locked
W7 Enterprise activated but not genuine RRS feed

  • Question

  • Hi,

    I work at a large company. We image computers with W7 Enterprise, but some computers appear to be not genuine (prompt).
    In computer properties I can see Windows is activated. I already tried activation by phone.
    I ran a Diag with the following result. What should I do?

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-*****-*****-DKR39
    Windows Product Key Hash: qjz5Pk1szg7SmP8oJNfZtCqjTzs=
    Windows Product ID: 55041-007-1356956-86681
    Windows Product ID Type: 6
    Windows License Type: Volume MAK
    Windows OS version: 6.1.7601.2.00010100.1.0.004
    ID: {05261107-F175-4C1A-8270-2CA32053672A}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Enterprise
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-800d_E2AD56EA-766-2eff_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{05261107-F175-4C1A-8270-2CA32053672A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-007-1356956-86681</PID><PIDType>6</PIDType><SID>S-1-5-21-2440758865-2697248307-4036375270</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 790</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A13</Version><SMBIOSVersion major="2" minor="6"/><Date>20120402000000.000000+000</Date></BIOS><HWID>43DE3A07018400FE</HWID><UserLCID>0813</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Romance (standaardtijd)(GMT+01:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>7FFA2B463F48586</Val><Hash>qaUnopGAB4Clgamcqoy9U15mAws=</Hash><Pid>89409-707-0278981-65831</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Versie van Software Licensing-service: 6.1.7601.17514

    Naam: Windows(R) 7, Enterprise edition
    Beschrijving: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
    Activerings-id: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
    Toepassings-id55c92734-d682-4d71-983e-d6ec3f16059f
    Uitgebreide PID: 55041-00172-007-135695-03-1033-7601.0000-1592012
    Installatie-id016610461441676374411471925442822391224496803256431074
    URL van processorcertificaat: http://go.microsoft.com/fwlink/?LinkID=88338
    URL van computercertificaat: http://go.microsoft.com/fwlink/?LinkID=88339
    URL van gebruikte licentie: http://go.microsoft.com/fwlink/?LinkID=88341
    URL van productcodecertificaat: http://go.microsoft.com/fwlink/?LinkID=88340
    Gedeeltelijke productcode: DKR39
    Licentiestatus: licentie
    Resterend aantal nieuwe Windows-activeringen: 0
    Vertrouwde tijd: 19/12/2013 9:39:29

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 12:18:2013 10:02
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: LAAAAAEAAgABAAEAAAABAAAAAQABAAEA6GHMStT5iHR86a7/MjXkv8T0LnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    CBX3  
      FACP   DELL    CBX3  
      HPET   A M I    PCHHPET
      BOOT   DELL    CBX3   
      MCFG   DELL    SNDYBRDG
      TCPA     
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      DMAR   INTEL   SNB
      SLIC   DELL    CBX3  


    Marnik Van Hileghem, VB 2008 programmer

    Thursday, December 19, 2013 9:06 AM

Answers

  • Try this...

    in an Elevated Command Prompt, run the following command

    REGSVR32 WINTRUST.DLL

    You should get a 'Succeeded' popup

    Reboot twice

    Run another MGADiag report, and post the results.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    • Marked as answer by MarnikVH Friday, December 20, 2013 12:24 PM
    Thursday, December 19, 2013 4:12 PM
    Moderator
  • Aaaahhh!

    I see what the 'tamper' is, finally.

    The service is set to Auto-Start (missed that the first time around)

    It should be set to Manual/Demand

    Please open the Services.msc control panel and change the SPP Notification Service startup type accordingly.

    Reboot, then attempt validation at www.microsoft.com/genuine/validate using Internet Explorer 

    then run another MGADiag report, and post the results (with any luck you should pass).


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    • Marked as answer by MarnikVH Friday, December 20, 2013 12:23 PM
    Friday, December 20, 2013 11:58 AM
    Moderator

All replies

  • Try this...

    in an Elevated Command Prompt, run the following command

    REGSVR32 WINTRUST.DLL

    You should get a 'Succeeded' popup

    Reboot twice

    Run another MGADiag report, and post the results.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    • Marked as answer by MarnikVH Friday, December 20, 2013 12:24 PM
    Thursday, December 19, 2013 4:12 PM
    Moderator
  • Hi,

    Thanks for the answer.
    I tried the REGSVR32 WINTRUST.DLL, rebooted twice and ran the MGADiag again with the following result:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-*****-*****-DKR39
    Windows Product Key Hash: qjz5Pk1szg7SmP8oJNfZtCqjTzs=
    Windows Product ID: 55041-007-1356956-86681
    Windows Product ID Type: 6
    Windows License Type: Volume MAK
    Windows OS version: 6.1.7601.2.00010100.1.0.004
    ID: {05261107-F175-4C1A-8270-2CA32053672A}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Enterprise
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{05261107-F175-4C1A-8270-2CA32053672A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-007-1356956-86681</PID><PIDType>6</PIDType><SID>S-1-5-21-2440758865-2697248307-4036375270</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 790</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A13</Version><SMBIOSVersion major="2" minor="6"/><Date>20120402000000.000000+000</Date></BIOS><HWID>43C63707018400FE</HWID><UserLCID>0813</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Romance (standaardtijd)(GMT+01:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>7FFA2B463F48586</Val><Hash>qaUnopGAB4Clgamcqoy9U15mAws=</Hash><Pid>89409-707-0278981-65831</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Versie van Software Licensing-service: 6.1.7601.17514

    Naam: Windows(R) 7, Enterprise edition
    Beschrijving: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
    Activerings-id: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
    Toepassings-id55c92734-d682-4d71-983e-d6ec3f16059f
    Uitgebreide PID: 55041-00172-007-135695-03-1033-7601.0000-1592012
    Installatie-id016610461441676374411471925442822391224496803256431074
    URL van processorcertificaat: http://go.microsoft.com/fwlink/?LinkID=88338
    URL van computercertificaat: http://go.microsoft.com/fwlink/?LinkID=88339
    URL van gebruikte licentie: http://go.microsoft.com/fwlink/?LinkID=88341
    URL van productcodecertificaat: http://go.microsoft.com/fwlink/?LinkID=88340
    Gedeeltelijke productcode: DKR39
    Licentiestatus: licentie
    Resterend aantal nieuwe Windows-activeringen: 0
    Vertrouwde tijd: 20/12/2013 9:30:40

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0002000000000000
    Event Time Stamp: 12:18:2013 10:02
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppuinotify


    HWID Data-->
    HWID Hash Current: LAAAAAEAAgABAAEAAAABAAAAAQABAAEA6GHMStT5iHR86a7/MjXkv8T0LnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    CBX3  
      FACP   DELL    CBX3  
      HPET   A M I    PCHHPET
      BOOT   DELL    CBX3   
      MCFG   DELL    SNDYBRDG
      TCPA     
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      DMAR   INTEL   SNB
      SLIC   DELL    CBX3  


    Marnik Van Hileghem, VB 2008 programmer

    Friday, December 20, 2013 8:36 AM
  • Partway there, at least we can now see the wood for the trees :)

    There's one remaining problem...

    Tampered Service: sppuinotify

    Please open an Elevated (Administrator) Command Prompt window and use the following
    commands....

    net start sppuinotify

    sc qc sppuinotify

    sc queryex sppuinotify

    sc qprivs sppuinotify

    sc qsidtype sppuinotify

    sc sdshow sppuinotify

    Copy and paste the output to your reply

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     




    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, December 20, 2013 9:18 AM
    Moderator
  • Great, only one big sequoia in our way :)

    I did what you asked for and I had to execute the first command twice (I entered them one by one).
    This is the result:

    Microsoft Windows [versie 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. Alle rechten voorbehouden.

    C:\Windows\system32>net start sppuinotify
    De SPP Notification Service-service wordt gestart.
    Kan de SPP Notification Service-service niet starten.

    De service heeft geen fout gemeld.

    Typ NET HELPMSG 3534 voor meer hulp.


    C:\Windows\system32>net start sppuinotify
    De SPP Notification Service-service wordt gestart.
    De SPP Notification Service-service is gestart.


    C:\Windows\system32>sc qc sppuinotify
    [SC] QueryServiceConfig VOLTOOID

    SERVICE_NAME: sppuinotify
            TYPE               : 20  WIN32_SHARE_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : SPP Notification Service
            DEPENDENCIES       : EventSystem
            SERVICE_START_NAME : NT AUTHORITY\LocalService

    C:\Windows\system32>sc queryex sppuinotify

    SERVICE_NAME: sppuinotify
            TYPE               : 20  WIN32_SHARE_PROCESS
            STATE              : 4  RUNNING
                                    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 428
            FLAGS              :

    C:\Windows\system32>sc qprivs sppuinotify
    [SC] QueryServiceConfig2 VOLTOOID

    SERVICE_NAME: sppuinotify
            BEVOEGDHEDEN     : SeChangeNotifyPrivilege
                             : SeImpersonatePrivilege

    C:\Windows\system32>sc qsidtype sppuinotify
    [SC] QueryServiceConfig2 VOLTOOID

    SERVICE_NAME: sppuinotify
    SERVICE_SID_TYPE:  UNRESTRICTED

    C:\Windows\system32>sc sdshow sppuinotify

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWRPWPDTLOCRRC;;;S-1-5-80-123231216-259288
    3651-3715271367-3753151631-4175906628)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CC
    LCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CR;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDR
    CWDWO;;;WD)

    C:\Windows\system32>


    Marnik Van Hileghem, VB 2008 programmer

    Friday, December 20, 2013 10:47 AM
  • That all looks normal - including the initial failure to start :)

    Maybe we need to take a look at the actual registry key...

    Run the following command, and post the output..

    REG QUERY HKLM\System\CurrentControlSet\Services\sppuinotify /S

    If you look at the key in regedit - what permissions does it have?

    it should be

    CREATOR OWNER = Special (inherited)

    System = Full/Read (inherited)

    Administrators = Full/Read (inherited)

    Users = Read (inherited)

    All inherited from MACHINE/SYSTEM -

    All except CREATOR OWNER propagate down to subkeys


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, December 20, 2013 11:16 AM
    Moderator
  • Thanks again for the replies!
    The permissions are exactly like u told me. I suppose the last CREATOR OWNER is fine too?

    After running the REG QUERY in elevated cmd I get the following result:

    Microsoft Windows [versie 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. Alle rechten voorbehouden.

    C:\Windows\system32>REG QUERY HKLM\System\CurrentControlSet\Services\sppuinotify
     /S

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sppuinotify
        DisplayName    REG_SZ    SPP Notification Service
        ImagePath    REG_EXPAND_SZ    %SystemRoot%\system32\svchost.exe -k LocalServ
    ice
        Description    REG_SZ    @%SystemRoot%\system32\sppuinotify.dll,-102
        ObjectName    REG_SZ    NT AUTHORITY\LocalService
        ErrorControl    REG_DWORD    0x1
        Start    REG_DWORD    0x2
        Type    REG_DWORD    0x20
        DependOnService    REG_MULTI_SZ    EventSystem
        ServiceSidType    REG_DWORD    0x1
        RequiredPrivileges    REG_MULTI_SZ    SeChangeNotifyPrivilege\0SeImpersonate
    Privilege
        FailureActions    REG_BINARY    80510100000000000000000003000000140000000100
    0000E093040001000000E09304000000000000000000

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sppuinotify\Parameters
        ServiceDll    REG_EXPAND_SZ    %SystemRoot%\system32\sppuinotify.dll
        ServiceDllUnloadOnStop    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sppuinotify\Security
        Security    REG_BINARY    01001480C8000000D4000000140000003000000002001C0001
    00000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001
    010000000000051200000000002800FD010200010600000000000550000000F05B5807C3438C9AC7
    8A72DD8F8CB4DF4447E7F800001800FF010F0001020000000000052000000020020000000014008D
    010200010100000000000504000000000014008D0102000101000000000005060000000000140000
    01000001010000000000050B000000010100000000000512000000010100000000000512000000


    C:\Windows\system32>


    Marnik Van Hileghem, VB 2008 programmer

    Friday, December 20, 2013 11:42 AM
  • Aaaahhh!

    I see what the 'tamper' is, finally.

    The service is set to Auto-Start (missed that the first time around)

    It should be set to Manual/Demand

    Please open the Services.msc control panel and change the SPP Notification Service startup type accordingly.

    Reboot, then attempt validation at www.microsoft.com/genuine/validate using Internet Explorer 

    then run another MGADiag report, and post the results (with any luck you should pass).


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    • Marked as answer by MarnikVH Friday, December 20, 2013 12:23 PM
    Friday, December 20, 2013 11:58 AM
    Moderator
  • Nice, It's a legitimate version now :)
    Thank you very much! The result of the Diag was good. The tamper is gone:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-*****-*****-DKR39
    Windows Product Key Hash: qjz5Pk1szg7SmP8oJNfZtCqjTzs=
    Windows Product ID: 55041-007-1356956-86681
    Windows Product ID Type: 6
    Windows License Type: Volume MAK
    Windows OS version: 6.1.7601.2.00010100.1.0.004
    ID: {05261107-F175-4C1A-8270-2CA32053672A}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Enterprise
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{05261107-F175-4C1A-8270-2CA32053672A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-007-1356956-86681</PID><PIDType>6</PIDType><SID>S-1-5-21-2440758865-2697248307-4036375270</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 790</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A13</Version><SMBIOSVersion major="2" minor="6"/><Date>20120402000000.000000+000</Date></BIOS><HWID>43C63707018400FE</HWID><UserLCID>0813</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Romance (standaardtijd)(GMT+01:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>7FFA2B463F48586</Val><Hash>qaUnopGAB4Clgamcqoy9U15mAws=</Hash><Pid>89409-707-0278981-65831</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Versie van Software Licensing-service: 6.1.7601.17514

    Naam: Windows(R) 7, Enterprise edition
    Beschrijving: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
    Activerings-id: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
    Toepassings-id55c92734-d682-4d71-983e-d6ec3f16059f
    Uitgebreide PID: 55041-00172-007-135695-03-1033-7601.0000-1592012
    Installatie-id016610461441676374411471925442822391224496803256431074
    URL van processorcertificaat: http://go.microsoft.com/fwlink/?LinkID=88338
    URL van computercertificaat: http://go.microsoft.com/fwlink/?LinkID=88339
    URL van gebruikte licentie: http://go.microsoft.com/fwlink/?LinkID=88341
    URL van productcodecertificaat: http://go.microsoft.com/fwlink/?LinkID=88340
    Gedeeltelijke productcode: DKR39
    Licentiestatus: licentie
    Resterend aantal nieuwe Windows-activeringen: 0
    Vertrouwde tijd: 20/12/2013 13:17:27

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 12:18:2013 10:02
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAEAAgABAAEAAAABAAAAAQABAAEA6GHMStT5iHR86a7/MjXkv8T0LnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    CBX3  
      FACP   DELL    CBX3  
      HPET   A M I    PCHHPET
      BOOT   DELL    CBX3   
      MCFG   DELL    SNDYBRDG
      TCPA     
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      DMAR   INTEL   SNB
      SLIC   DELL    CBX3  


    Marnik Van Hileghem, VB 2008 programmer

    Friday, December 20, 2013 12:23 PM
  • Yep! - it all looks fine now.

    Have a good Christmas!


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, December 20, 2013 1:28 PM
    Moderator
  • Thanks, you too and a happy new year! :)

    Marnik Van Hileghem, VB 2008 programmer

    Friday, December 20, 2013 2:03 PM