locked
Windows 7 Professional - Genuine advantage validation issues RRS feed

  • Question

  • Hello,

    I have 3 base units with an issue whereby the user gets a pop-up stating that "This computer is not running genuine Windows". In the System Properties it still states that Windows is activated. I have run the MGADiag.exe report and all 3 base units show the same tampered files within the report, see below highlighted in bold.

    I've attempted to run an "sfc /scannow" which didn't resolve the issue. Running CMD with administrative privileges and "slui.exe" then reports that Windows is genuine but upon clicking close the original issue returns.

    I must explain a couple of things first...I work in IT for a law firm, these PC's are off a "build" which has been cloned and updated continuously over the last 7 months, they all have the same licence/product key and we have more than enough licences for Windows 7. I have rolled out over 100 PC's and these are the only 3 to have popped up so far, One was reported 4 days ago and the other two was reported today.

    Any help would be appreciated,
    Thanks.

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Code: 0x8004FE21

    Cached Online Validation Code: N/A, hr = 0xc004f012

    Windows Product Key: *****-*****-788W3-H689G-6P6GT

    Windows Product Key Hash: yr8OHoeXhbT4dc6MxGYjdAStSPY=

    Windows Product ID: 00371-OEM-8992671-00008

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.1.7601.2.00010100.1.0.048

    ID: {1EA5C024-E4AA-465E-AC52-D45A0B96E1C9}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Professional

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.130828-1532

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->

    Proxy settings: 10.2.0.16:80

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{1EA5C024-E4AA-465E-AC52-D45A0B96E1C9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6P6GT</PKey><PID>00371-OEM-8992671-00008</PID><PIDType>2</PIDType><SID>S-1-5-21-4226941785-2166893151-1059449121</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq 6000 Pro SFF PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786G2 v01.09</Version><SMBIOSVersion major="2" minor="6"/><Date>20090825000000.000000+000</Date></BIOS><HWID>17EF3E07018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-BPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>11435F69EEBE586</Val><Hash>WKR0LNigjSoc49o3UZlfFPqoHP0=</Hash><Pid>89388-707-3985746-65564</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->

    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition

    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel

    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 00371-00178-926-700008-02-1033-7600.0000-2052009

    Installation ID: 013870283274281983133992319391816265028946278244432064

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

    Partial Product Key: 6P6GT

    License Status: Licensed

    Remaining Windows rearm count: 3

    Trusted time: 08/01/2014 16:24:11

    Windows Activation Technologies-->

    HrOffline: 0x8004FE21

    HrOnline: N/A

    HealthStatus: 0x000000000001EFF0

    Event Time Stamp: 1:7:2014 09:45

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\sppobjs.dll

    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui

    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui

    Tampered File: %systemroot%\system32\sppwinob.dll

    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui

    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui

    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui

    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui

    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui

    Tampered File: %systemroot%\system32\drivers\spsys.sys

    HWID Data-->

    HWID Hash Current: MgAAAAEAAwABAAMAAAABAAAAAQABAAEA6GFejZQSyOsGGtzMFveAnyIVUMk80852Rso=

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name    OEMID Value OEMTableID Value

      APIC                         COMPAQ                   EAGLLAKE

      FACP                                    COMPAQ                   EAGLLAKE

      HPET                                    COMPAQ                   EAGLLAKE

      MCFG                                   COMPAQ                   EAGLLAKE

      ASF!                          COMPAQ                   EAGLLAKE

      TCPA                                    COMPAQ                   EAGLLAKE

      SLIC                          HPQOEM                   SLIC-BPC

    Wednesday, January 8, 2014 4:53 PM

Answers

All replies

  • This may simply be caused by a bad set of Intel Rapid Storage Technology drivers -  

    Installing the Intel Rapid Storage Drivers

    try downloading and installing them from here - https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=2101&DwnldID=22194

    (you want the iata_enu.exe download)

    Once complete, please reboot twice, then post another MGADiag report.   


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    • Proposed as answer by Noel D PatonModerator Tuesday, January 14, 2014 9:44 PM
    • Marked as answer by rc_it Tuesday, January 21, 2014 12:29 PM
    Friday, January 10, 2014 11:51 PM
    Moderator
  • Morning (UK time),

    Thanks for the reply, I'll give these a go and post back today.

    Cheers.

    EDIT: It seems to have worked for one computer, validating the genuine status on Microsoft's website now works. I will now test on all the other PC's and report back later today.

    • Edited by rc_it Tuesday, January 21, 2014 11:03 AM
    Tuesday, January 21, 2014 10:18 AM
  • Glad to hear it!

    Good luck with the others :)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, January 21, 2014 12:14 PM
    Moderator
  • Glad to hear it!

    Good luck with the others :)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Okay ran it on two PC's now, after several reboots Microsoft's website now reports it as genuine. Having looked at the MGA report the Mismatched / Tampered files are now all gone (see below)

    I find it very bizzare that the issue could be caused a dodgy IRST driver, then again I've never liked Intel drivers and that especially includes there LAN drivers which are hopeless.

    Thanks for your assistance Noel Paton! :)

    ...................................................................

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Code: 0

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-788W3-H689G-6P6GT

    Windows Product Key Hash: yr8OHoeXhbT4dc6MxGYjdAStSPY=

    Windows Product ID: 00371-OEM-8992671-00008

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.1.7601.2.00010100.1.0.048

    ID: {4C6F0692-1FDB-4EA1-8000-DC7553A010A5}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Professional

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.130828-1532

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-800a_E2AD56EA-766-1f6_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->

    Proxy settings: 10.2.0.16:80

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{4C6F0692-1FDB-4EA1-8000-DC7553A010A5}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6P6GT</PKey><PID>00371-OEM-8992671-00008</PID><PIDType>2</PIDType><SID>S-1-5-21-4226941785-2166893151-1059449121</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq 6000 Pro SFF PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786G2 v01.09</Version><SMBIOSVersion major="2" minor="6"/><Date>20090825000000.000000+000</Date></BIOS><HWID>179F3B07018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-BPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>11435F69EEBE586</Val><Hash>WKR0LNigjSoc49o3UZlfFPqoHP0=</Hash><Pid>89388-707-3985746-65564</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->

    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition

    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel

    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 00371-00178-926-700008-02-1033-7600.0000-2052009

    Installation ID: 003521921755997320572664126004637246038391472466530672

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

    Partial Product Key: 6P6GT

    License Status: Licensed

    Remaining Windows rearm count: 3

    Trusted time: 21/01/2014 12:22:58

    Windows Activation Technologies-->

    HrOffline: 0x00000000

    HrOnline: 0x00000000

    HealthStatus: 0x0000000000000000

    Event Time Stamp: 1:21:2014 11:51

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    HWID Data-->

    HWID Hash Current: MgAAAAEAAwABAAMAAAABAAAAAQABAAEA6GEypBRH3MzI6wYaWHWAnyIVUMk80/hXRso=

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    COMPAQ                             EAGLLAKE

      FACP                                   COMPAQ                             EAGLLAKE

      HPET                                    COMPAQ                             EAGLLAKE

      MCFG                                 COMPAQ                             EAGLLAKE

      ASF!                                     COMPAQ                             EAGLLAKE

      TCPA                                   COMPAQ                             EAGLLAKE

      SLIC                                      HPQOEM                             SLIC-BPC

    Tuesday, January 21, 2014 12:29 PM
  • I'm not totally convinced that it's actually the drivers that are at fault - it's just that installing the drivers cures 80%+ of the cases, and most of the rest are cured by resetting the Catroot2 folder - the few outliers seem to be the result of some major corruption somewhere.

    The commonest time for these errors to appear is after cloning a drive - usually to a different drive make/size - so there's something there that isn't being properly coped with by the system until the drivers are refreshed. It may even be a bug in the Software Protection Service somewhere!

    Good luck!


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, January 21, 2014 1:04 PM
    Moderator
  • I'm not totally convinced that it's actually the drivers that are at fault - it's just that installing the drivers cures 80%+ of the cases, and most of the rest are cured by resetting the Catroot2 folder - the few outliers seem to be the result of some major corruption somewhere.

    The commonest time for these errors to appear is after cloning a drive - usually to a different drive make/size - so there's something there that isn't being properly coped with by the system until the drivers are refreshed. It may even be a bug in the Software Protection Service somewhere!

    Good luck!


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Noted.

    I've noticed that our HP6000's seem to vary slightly in spec. I tried installing the IRST driver today on my HP6000 and it said it wasn't compatible with with my system, so I guess we have a select few HP6000's out in the field which vary in spec and require the IRST driver.

    Thanks again.

    Wednesday, January 22, 2014 12:45 PM