Remove From My Forums

Windows 7 not genuine when it is

Question
0

Sign in to vote

Yea I bought a windows 7 and it is genuine, I've had it for a year and now I am getting a message saying you may not have a genuine copy of windows.

Btw I dont use this email anymore now it's [email address redacted]

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0x8004FE21

Cached Online Validation Code: N/A, hr = 0x80070422

Windows Product Key: *****-*****-DRVCG-7P3P8-PXF3Q

Windows Product Key Hash: luzSk91IjC7FgTCg0nSFdyUyXjQ=

Windows Product ID: 00359-OEM-8882243-02783

Windows Product ID Type: 3

Windows License Type: OEM System Builder

Windows OS version: 6.1.7600.2.00010300.0.0.003

ID: {FFC3FA32-C8A6-4962-9CCA-8E0B6F835B69}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Home Premium

Architecture: 0x00000009

Build lab: 7600.win7_gdr.100618-1621

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Users\Cody Sparks\AppData\Local\Google\Chrome\Application\chrome.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{FFC3FA32-C8A6-4962-9CCA-8E0B6F835B69}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PXF3Q</PKey><PID>00359-OEM-8882243-02783</PID><PIDType>3</PIDType><SID>S-1-5-21-128752282-3480000571-3337489296</SID><SYSTEM><Manufacturer>Compaq-Presario</Manufacturer><Model>NY562AA-ABA CQ5111F</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>5.24</Version><SMBIOSVersion major="2" minor="5"/><Date>20090619000000.000000+000</Date></BIOS><HWID>9D963F07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070422' to display the error text.

Error: 0x80070422

Windows Activation Technologies-->

HrOffline: 0x8004FE21

HrOnline: N/A

HealthStatus: 0x0003000000000000

Event Time Stamp: 7:21:2010 01:39

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

Tampered Service: sppsvc

Tampered Service: sppuinotify

HWID Data-->

HWID Hash Current: NAAAAAEAAgABAAEAAAAFAAAAAQABAAEA6GGEjDrhqnbAEojOBhyaiFa+CAU9bT31mCBGyg==

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20001

OEMID and OEMTableID Consistent: yes

BIOS Information:

  ACPI Table Name OEMID ValueOEMTableID Value

  APIC HPQOEMSLIC-CPC

  FACP HPQOEMSLIC-CPC

  HPET HPQOEMSLIC-CPC

  MCFG HPQOEMSLIC-CPC

  SLIC HPQOEMSLIC-CPC

  SSDT PmRefCpuPm

Sunday, October 3, 2010 12:24 PM

Answers

0

Sign in to vote
You have two tamepered services. I found this advice from Darin Smith, I will paste it below but basicly something is affecting the way these services load into memory, it could be a legitimate program or it could be malware. I suggest you download and run malwarebytes, also www.bleepingcomputer.com has a forum specificly for suspected malware infections, that could be a good resource for you.

Also, you can start a WGA support issue at the following address if you still have problems getting this resolved. http://support.microsoft.com/gp/contactwga

But first, try the below (provided by Darin Smith to someone with a slightly different problem than yours), I suggest you go ahead and try the SFC /SCANNOW even though you do not reflect a tampered file in your report then move on to the rest of the advice given, if it fails then see the link above for support. Don't forget the bleeping computer link if it turns out your computer is infected, those guys really know what they are doing.

Tampered File:

A Tampered File means the file in question were either modified, replaced, deleted or have become corrupt. This could be caused by malware, hardware issue, manual manipulation or deletion by one of the users of the PC or random corruption (to name just a few possible causes).

The resolution to this is to repair the file by either:

a) using the SFC /SCANNOW command,
b) doing a System Restore to a point before the issue occured,
c) replacing the file by copying the same file from another Windows 7 install (be sure the other Windows has the same installed updates as the troubled windows)
d) reinstalling windows altogeather.

Tampered Service:

CAVEAT: I have Not seen a large number of Tampered Services with Windows 7 so I still have a limited understanding of then. I believe it's the same as an issue seen in Vista but just with a different name, however, I have not yet been able to confirm that. The below description of a Tampered Service is based on my experience with that similar/same issue in Vista.

Background info: There are system files that when they are Run they spawn a Service (usually with the same name as the file that spawned it). In your case, the services sppsvc and sppuinotify are Services being modified in system memory, but the files sppsvc.exe and sppuinotify.exe are unmodified since those files are not listed as Tampered Files.

A Tampered Service is when a Service which is running is system memory is activly being shimmed or hooked into (Modified) in an unsupported way. This is an Active tamper meaning the tamper can only occure while something is making it occure. That 'something' is another program. That program could be llagitimate program that happens to be doing something in a way that Windows 7 does not allow. Or it could be Malware.

The resolution for this issue tends to be difficult because a) it involves you tracking down the offending program and b) there is very little I can do to help (none of my tools can tell what program is causing the tamper).

A few hints and suggestions I can provide: Run Anti-virus scans. Preferably multple times using different software. Think back to when the issue first started, did you install any software within three day before the issue occured? Do you have any freeware/sharware software that may not be of the highest quality? Confirm all your software is Windows 7 compatible and/or has been upgraded to a compatible version. and so on.
- Proposed as answer by David. FModerator Monday, October 4, 2010 7:42 PM
- Marked as answer by Darin Smith MS Wednesday, October 6, 2010 10:12 PM
Sunday, October 3, 2010 1:46 PM

All replies

0

Sign in to vote
You have two tamepered services. I found this advice from Darin Smith, I will paste it below but basicly something is affecting the way these services load into memory, it could be a legitimate program or it could be malware. I suggest you download and run malwarebytes, also www.bleepingcomputer.com has a forum specificly for suspected malware infections, that could be a good resource for you.

Also, you can start a WGA support issue at the following address if you still have problems getting this resolved. http://support.microsoft.com/gp/contactwga

But first, try the below (provided by Darin Smith to someone with a slightly different problem than yours), I suggest you go ahead and try the SFC /SCANNOW even though you do not reflect a tampered file in your report then move on to the rest of the advice given, if it fails then see the link above for support. Don't forget the bleeping computer link if it turns out your computer is infected, those guys really know what they are doing.

Tampered File:

A Tampered File means the file in question were either modified, replaced, deleted or have become corrupt. This could be caused by malware, hardware issue, manual manipulation or deletion by one of the users of the PC or random corruption (to name just a few possible causes).

The resolution to this is to repair the file by either:

a) using the SFC /SCANNOW command,
b) doing a System Restore to a point before the issue occured,
c) replacing the file by copying the same file from another Windows 7 install (be sure the other Windows has the same installed updates as the troubled windows)
d) reinstalling windows altogeather.

Tampered Service:

CAVEAT: I have Not seen a large number of Tampered Services with Windows 7 so I still have a limited understanding of then. I believe it's the same as an issue seen in Vista but just with a different name, however, I have not yet been able to confirm that. The below description of a Tampered Service is based on my experience with that similar/same issue in Vista.

Background info: There are system files that when they are Run they spawn a Service (usually with the same name as the file that spawned it). In your case, the services sppsvc and sppuinotify are Services being modified in system memory, but the files sppsvc.exe and sppuinotify.exe are unmodified since those files are not listed as Tampered Files.

A Tampered Service is when a Service which is running is system memory is activly being shimmed or hooked into (Modified) in an unsupported way. This is an Active tamper meaning the tamper can only occure while something is making it occure. That 'something' is another program. That program could be llagitimate program that happens to be doing something in a way that Windows 7 does not allow. Or it could be Malware.

The resolution for this issue tends to be difficult because a) it involves you tracking down the offending program and b) there is very little I can do to help (none of my tools can tell what program is causing the tamper).

A few hints and suggestions I can provide: Run Anti-virus scans. Preferably multple times using different software. Think back to when the issue first started, did you install any software within three day before the issue occured? Do you have any freeware/sharware software that may not be of the highest quality? Confirm all your software is Windows 7 compatible and/or has been upgraded to a compatible version. and so on.
- Proposed as answer by David. FModerator Monday, October 4, 2010 7:42 PM
- Marked as answer by Darin Smith MS Wednesday, October 6, 2010 10:12 PM
Sunday, October 3, 2010 1:46 PM
0

Sign in to vote

Thank you :)

Sunday, October 3, 2010 1:48 PM

Answered by:

Windows 7 not genuine when it is

Question

Answers

All replies