided and here are the results below.

    C:\Windows\system32>DIR C:\Windows\System32\spp\tokens\pkeyconfig\pkeyconfig.xrm
    -ms
     Volume in drive C has no label.
     Volume Serial Number is 4C36-3F67

     Directory of C:\Windows\System32\spp\tokens\pkeyconfig

    11/20/2010  09:39 AM         1,018,920 pkeyconfig.xrm-ms
                   1 File(s)      1,018,920 bytes
                   0 Dir(s)  641,141,288,960 bytes free

    C:\Windows\system32>DIR C:\Windows\SysWOW64\spp\tokens\pkeyconfig\pkeyconfig.xrm
    -ms
     Volume in drive C has no label.
     Volume Serial Number is 4C36-3F67

     Directory of C:\Windows\SysWOW64\spp\tokens\pkeyconfig

    11/20/2010  08:33 AM         1,018,920 pkeyconfig.xrm-ms
                   1 File(s)      1,018,920 bytes
                   0 Dir(s)  641,139,912,704 bytes free

    C:\Windows\system32>

    Sunday, August 26, 2012 3:38 PM
  • Please attempt validation at www.microsoft.com/genuine/validate - it will probably fail, but may also update the MGADiag report, so please post a new one ;)

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, August 26, 2012 4:02 PM
    Moderator
  • Another update. I opened my event viewer to see the issues there and repeated I have the messages with three events, one trying to start the sppsvc and the error and then terminating.

    Please find the attached event viewer file (.evx). Is there anyway to fix these or is re-installing the OS the only option?

    https://skydrive.live.com/redir.aspx?cid=60ec1f3a54e0a310&page=browse&resid=60EC1F3A54E0A310%21131&parid=60EC1F3A54E0A310%21130&sc=Documents&authkey=%21&Bpub=SDX.SkyDrive&Bsrc=Share

    Sunday, August 26, 2012 4:05 PM
  • That error doesn't tell us anything we didn't already know :(

    It may be useful to see the complete System and Application event history - if you export both, and zip them, please upload them and I'll take a look.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, August 26, 2012 4:16 PM
    Moderator
  • And, here is the updated MGADiag report. Thanks again.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0020012
    Windows Product Key: *****-*****-XPW46-RDWTD-M6GQC
    Windows Product Key Hash: jbBzSaAE4qKWw+IOfQ7nZ6uaV4k=
    Windows Product ID: 00426-068-0559342-86189
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {424DCE42-F9A8-4384-ADAB-AF90C046B45A}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error: T:20110830011519510-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{424DCE42-F9A8-4384-ADAB-AF90C046B45A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-M6GQC</PKey><PID>00426-068-0559342-86189</PID><PIDType>5</PIDType><SID>S-1-5-21-5925239-437530507-2239966463</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio XPS 9100</Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20101021000000.000000+000</Date></BIOS><HWID>86CF3A07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>GB10   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAOUpAAAAAAAAYWECAAAAAADLqKrP02bMAWbXGpOihAOpMHzDmWxsjupIDR/VHX/HSOPdENXnnCB66U8Ey3w/UPSxMQ3jFZKXvTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHEUP5mSQFQQmqevgUD9Rss/YaoNjq2WjJOVQBP/j5xr8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:26:2012 19:01
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: QAAAAAIAAgABAAMAAAAFAAAABAABAAEACrYk27BU5oWqf2YvQsAu1M5wLFEEUEvugR7B4z31+oQ+ZXKKvkGCKA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    APIC1605
      FACP   DELL    FACP1605
      HPET   DELL    OEMHPET
      MCFG   DELL    OEMMCFG
      SLIC   DELL    GB10  
      OEMB   DELL    OEMB1605
      DMAR   AMI  OEMDMAR
      SSDT   DpgPmm  CpuPm

    Sunday, August 26, 2012 11:02 PM
  • We have a minor change in the error message - but I have no idea what the new one means!

    (so I am going to ignore it for the present)

    It's possible that a pair of critical system files have been corrupted, or locked somehow.

     

    Please reboot. Then open a Command Prompt window, and run the following command

    DIR C:\Windows\System32\7b*.* /AH

    post the results, together with  the time that you reboot, as I need to check the timestamp.



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, August 26, 2012 11:24 PM
    Moderator
  • The System Event log is stuffed with errors for Event ID 17 in Microsoft-Windows-WHEA-Logger

    This is caused either by bad drivers, or by bad hardware.

    please check the Device Manager, and see if there's any error flags on devices there.

    Please check your drivers are up-to-date on all installed hardware.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 12:01 AM
    Moderator
  • I just rebooted the pc around 1 AM EST on 08/27/2012. And here is the result of the above command

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>DIR C:\Windows\System32\7b*.* /AH
     Volume in drive C has no label.
     Volume Serial Number is 4C36-3F67

     Directory of C:\Windows\System32

    08/19/2012  01:34 PM             6,992 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0
    .C7483456-A289-439d-8115-601632D005A0
    08/30/2011  01:15 AM            14,304 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0
    .C7483456-A289-439d-8115-601632D005A0.bak
    08/19/2012  01:34 PM             6,992 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1
    .C7483456-A289-439d-8115-601632D005A0
    08/30/2011  01:15 AM            14,304 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1
    .C7483456-A289-439d-8115-601632D005A0.bak
                   4 File(s)         42,592 bytes
                   0 Dir(s)  640,553,242,624 bytes free

    C:\Windows\system32>

    Monday, August 27, 2012 5:04 AM
  • As I mentioned at the begining of this thread, this computer has the image restored from the other PC which had a PCI driver for USB 3.0 port and when I restored that image over here on this new DELL Desktop, there was a conflict with that driver with the PCI USB 3.0 port of this PC. And since then I've been getting these Event ID 17 errors and I've updated the Intel drivers numerous times, but the image had a different driver and it does not get changed to the new port in this PC and still hangs on to the old. Not sure how I could get rid of it as I don't want to re-install my OS again - which beats the who point of restoring the image from my old desktop.

    I've had numerous core-dump blue screen errors because of this. If you know a better way of fixing this once for all without re-installing the OS, I'd really appreciate that. Thanks.

    Monday, August 27, 2012 5:08 AM
  • Perhaps booting to Safe Mode, and looking in Device Manager will allow you to see the offending driver/hardware - you will also need to pick the option to 'Show hidden devices'.

    Note any with yellow triangles or red X's - post back with details on them.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 10:23 AM
    Moderator
  • I've uploaded the screen shots of the device manager in Safe Mode as well as in non-safe mode where the devices show up yellow. I have made the 'Show hidden devices' enabled as well. The image files are uploaded in the same skydrive location. I don't see anything significant there though.

    Btw, the event log still fills up with terminated/unable to start messages for the Software Proctection service with error stating that it cannot find the file. :(

    Tuesday, August 28, 2012 2:12 AM
  • Funny you should mention that - We discovered a 'new' possible cause last night....

    Please run the folowing command and post the results.

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, August 28, 2012 8:44 AM
    Moderator
  • Great. Thank you. Here are the results:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
    DR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x400
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control


    C:\Windows\system32>

    Tuesday, August 28, 2012 11:17 AM
  • Ahah! - there's an entry missing :)

    copy the content of the code box into Notepad and save the file to your desktop as 'spldrcontrol.reg'

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control]
    "ActiveService"="spldr"
    
    

    Now right-click on the saved file and select Merge.

    You'll get a couple of warnings - accept them.

    You should get a 'success message' - if not, then we'll have to mess around a bit with permissions

    reboot and post another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, August 28, 2012 11:29 AM
    Moderator
  • I am not that lucky I guess. :( After the first alert message, I got the following error.

    [Window Title]
    Registry Editor

    [Content]
    Cannot import C:\Users\CHID0\Desktop\spldrcontrol.reg: Not all data was successfully written to the registry.  Some keys are open by the system or other processes.

    [OK]

    Wednesday, August 29, 2012 12:03 AM
  • OK -we'll have to grant you permissions, then

    First, create a Restore point - just in case either of us messes up!

    Now Click on Start, and in teh Search box, type

    REGEDIT

    and hit the Enter key - accept the UAC prompt.

    You'll get teh registry editor window up, which looks very much like the Explorer window.

    Navigate to the

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\

    'folder, and expand it so you can see the Control subfolder

    right-click on the Control subfolder, and select Permissions

    Click on the Advanced button

    Clcink on the Owner tab, and put a tick in the 'Replace Owner' box, and click OK once

    Click on the Add button

    in the 'Enter the object names...' type

    Administrators

    then click the 'Check Names button, and it should expland to the full name.

    Click OK - once!

    Now highlight the new Administrators entry in the 'Group...' list

    put a tick in the 'Full Control' box by clicking on it

    Click OK

    Close Regedit

    now right-click on your .reg file, and select Merge - accept the warnings, and you should get a success message this time.

    If anything goes adrift in the process, note exactlty where, and we'll work on it.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, August 29, 2012 9:31 AM
    Moderator
  • Thanks for the help. That did it. I was able to merge the .reg file successfully. I rebooted and here is the result of the MDAG report

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-XPW46-RDWTD-M6GQC
    Windows Product Key Hash: jbBzSaAE4qKWw+IOfQ7nZ6uaV4k=
    Windows Product ID: 00426-068-0559342-86189
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {424DCE42-F9A8-4384-ADAB-AF90C046B45A}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error: T:20110830011519510-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{424DCE42-F9A8-4384-ADAB-AF90C046B45A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-M6GQC</PKey><PID>00426-068-0559342-86189</PID><PIDType>5</PIDType><SID>S-1-5-21-5925239-437530507-2239966463</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio XPS 9100</Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20101021000000.000000+000</Date></BIOS><HWID>86CF3A07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>GB10   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAOUpAAAAAAAAYWECAAAAAADLqKrP02bMAWbXGpOihAOpMHzDmWxsjupIDR/VHX/HSOPdENXnnCB66U8Ey3w/UPSxMQ3jFZKXvTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHEUP5mSQFQQmqevgUD9Rss/YaoNjq2WjJOVQBP/j5xr8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:26:2012 19:01
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: QAAAAAIAAgABAAMAAAAFAAAABAABAAEACrYk27BU5oWqf2YvQsAu1M5wLFEEUEvugR7B4z31+oQ+ZXKKvkGCKA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    APIC1605
      FACP   DELL    FACP1605
      HPET   DELL    OEMHPET
      MCFG   DELL    OEMMCFG
      SLIC   DELL    GB10  
      OEMB   DELL    OEMB1605
      DMAR   AMI  OEMDMAR
      SSDT   DpgPmm  CpuPm

    Thursday, August 30, 2012 1:05 AM
  • That seems to have got us part of the way there, at least - there's still an issue with the SPPSVC to deal with....

    There is a problem
    with your Software Protection Service - something is preventing it from
    starting on demand the way it should.

    Please use the
    following in an attempt to isolate the cause.

     

    Click on Start

    in the Search box,
    type

    SERVICES.MSC

    and hit the Enter
    key - accept the UAC prompt if you get one.

    Look in the console
    for the Software Protection service, right-click on it and select Properties.

    make sure that the
    Startup Type is set to Automatic (Delayed Start), and click Apply.

     

    Try starting the
    service now - do you get an error message? Does it start? does it almost
    immediately stop again?

    Post back with your
    results, and a new MGADiag report.

     

    If it doesn't start,
    then please do the following...

    Please open an
    Elevated (Administrator) Command Prompt window and use the following
    commands....

     

    net start sppsvc

    sc qc sppsvc

    sc queryex sppsvc

    sc qprivs sppsvc

    sc qsidtype sppsvc

    sc sdshow sppsvc

     



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, August 30, 2012 6:44 AM
    Moderator
  • I see that the service is not able to find the file repeatedly even though the file is there. This happened recently and I never used to get this error message before. The Software Protection Service was already set to Automatic (Delayed Start) and i tried starting from the window's start button and I got this error:

    ---------------------------
    Services
    ---------------------------
    Windows could not start the Software Protection service on Local Computer.

     

    Error 2: The system cannot find the file specified.

    ---------------------------
    OK  
    ---------------------------

    Here are the results of the commands you've asked me to execute.

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>net start sppsvc
    The Software Protection service is starting.
    The Software Protection service could not be started.

    A system error has occurred.

    System error 2 has occurred.

    The system cannot find the file specified.


    C:\Windows\system32>sc qc sppsvc
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: sppsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 2   AUTO_START  (DELAYED)
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\sppsvc.exe
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : Software Protection
            DEPENDENCIES       : RpcSs
            SERVICE_START_NAME : NT AUTHORITY\NetworkService

    C:\Windows\system32>sc queryex sppsvc

    SERVICE_NAME: sppsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : 2  (0x2)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 0
            FLAGS              :

    C:\Windows\system32>sc qprivs sppsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: sppsvc
            PRIVILEGES       : SeAuditPrivilege
                             : SeChangeNotifyPrivilege
                             : SeCreateGlobalPrivilege
                             : SeImpersonatePrivilege

    C:\Windows\system32>sc qsidtype sppsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: sppsvc
    SERVICE_SID_TYPE:  UNRESTRICTED

    C:\Windows\system32>sc sdshow sppsvc

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO
    CRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LCRP;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCW
    DWO;;;WD)

    C:\Windows\system32>

    Thursday, August 30, 2012 11:52 AM
  • The reason it 'can't find the file' may be nothing to do with the sppsvc.exe file itself :) - tehre are a minimum of two files it could be directly referring to, and a number of other files it could be indirectly referring to - and it may not be the actual file that's the problem, but a reference in the registry could be pointing to the wrong place :)

    Let's check the file locations and access first.

    DIR C:\Windows\sppsvc.exe /S

    ICALCS C:\Windows\sppsvc.exe /T

    SFC /SCANFILE=C:\Windows\system32\sppsvc.exe

    SFC /SCANFILE=C:\Windows\system32\en-US\sppsvc.exe.mui

    DIR C:\Windows\System32\7b*.* /AH

    run those from an Elevated Command Prompt, and post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, August 30, 2012 12:15 PM
    Moderator
  • Here are the results of those commands:

    C:\Windows\system32>DIR C:\Windows\sppsvc.exe /S
     Volume in drive C has no label.
     Volume Serial Number is 4C36-3F67

     Directory of C:\Windows\System32

    11/20/2010  09:25 AM         3,524,608 sppsvc.exe
                   1 File(s)      3,524,608 bytes

     Directory of C:\Windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad3
    64e35_6.1.7600.16385_none_7656491f3aa3f98d

    07/13/2009  09:39 PM         3,524,608 sppsvc.exe
                   1 File(s)      3,524,608 bytes

     Directory of C:\Windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad3
    64e35_6.1.7601.17514_none_78875ce737927d27

    11/20/2010  09:25 AM         3,524,608 sppsvc.exe
                   1 File(s)      3,524,608 bytes

         Total Files Listed:
                   3 File(s)     10,573,824 bytes
                   0 Dir(s)  648,687,923,200 bytes free


    C:\>icacls C:\Windows\sppsvc.exe /T
    C:\Windows\CSC\v2.0.6\*: Access is denied.
    Successfully processed 0 files; Failed processing 1 files

    C:\>SFC /SCANFILE=C:\Windows\System32\sppsvc.exe


    Windows Resource Protection did not find any integrity violations.

    C:\>
    C:\>SFC /SCANFILE=C:\Windows\System32\en-US\sppsvc.exe.mui


    Windows Resource Protection did not find any integrity violations.

    C:\>
    C:\>DIR C:\Windows\System32\7b*.* /AH
     Volume in drive C has no label.
     Volume Serial Number is 4C36-3F67

     Directory of C:\Windows\System32

    08/19/2012  01:34 PM             6,992 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0
    .C7483456-A289-439d-8115-601632D005A0
    08/30/2011  01:15 AM            14,304 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0
    .C7483456-A289-439d-8115-601632D005A0.bak
    08/19/2012  01:34 PM             6,992 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1
    .C7483456-A289-439d-8115-601632D005A0
    08/30/2011  01:15 AM            14,304 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1
    .C7483456-A289-439d-8115-601632D005A0.bak
                   4 File(s)         42,592 bytes
                   0 Dir(s)  648,673,738,752 bytes free

    Thanks! :)

    Friday, August 31, 2012 1:43 AM
  • The error in the ICACLS command is caused by your having Offline Files switched on - nothing to worry about.

    It does mean that wel'll have to test the files one string  at a time, though. Please run the following command

    ICACLS C:\Windows\System32\Sppsvc.* /T

    and post the result

    I think we may have found the problem - the MUI files appear to be missing for some reason - and the backups as well.

    Please run the following commands and simply tell us the number of files found in each case - the first will overflow the buffer anyhow and scroll off the top of the window.

    DIR C:\Windows\System32\en-US

    DIR C:\Windows\System32\en-US /AH

    DIR C:\Windows\System32\en-US /AS

    DIR C:\Windows\System32\en-US /AR

    (the last three should show File Not Found errors, while the first has 1297 entries in my machine.)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    • Marked as answer by ElangoChd Friday, August 31, 2012 11:57 AM
    • Unmarked as answer by ElangoChd Friday, August 31, 2012 11:57 AM
    • Edited by Noel D PatonModerator Friday, August 31, 2012 2:40 PM correct switch error
    Friday, August 31, 2012 10:10 AM
    Moderator
  • Looks like there is no /S option for the ICACLS.

    C:\Windows\system32>ICACLS C:\Windows\System32\Sppsvc.*
    C:\Windows\System32\sppsvc.exe NT SERVICE\TrustedInstaller:(F)
                                   BUILTIN\Administrators:(RX)
                                   NT AUTHORITY\SYSTEM:(RX)
                                   BUILTIN\Users:(RX)

    Successfully processed 1 files; Failed processing 0 files

    And, here are the number of files found for each command:

    DIR C:\Windows\System32\en-US -> 1358 Files, 3 Dirs

    C:\Windows\system32>DIR C:\Windows\System32\en-US /AH
     Volume in drive C has no label.
     Volume Serial Number is 4C36-3F67

     Directory of C:\Windows\System32\en-US

    File Not Found

    C:\Windows\System32>DIR C:\Windows\System32\en-US /AS
     Volume in drive C has no label.
     Volume Serial Number is 4C36-3F67

     Directory of C:\Windows\System32\en-US

    File Not Found

    C:\Windows\System32>DIR C:\Windows\System32\en-US /AR
     Volume in drive C has no label.
     Volume Serial Number is 4C36-3F67

     Directory of C:\Windows\System32\en-US

    File Not Found

    Friday, August 31, 2012 12:01 PM
  • you're right

    the proper switch is /T - which does the same thing as /S in DIR

    The problem is that it actually trawls in a slightly different way and it's not allowed access to the \CSC folder, so errors out.

    OK - so now we've identified the problem, we have to try and fix it.

    This means that we have to put back into the WinSXS folder the proper file variants for sppsvc.exe.mui, and then repair the system using SFC.

    I've put a zipped copy of the proper folder on my SkyDrive at https://skydrive.live.com/#cid=936736BB8FCEB92F&id=936736BB8FCEB92F%21485 called 'sppmui.zip'

    Please download it and extract it to a new folder called C:\sprepair

    Then use the following method to put the files where they need to be

    Reboot, and use F8 to access the advanced boot menu - pick Repair your Computer.

    Once you've logged in open the option for a Command Prompt.

    at the prompt type DIR C:\sprepair - if it finds the files, then great, if, not then try DIR D:\sprepair (and so on until you find it).

    Now use the following commands

     

    COPY <drive>:\sprepair\*.*  <drive>:\Windows\winsxs

    If you get a confirmattion request to replace files, accept it.

     

    Change the <drive> to the proper drive letter you found above.

    note that you MUST get those commands exactly right, or they simply will not work.

    You will be asked to confirm the replacement of any existing files - answer 'Y'

    Once you have both files in place, reboot to Windows normally

    Now run the following commands

     

    SFC /SCANFILE=C:\Windows\System32\en-US\sppsvc.exe.mui

    Hopefully, you'll get a 'fixed' message.

    now reboot again, and run another MGADiag report.

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 31, 2012 12:25 PM
    Moderator
  • I did as instructured. While copying *.* didn't work as I had to give the exact folder name which had this one file. It got copied over successfully without any overwrite warning.

    When I ran this command, I still got the same message as "No integrity violation".

    C:\Windows\system32>SFC /SCANFILE=C:\Windows\System32\en-US\sppsvc.exe.mui


    Windows Resource Protection did not find any integrity violations.

    C:\Windows\system32>

    And, here is the MGADiag Report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-XPW46-RDWTD-M6GQC
    Windows Product Key Hash: jbBzSaAE4qKWw+IOfQ7nZ6uaV4k=
    Windows Product ID: 00426-068-0559342-86189
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {424DCE42-F9A8-4384-ADAB-AF90C046B45A}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error: T:20110830011519510-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{424DCE42-F9A8-4384-ADAB-AF90C046B45A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-M6GQC</PKey><PID>00426-068-0559342-86189</PID><PIDType>5</PIDType><SID>S-1-5-21-5925239-437530507-2239966463</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio XPS 9100</Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20101021000000.000000+000</Date></BIOS><HWID>86CF3A07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>GB10   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAOUpAAAAAAAAYWECAAAAAADLqKrP02bMAWbXGpOihAOpMHzDmWxsjupIDR/VHX/HSOPdENXnnCB66U8Ey3w/UPSxMQ3jFZKXvTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHEUP5mSQFQQmqevgUD9Rss/YaoNjq2WjJOVQBP/j5xr8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:30:2012 09:04
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: QAAAAAIAAgABAAMAAAAFAAAABAABAAEACrYk27BU5oWqf2YvQsAu1M5wLFEEUEvugR7B4z31+oQ+ZXKKvkGCKA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    APIC1605
      FACP   DELL    FACP1605
      HPET   DELL    OEMHPET
      MCFG   DELL    OEMMCFG
      SLIC   DELL    GB10  
      OEMB   DELL    OEMB1605
      DMAR   AMI  OEMDMAR
      SSDT   DpgPmm  CpuPm

    Friday, August 31, 2012 1:27 PM
  • OK -  we'll manually put the file where it should be then.

    first let's check things again.... please run these and post the results

    DIR C:\Windows\System32\sppsvc.* /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    ICACLS C:\Windows\System32\en-US\sppsvc.exe.mui


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 31, 2012 2:38 PM
    Moderator
  • Thanks. Here are the results again. :)

    C:\Windows\system32>DIR C:\Windows\System32\sppsvc.* /S
     Volume in drive C has no label.
     Volume Serial Number is 4C36-3F67

     Directory of C:\Windows\System32

    11/20/2010  09:25 AM         3,524,608 sppsvc.exe
                   1 File(s)      3,524,608 bytes

     Directory of C:\Windows\System32\en-US

    07/13/2009  10:26 PM            18,944 sppsvc.exe.mui
                   1 File(s)         18,944 bytes

         Total Files Listed:
                   2 File(s)      3,543,552 bytes
                   0 Dir(s)  648,574,230,528 bytes free

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
    DR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x400
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control

    C:\Windows\system32>ICACLS C:\Windows\System32\en-US\sppsvc.exe.mui
    C:\Windows\System32\en-US\sppsvc.exe.mui NT SERVICE\TrustedInstaller:(F)
                                             BUILTIN\Administrators:(RX)
                                             NT AUTHORITY\SYSTEM:(RX)
                                             BUILTIN\Users:(RX)

    Successfully processed 1 files; Failed processing 0 files

    Friday, August 31, 2012 3:54 PM
  • It seems to have fixed the missing mui file, at least :)

    That entry is still missing from the registry, though :(

    Let's try it again ....

    copy the content of the code box into Notepad and save the file to your desktop as 'spldrcontrol2.reg'

    Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control] "ActiveService"="spldr"

    Now right-click on the saved file and select Merge.

    You'll get a couple of warnings - accept them.

    You should get a 'success message' -

    Then run

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    again and post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Friday, August 31, 2012 5:05 PM
    Moderator
  • Okay. Did all that. Here are the results.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
    DR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x400
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control
        ActiveService    REG_SZ    spldr

    Friday, August 31, 2012 5:40 PM
  • That looks OK at lreast - please reboot and post a new MGADiag report.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 31, 2012 5:56 PM
    Moderator
  • Here you go...

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-XPW46-RDWTD-M6GQC
    Windows Product Key Hash: jbBzSaAE4qKWw+IOfQ7nZ6uaV4k=
    Windows Product ID: 00426-068-0559342-86189
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {424DCE42-F9A8-4384-ADAB-AF90C046B45A}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error: T:20110830011519510-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{424DCE42-F9A8-4384-ADAB-AF90C046B45A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-M6GQC</PKey><PID>00426-068-0559342-86189</PID><PIDType>5</PIDType><SID>S-1-5-21-5925239-437530507-2239966463</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio XPS 9100</Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20101021000000.000000+000</Date></BIOS><HWID>86CF3A07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>GB10   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAOUpAAAAAAAAYWECAAAAAADLqKrP02bMAWbXGpOihAOpMHzDmWxsjupIDR/VHX/HSOPdENXnnCB66U8Ey3w/UPSxMQ3jFZKXvTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHEUP5mSQFQQmqevgUD9Rss/YaoNjq2WjJOVQBP/j5xr8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:30:2012 09:04
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: QAAAAAIAAgABAAMAAAAFAAAABAABAAEACrYk27BU5oWqf2YvQsAu1M5wLFEEUEvugR7B4z31+oQ+ZXKKvkGCKA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    APIC1605
      FACP   DELL    FACP1605
      HPET   DELL    OEMHPET
      MCFG   DELL    OEMMCFG
      SLIC   DELL    GB10  
      OEMB   DELL    OEMB1605
      DMAR   AMI  OEMDMAR
      SSDT   DpgPmm  CpuPm

    Friday, August 31, 2012 6:32 PM
  • It's *still* producing that c000022 errror! :(

    please run the query yet again - I can't help wondering if there's something wiping that entry

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

     What security fostware do you have installed?

    Do you run any registry cleaners or optimisers at all?

    Is this machine used for gaming? (some games apparently have a built-in 'optimizer' which can break various Windows functions)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 31, 2012 6:46 PM
    Moderator
  • I was wondering that because when I did the RegEdit Merge earlier again I had the permission issue and had to add the "ADministrator" once more.

    I have Kaspersky 2012 as my Anti Virus cum Spyware software. No other Registry Cleaners or anything. And this machine is never used for Gaming. As I mentioned, it was a image of another system that I restored into this new PC. And even there I had the same softwares. I do have some online backups from Crashplan running as well - monitoring my drives etc.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
    DR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x400
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control


    C:\Windows\system32>

    Friday, August 31, 2012 8:13 PM
  • Something is definitely removing that entry!

    Presumably it's happening at boot time - but it may be happening at shut-down

    Try this.

    Open MSCONFIG, and in the General tab, select 'Diagnostic Startup'. Close MSCONFIG, but do NOT reboot yet.

    Now run the reg file again so that you get another 'success' message.

    Now reboot.

    Now run the REG QUERY again - is the value still present? If so, then it's one of the startup items that's causing the problem, so go back into MSCONFOG, and enable all services, and reboot - run the REG QUERY again. If still present, then you'll have to work through the startup listing a few at a time (say 4 for argument's sake), rebooting after enabling each 'batch' of 4 until teh entry vanishes, at which point you can then isolate it down to the entry, by running the reg file again each time it disappears. When you find out which entry, post back with details and we'll see what we can see :)

    If it disappears even with only the essential services running, we'll have to assume that there's something running at shutdown that is removing the entry - and I'm not sure how to deal with that at the moment.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 31, 2012 8:33 PM
    Moderator
  • I have a nasty feeling that the entry is re-created every boot. :(

    Please run the following command and post the result.

    REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 31, 2012 9:00 PM
    Moderator
  • That may be true. :( Here are the results.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
        DisplayName    REG_SZ    Security Processor Loader Driver
        ErrorControl    REG_DWORD    0x3
        Start    REG_DWORD    0x4
        Type    REG_DWORD    0x1
        13BEE291-9C26-4eeb-9D96-4F7D4104D5B4    REG_DWORD    0x1
        F2F44585-BC96-42ac-82B7-A7468F7EF6D4    REG_SZ    20110830011519510

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
        0    REG_SZ    Root\LEGACY_SPLDR\0000
        Count    REG_DWORD    0x1
        NextInstance    REG_DWORD    0x1

    Friday, August 31, 2012 9:34 PM
  • No wonder - the servce is disabled !!!!!

    There are also a couple of strange entries present which make me think of malware (or possibly an anti-virus attemptting to protect the system.

    Please open Regedit.

    Navigate to  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr

    right-click on it, and select Export - export the key to a fle on your desktop called 'spldrkey.reg'

    Now in the right pane, delete the following two data values completely

    13BEE291-9C26-4eeb-9D96-4F7D4104D5B4

    F2F44585-BC96-42ac-82B7-A7468F7EF6D4

    Change the Start value to 0

    Now exit Regedit and reboot.

    Run another MGADiag report and post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    • Marked as answer by ElangoChd Saturday, September 1, 2012 12:49 PM
    Friday, August 31, 2012 9:50 PM
    Moderator
  • I've deleted those two entries and set the STart value to 0 and rebooted. Here is the MGADiag Report again. :)

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-XPW46-RDWTD-M6GQC
    Windows Product Key Hash: jbBzSaAE4qKWw+IOfQ7nZ6uaV4k=
    Windows Product ID: 00426-068-0559342-86189
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {424DCE42-F9A8-4384-ADAB-AF90C046B45A}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{424DCE42-F9A8-4384-ADAB-AF90C046B45A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-M6GQC</PKey><PID>00426-068-0559342-86189</PID><PIDType>5</PIDType><SID>S-1-5-21-5925239-437530507-2239966463</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio XPS 9100</Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="6"/><Date>20101021000000.000000+000</Date></BIOS><HWID>86CF3A07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>GB10   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAOUpAAAAAAAAYWECAAAAAADLqKrP02bMAWbXGpOihAOpMHzDmWxsjupIDR/VHX/HSOPdENXnnCB66U8Ey3w/UPSxMQ3jFZKXvTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHEUP5mSQFQQmqevgUD9Rss/YaoNjq2WjJOVQBP/j5xr8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: a0cde89c-3304-4157-b61c-c8ad785d1fad
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00172-068-055934-00-1033-7601.0000-2422011
    Installation ID: 001494025265370350047756216164257636587274381251491024
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: M6GQC
    License Status: Licensed
    Remaining Windows rearm count: 5
    Trusted time: 8/31/2012 10:39:10 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 8:30:2012 09:04
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: QAAAAAIAAgABAAMAAAAFAAAABAABAAEACrYk27BU5oWqf2YvQsAu1M5wLFEEUEvugR7B4z31+oQ+ZXKKvkGCKA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    APIC1605
      FACP   DELL    FACP1605
      HPET   DELL    OEMHPET
      MCFG   DELL    OEMMCFG
      SLIC   DELL    GB10  
      OEMB   DELL    OEMB1605
      DMAR   AMI  OEMDMAR
      SSDT   DpgPmm  CpuPm

    Saturday, September 1, 2012 2:39 AM
  • BINGO!

    We got there in the end :)

    I've been asking around about the two 'spurious' entires - in two responses so far, I have one system that has the exact same entry and one that doesn't have them (both systems have MSE installaed). Googling the values has brought nothing.

    Keep the backup file safe, and test the system thoroughly to see if there's anything untoward. You should probably edit the file so that the Start entry has a Zero value, in case you do have to use it.

    Your system is now showing as being activated and genuine - you shouldn't be seeing the notification any more, although the background will still be black - simply adjust that using the Personalisation options.

    Thanks for being patient while I pecked about like a headless chicken, and for being so effective a 'client' - I've learned a few things in the process. Hopefully the next person to have the problem won't have to go through such a long process!

    Good Luck.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, September 1, 2012 8:54 AM
    Moderator
  • Thank you so much for all your help! I really appreciate it. You've been patient and with me all the way. Thanks a bunch.

    As soon as I saw that the activation is now working, I checked the "My Computer" Properties and it is activated there as well. ;) Thank you again.

    I'll keep the backup file safe and secure with the StartValue of 0. I do have some occasional Core dumps with blue screen with the USB 3.0 PCIex card. Which I think I can live with and know how to work around.

    I'll mark this as answered. Thanks and enjoy your long weekend!

    Saturday, September 1, 2012 12:48 PM
  • (our long weekend was last week <g>)

    USB 3 drivers do seem to be causing a lot of problems - try updating the drivers from the manufacturer's website.

    Good luck!


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, September 1, 2012 1:08 PM
    Moderator