locked
Genuine Advantage Validation Fails with code 0xC8000247 RRS feed

  • Question

  • I am having identical problems to those in http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/4f22a5fd-55c8-4159-9185-72cdb8cf3580?prof=required, though my MGADiag.exe output is slightly different (i.e., my BIOS shows valid for OEM Activation 2.0 and the ACPI Table data seems OK, but my list of file mismatches and tampered files are the same).

    My symptoms are exactly as described by Janusz2 about a week ago, but I have a different PC with different drivers.  After 2 1/2 years of use (Windows 7 x64, came installed from Acer), my Aspire 1810T HD died, so I replaced it--same manufacturer (Hitachi), larger capacity and faster rpm and bigger cache.  When I restored the volume from a ShadowProtect Desktop backup, all seemed to be well, but I see three problems:

    1. Opening the system management console produces a UAC message I've never seen in this situation, asking if I wanted to allow this program from an unknown manufacturer to modify my system.  

    2. Windows Update fails, saying the service is not running (but it is). Stopping the service and restarting it has no effect, nor does turning updates off and then on.

    3. I am eventually prompted to validate my copy of Windows as genuine--but the validation fails with error code 0xc8000247.

    I've restored backups from three different dates, going back to 2010, all with identical results.  The event logs show no errors or warnings.

    I've tried setting Windows Update to never update.  Exiting, rebooting, then resetting it to notify me of available updates.  Still fails as above.

    I can find no out dated drivers anywhere, but I tried reloading the Intel SATA driver anyway.  Still no joy.

    Here is the MGADiag output--if anyone has suggestions about what drivers to reinstall (or anything else to try), I'd be very grateful.  Also, I would love to have a theory as to how and why my PC got into this state on the restore.  I have done this sort of thing before on other PCs with no problems at all.  Now I'm gun-shy about the backups!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E8FCDAC6-BF95-44C7-BD40-9078CB5B6B15}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E8FCDAC6-BF95-44C7-BD40-9078CB5B6B15}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-561943486-2399563326-3219821065</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire 1810T</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>v0.3115</Version><SMBIOSVersion major="2" minor="6"/><Date>20090814000000.000000+000</Date></BIOS><HWID>74BD0E00018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>58A3465669D1D86</Val><Hash>l38eIN1LEA2O0AGmdZiWkbxFbN4=</Hash><Pid>89388-707-2259593-65032</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800006-02-1033-7600.0000-2322009
    Installation ID: 013031032931984220294105042404211946170920305552919342
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 6/4/2012 12:23:42 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 6:3:2012 19:51
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: LAAAAAAAAQABAAIAAAABAAAAAgABAAEA6GFAYig2MvnirOw+rut22gyMRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC ACRSYS ACRPRDCT
      FACP ACRSYS ACRPRDCT
      HPET ACRSYS ACRPRDCT
      BOOT ACRSYS ACRPRDCT
      MCFG ACRSYS ACRPRDCT
      DMAR       
      ASF! ACRSYS ACRPRDCT
      SLIC ACRSYS ACRPRDCT
      SSDT ACRSYS ACRPRDCT
      SSDT ACRSYS ACRPRDCT

    Monday, June 4, 2012 4:55 AM

Answers

  • "Mel Raff" wrote in message news:d8612655-fa50-4cc0-8107-4ba24b822b10...

    I am having identical problems to those in http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/4f22a5fd-55c8-4159-9185-72cdb8cf3580?prof=required, though my MGADiag.exe output is slightly different (i.e., my BIOS shows valid for OEM Activation 2.0 and the ACPI Table data seems OK, but my list of file mismatches and tampered files are the same).

    My symptoms are exactly as described by Janusz2 about a week ago, but I have a different PC with different drivers.  After 2 1/2 years of use (Windows 7 x64, came installed from Acer), my Aspire 1810T HD died, so I replaced it--same manufacturer (Hitachi), larger capacity and faster rpm and bigger cache.  When I restored the volume from a ShadowProtect Desktop backup, all seemed to be well, but I see three problems:

    1. Opening the system management console produces a UAC message I've never seen in this situation, asking if I wanted to allow this program from an unknown manufacturer to modify my system. 

    2. Windows Update fails, saying the service is not running (but it is). Stopping the service and restarting it has no effect, nor does turning updates off and then on.

    3. I am eventually prompted to validate my copy of Windows as genuine--but the validation fails with error code 0xc8000247.

    I've restored backups from three different dates, going back to 2010, all with identical results.  The event logs show no errors or warnings.

    I've tried setting Windows Update to never update.  Exiting, rebooting, then resetting it to notify me of available updates.  Still fails as above.

    I can find no out dated drivers anywhere, but I tried reloading the Intel SATA driver anyway.  Still no joy.

    Here is the MGADiag output--if anyone has suggestions about what drivers to reinstall (or anything else to try), I'd be very grateful.  Also, I would love to have a theory as to how and why my PC got into this state on the restore.  I have done this sort of thing before on other PCs with no problems at all.  Now I'm gun-shy about the backups!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003


    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100


    Other data-->
    SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire 1810T</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>v0.3115</Version><SMBIOSVersion major="2" minor="6"/><Date>20090814000000.000000+000</Date></BIOS

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 6/4/2012 12:23:42 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 6:3:2012 19:51
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys

     
    The problem lies with the file integrity.
    This may simply be caused by a bad set of Intel Rapid Storage Technology drivers -  
     
    Installing the Intel Rapid Storage Drivers
     
    Once complete, please reboot twice, then post another MGADiag report.   
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by Mel Raff Monday, June 4, 2012 1:08 PM
    Monday, June 4, 2012 7:44 AM
    Moderator

All replies

  • "Mel Raff" wrote in message news:d8612655-fa50-4cc0-8107-4ba24b822b10...

    I am having identical problems to those in http://social.microsoft.com/Forums/en-US/genuinewindows7/thread/4f22a5fd-55c8-4159-9185-72cdb8cf3580?prof=required, though my MGADiag.exe output is slightly different (i.e., my BIOS shows valid for OEM Activation 2.0 and the ACPI Table data seems OK, but my list of file mismatches and tampered files are the same).

    My symptoms are exactly as described by Janusz2 about a week ago, but I have a different PC with different drivers.  After 2 1/2 years of use (Windows 7 x64, came installed from Acer), my Aspire 1810T HD died, so I replaced it--same manufacturer (Hitachi), larger capacity and faster rpm and bigger cache.  When I restored the volume from a ShadowProtect Desktop backup, all seemed to be well, but I see three problems:

    1. Opening the system management console produces a UAC message I've never seen in this situation, asking if I wanted to allow this program from an unknown manufacturer to modify my system. 

    2. Windows Update fails, saying the service is not running (but it is). Stopping the service and restarting it has no effect, nor does turning updates off and then on.

    3. I am eventually prompted to validate my copy of Windows as genuine--but the validation fails with error code 0xc8000247.

    I've restored backups from three different dates, going back to 2010, all with identical results.  The event logs show no errors or warnings.

    I've tried setting Windows Update to never update.  Exiting, rebooting, then resetting it to notify me of available updates.  Still fails as above.

    I can find no out dated drivers anywhere, but I tried reloading the Intel SATA driver anyway.  Still no joy.

    Here is the MGADiag output--if anyone has suggestions about what drivers to reinstall (or anything else to try), I'd be very grateful.  Also, I would love to have a theory as to how and why my PC got into this state on the restore.  I have done this sort of thing before on other PCs with no problems at all.  Now I'm gun-shy about the backups!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003


    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100


    Other data-->
    SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire 1810T</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>v0.3115</Version><SMBIOSVersion major="2" minor="6"/><Date>20090814000000.000000+000</Date></BIOS

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 6/4/2012 12:23:42 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 6:3:2012 19:51
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys

     
    The problem lies with the file integrity.
    This may simply be caused by a bad set of Intel Rapid Storage Technology drivers -  
     
    Installing the Intel Rapid Storage Drivers
     
    Once complete, please reboot twice, then post another MGADiag report.   
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by Mel Raff Monday, June 4, 2012 1:08 PM
    Monday, June 4, 2012 7:44 AM
    Moderator
  • Noel Paton, thank you for solving this problem!  The management console now starts without a UAC prompt, Windows Update seems to operate properly, and the MGADiag output now shows no mismatched or tampered files.  I am going to assume that I will no longer be prompted to validate my genuine copy of Windows--but if I am, I expect the validation to now succeed.  This has been incredibly helpful.  Thank you very, very much.

    I have two questions you might still answer, though:

    1. How do you suppose this problem was caused?  My PC worked properly all along; only after restoring the volume did the problem arise, and it did so in restoring each of three backups, taken over a time period of a year and half?

    2. How did you know I needed the Intel Rapid Storage Drivers?  I reinstalled all the Intel drivers I could find listed in Device Manager, to no avail.  I don't see the Intel Rapid Storage Drivers listed there (or referenced in the MGADiag output).

    Anyway, here's the post-install MGADiag output, and thanks again:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E8FCDAC6-BF95-44C7-BD40-9078CB5B6B15}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E8FCDAC6-BF95-44C7-BD40-9078CB5B6B15}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-561943486-2399563326-3219821065</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire 1810T</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>v0.3115</Version><SMBIOSVersion major="2" minor="6"/><Date>20090814000000.000000+000</Date></BIOS><HWID>74BD0E00018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>58A3465669D1D86</Val><Hash>l38eIN1LEA2O0AGmdZiWkbxFbN4=</Hash><Pid>89388-707-2259593-65032</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800006-02-1033-7600.0000-2322009
    Installation ID: 013031032931984220294105042404211946170920305552919342
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 6/4/2012 8:58:35 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:3:2012 19:51
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAAAAQABAAIAAAABAAAAAgABAAEA6GFAYig2MvnirOw+rut22gyMRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC ACRSYS ACRPRDCT
      FACP ACRSYS ACRPRDCT
      HPET ACRSYS ACRPRDCT
      BOOT ACRSYS ACRPRDCT
      MCFG ACRSYS ACRPRDCT
      DMAR       
      ASF! ACRSYS ACRPRDCT
      SLIC ACRSYS ACRPRDCT
      SSDT ACRSYS ACRPRDCT
      SSDT ACRSYS ACRPRDCT


    Mel Raff

    Monday, June 4, 2012 1:17 PM
  • "Mel Raff" wrote in message news:fd2f63e3-210e-4f5c-8cfc-4e7084304812...

    Noel Paton, thank you for solving this problem!  The management console now starts without a UAC prompt, Windows Update seems to operate properly, and the MGADiag output now shows no mismatched or tampered files.  I am going to assume that I will no longer be prompted to validate my genuine copy of Windows--but if I am, I expect the validation to now succeed.  This has been incredibly helpful.  Thank you very, very much.

    I have two questions you might still answer, though:

    1. How do you suppose this problem was caused?  My PC worked properly all along; only after restoring the volume did the problem arise, and it did so in restoring each of three backups, taken over a time period of a year and half?

    2. How did you know I needed the Intel Rapid Storage Drivers?  I reinstalled all the Intel drivers I could find listed in Device Manager, to no avail.  I don't see the Intel Rapid Storage Drivers listed there (or referenced in the MGADiag output).

    Anyway, here's the post-install MGADiag output, and thanks again:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E8FCDAC6-BF95-44C7-BD40-9078CB5B6B15}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E8FCDAC6-BF95-44C7-BD40-9078CB5B6B15}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-561943486-2399563326-3219821065</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire 1810T</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>v0.3115</Version><SMBIOSVersion major="2" minor="6"/><Date>20090814000000.000000+000</Date></BIOS><HWID>74BD0E00018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>58A3465669D1D86</Val><Hash>l38eIN1LEA2O0AGmdZiWkbxFbN4=</Hash><Pid>89388-707-2259593-65032</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800006-02-1033-7600.0000-2322009
    Installation ID: 013031032931984220294105042404211946170920305552919342
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7QJB7
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 6/4/2012 8:58:35 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:3:2012 19:51
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAAAAQABAAIAAAABAAAAAgABAAEA6GFAYig2MvnirOw+rut22gyMRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC ACRSYS ACRPRDCT
      FACP ACRSYS ACRPRDCT
      HPET ACRSYS ACRPRDCT
      BOOT ACRSYS ACRPRDCT
      MCFG ACRSYS ACRPRDCT
      DMAR      
      ASF! ACRSYS ACRPRDCT
      SLIC ACRSYS ACRPRDCT
      SSDT ACRSYS ACRPRDCT
      SSDT ACRSYS ACRPRDCT


    Mel Raff

     
     
    From what (little) I can understand, one of two things happened.....
     
    1) Intel produced a set of drivers that went outside of the bounds of the documented areas - and when MS updated certain files access was blocked.
    2) there may be a an access problem inherent somewhere in Windows that this update solves - because it actually resets the permissions as part of the install procedure.
     
    Until I can physically get hold of such a machine I have no chance to really work out which it is (and neither company is saying anything).
    All I really know is that around 90% of the time, the symptoms are cured by installing a proper set of drivers :)
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Monday, June 4, 2012 2:07 PM
    Moderator
  • Well, wow.  Thank you again for figuring this out and making it so easy to remedy.  Because I was working with restored volumes, I was trying everything I could find.  When they didn't work, I'd just restore again to erase any problems these remedies might have caused and to keep the issues focused and as simple as possible.  I'd been through over a dozen restores, so I was at this point conditioned to expect to see no improvement.  At this point, it's like magic.  Many thanks for the help and for the attention you've been paying to those of us wallowing in these difficulties.


    Mel Raff

    Monday, June 4, 2012 2:20 PM
  • You're very welcome!

    Just as a FWIW, I recently came across a permissions problem that has the same resulting error  - marking the Catroot2 folder as Read-Only.

    I have no idea whether there is a relationship between the two results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, June 4, 2012 3:03 PM
    Moderator