locked
Windows 7 no longer genuine RRS feed

  • Question

  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-PDQGF-3XMJF-YDPH3
    Windows Product Key Hash: BCSr/xA+ss0Ijz7SSEGTTIP7960=
    Windows Product ID: 00371-OEM-9044362-83453
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {FDF74BDF-EAA4-40DD-8B77-8F72C126EF66}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{FDF74BDF-EAA4-40DD-8B77-8F72C126EF66}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-YDPH3</PKey><PID>00371-OEM-9044362-83453</PID><PIDType>3</PIDType><SID>S-1-5-21-1324213384-4164270902-2285308152</SID><SYSTEM><Manufacturer>OEM</Manufacturer><Model>OEM</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="5"/><Date>20100608000000.000000+000</Date></BIOS><HWID>60B90600010000FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1333, 5) (null): The data is invalid.

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C532
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 1:18:2011 17:38
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    N/A, hr = 0x8007000d

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            IntelR        AWRDACPI
      FACP            IntelR        AWRDACPI
      HPET            IntelR        AWRDACPI
      MCFG            IntelR        AWRDACPI
      HJKL            IntelR        AWRDACPI
      ZXCV            IntelR        AWRDACPI
      SSDT            INTEL        PPM RCM


    Wednesday, January 19, 2011 12:33 AM

Answers

  • The issue I am seeing is that there is a problem with your Windows 7's Software Protection Platform service.  I know this from the line in your Diagnostic Report:  Tampered Service: sppsvc

     

    Here is what I have regarding Tampered Services:

    CAVEAT: I have Not seen a large number of Tampered Services with Windows 7 so I still have a limited understanding of then.  I believe it's the same as an issue seen sometimes in Vista but just with a different name, however, I have not yet been able to confirm this. The below description of a Tampered Service is based on my experience with that similar/same issue in Vista.

    Background info: There are system files that when they are Run they spawn a Service (usually with the same name as the file that spawned it). In your case, the services sppsvc is a Services being modified in system memory, but the file sppsvc.exe is not modified since this file is not listed as a Tampered File.

      A Tampered Service is when a Service which is running is system memory is actively being shimmed or hooked into (Modified) in an unsupported way. This is an Active tamper meaning the tamper can only occur while something is making it occur. That 'something' is another program.  That program could be a legitimate program that happens to be doing something in a way that Windows 7 does not allow. Or it could be Malware.

     The resolution for this issue tends to be difficult because a) it involves you tracking down the offending program and b) there is very little I can do to help (none of my tools can tell what program is causing the tamper). 

     A few hints and suggestions I can provide: Run Anti-virus scans. Preferably multiple times using different software.  Think back to when the issue first started, did you install any software within three (or so) days before the issue occurred? Do you have any freeware/sharware software that may not be of the highest quality?  Confirm all your software is Windows 7 compatible and/or has been upgraded to a compatible version. and so on.

     

    Lastly, I also suggest trying the below steps.  The steps have been known to resolve a Tampered File, but I am just not sure if they will as effective for a Tampered Service. The steps will not make the issue any worse. 

    a. System Scan. The scan will look for bad Windows files and will attempt to repair them, if possible.

    1) Click the Start Button
    2) Type: cmd.exe
    3) Right-click the cmd.exe file and select 'Run as Administrator'
    4) In the CMD window, type: sfc /scannow
    5) Reboot and see if that resolves the issue.


    b. Repairing Windows using System Restore:

    1) Click the Start button
    2) In the Start Search field, type: System Restore and hit “Enter”
    3) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
    4) Click the "Next" button.
    5) Reboot and see if that resolves the issue.


    If you were unable to resolve the issue using the suggestions I provided above and if neither of these sets of steps resolves the issue, my only other suggestions would be to contact Microsoft Assisted Support as one of the below URLs for further assistance.

     North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4

    Outside North America:
    http://support.microsoft.com/contactus/?ws=support#tab0

     

    Thank you,


    Darin MS
    • Marked as answer by Darin Smith MS Thursday, January 20, 2011 10:18 PM
    Thursday, January 20, 2011 10:18 PM

All replies

  • "Brian4183" wrote in message news:ab592b1a-e282-493a-ae01-fb56b4bea080...
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-PDQGF-3XMJF-YDPH3
    Windows Product Key Hash: BCSr/xA+ss0Ijz7SSEGTTIP7960=
    Windows Product ID: 00371-OEM-9044362-83453
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7600.2.00010100.0.0.048

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1333, 5) (null): The data is invalid.

     

    Your Licensing store appears to be corrupted -
    Recreate the Licensing Store
    1) Click Start button.
    2) Type: CMD.exe into the 'Search programs and files' field
    3) Right-Click on CMD.exe and select Run as Administrator
    4) Type: net stop sppsvc   (It may ask you if you are sure, select yes)
    Note: the Software Protection service may not be running, this is ok.
    5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
    6) Type: rename tokens.dat tokens.bar
    7) Type: cd %windir%\system32
    8) Type: net start sppsvc
    9) Type: slui.exe
    10) After a couple of seconds Windows Activation dialog will appear. You may be asked to re-activate and/or re-enter your product key or Activation may occur automatically.
     
    Run MGADiag again, and post the report
     
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, January 19, 2011 1:34 AM
    Moderator
  • diff error when I went to the 8th step said error 1067 couldnt not be started

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc002001b
    Windows Product Key: *****-*****-PDQGF-3XMJF-YDPH3
    Windows Product Key Hash: BCSr/xA+ss0Ijz7SSEGTTIP7960=
    Windows Product ID: 00371-OEM-9044362-83453
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {FDF74BDF-EAA4-40DD-8B77-8F72C126EF66}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{FDF74BDF-EAA4-40DD-8B77-8F72C126EF66}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-YDPH3</PKey><PID>00371-OEM-9044362-83453</PID><PIDType>3</PIDType><SID>S-1-5-21-1324213384-4164270902-2285308152</SID><SYSTEM><Manufacturer>OEM</Manufacturer><Model>OEM</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="5"/><Date>20100608000000.000000+000</Date></BIOS><HWID>60B90600010000FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 1:18:2011 20:15
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    N/A, hr = 0x8007000d

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            IntelR        AWRDACPI
      FACP            IntelR        AWRDACPI
      HPET            IntelR        AWRDACPI
      MCFG            IntelR        AWRDACPI
      HJKL            IntelR        AWRDACPI
      ZXCV            IntelR        AWRDACPI
      SSDT            INTEL        PPM RCM


    Wednesday, January 19, 2011 1:40 AM
  • "Brian4183" wrote in message news:46971196-95c4-4fe1-8a10-d11bcaf1e8c3...

    diff error when I went to the 8th step said error 1067 couldnt not be started

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc002001b
    Windows Product Key: *****-*****-PDQGF-3XMJF-YDPH3
    Windows Product Key Hash: BCSr/xA+ss0Ijz7SSEGTTIP7960=
    Windows Product ID: 00371-OEM-9044362-83453
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7600.2.00010100.0.0.048

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Error 1067 appears to be 'unexpected termination' rather than strictly unable to start. The highlighted error simply means that the service is not running. - there's also another error relating to the sppsvc.

    In Control Panel, select Administrative Tools/Event Viewer.

    Expand Custom Views and select Administrative Events.
    Look for any error events that mention the System Protection Service, sppsvc, or event 1067.

    If found, double click that event to show the details dialog. Click the Copy Button on the lower/left corner of this dialog and paste the results in a reply here.

    (I'm hoping that this may point to a specific file/cause, which we can then deal with)

     
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, January 19, 2011 2:52 AM
    Moderator
  • Log Name:      Application
    Source:        Application Error
    Date:          1/18/2011 8:42:19 PM
    Event ID:      1000
    Task Category: (100)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      Brian-PC
    Description:
    Faulting application name: sppsvc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd93c
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x40000015
    Fault offset: 0x000000000000d705
    Faulting process id: 0x11e0
    Faulting application start time: 0x01cbb77a1b8f0503
    Faulting application path: C:\Windows\system32\sppsvc.exe
    Faulting module path: unknown
    Report Id: 597f875a-236d-11e0-bf68-001fbc029b73
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Application Error" />
        <EventID Qualifiers="0">1000</EventID>
        <Level>2</Level>
        <Task>100</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2011-01-19T01:42:19.000000000Z" />
        <EventRecordID>8942</EventRecordID>
        <Channel>Application</Channel>
        <Computer>Brian-PC</Computer>
        <Security />
      </System>
      <EventData>
        <Data>sppsvc.exe</Data>
        <Data>6.1.7600.16385</Data>
        <Data>4a5bd93c</Data>
        <Data>unknown</Data>
        <Data>0.0.0.0</Data>
        <Data>00000000</Data>
        <Data>40000015</Data>
        <Data>000000000000d705</Data>
        <Data>11e0</Data>
        <Data>01cbb77a1b8f0503</Data>
        <Data>C:\Windows\system32\sppsvc.exe</Data>
        <Data>unknown</Data>
        <Data>597f875a-236d-11e0-bf68-001fbc029b73</Data>
      </EventData>
    </Event>
    Wednesday, January 19, 2011 3:16 AM
  • "Brian4183" wrote in message news:22d39b14-2d40-4bc8-9b64-98305a87b462...
    Log Name:      Application
    Source:        Application Error
    Date:          1/18/2011 8:42:19 PM
    Event ID:      1000

    Nothing there that we didn't already know :(
    I need to sleep on it - back tomorrow/later!
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, January 19, 2011 3:37 AM
    Moderator
  • The issue I am seeing is that there is a problem with your Windows 7's Software Protection Platform service.  I know this from the line in your Diagnostic Report:  Tampered Service: sppsvc

     

    Here is what I have regarding Tampered Services:

    CAVEAT: I have Not seen a large number of Tampered Services with Windows 7 so I still have a limited understanding of then.  I believe it's the same as an issue seen sometimes in Vista but just with a different name, however, I have not yet been able to confirm this. The below description of a Tampered Service is based on my experience with that similar/same issue in Vista.

    Background info: There are system files that when they are Run they spawn a Service (usually with the same name as the file that spawned it). In your case, the services sppsvc is a Services being modified in system memory, but the file sppsvc.exe is not modified since this file is not listed as a Tampered File.

      A Tampered Service is when a Service which is running is system memory is actively being shimmed or hooked into (Modified) in an unsupported way. This is an Active tamper meaning the tamper can only occur while something is making it occur. That 'something' is another program.  That program could be a legitimate program that happens to be doing something in a way that Windows 7 does not allow. Or it could be Malware.

     The resolution for this issue tends to be difficult because a) it involves you tracking down the offending program and b) there is very little I can do to help (none of my tools can tell what program is causing the tamper). 

     A few hints and suggestions I can provide: Run Anti-virus scans. Preferably multiple times using different software.  Think back to when the issue first started, did you install any software within three (or so) days before the issue occurred? Do you have any freeware/sharware software that may not be of the highest quality?  Confirm all your software is Windows 7 compatible and/or has been upgraded to a compatible version. and so on.

     

    Lastly, I also suggest trying the below steps.  The steps have been known to resolve a Tampered File, but I am just not sure if they will as effective for a Tampered Service. The steps will not make the issue any worse. 

    a. System Scan. The scan will look for bad Windows files and will attempt to repair them, if possible.

    1) Click the Start Button
    2) Type: cmd.exe
    3) Right-click the cmd.exe file and select 'Run as Administrator'
    4) In the CMD window, type: sfc /scannow
    5) Reboot and see if that resolves the issue.


    b. Repairing Windows using System Restore:

    1) Click the Start button
    2) In the Start Search field, type: System Restore and hit “Enter”
    3) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
    4) Click the "Next" button.
    5) Reboot and see if that resolves the issue.


    If you were unable to resolve the issue using the suggestions I provided above and if neither of these sets of steps resolves the issue, my only other suggestions would be to contact Microsoft Assisted Support as one of the below URLs for further assistance.

     North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4

    Outside North America:
    http://support.microsoft.com/contactus/?ws=support#tab0

     

    Thank you,


    Darin MS
    • Marked as answer by Darin Smith MS Thursday, January 20, 2011 10:18 PM
    Thursday, January 20, 2011 10:18 PM