Solved

Another Windows validation issue

Posted on 2013-06-14
30
1,130 Views
Last Modified: 2013-07-22
Hi gurus. We're having a Windows Validation issues on a Win 7 SP1 PC. It is an Acer with Windows pre-installed, so it is definitely genuine. All was fine until a month or so ago, when the warning started appearing. According to the Windows Validation Diagnostic Tool, the two problem files are:

Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui

I'll pop the whole report below. The troubleshooting I've done so far are:

- Checked Intel Storage drivers

- Checked for multiple language packs ( as per: kb2105247)

- chkdsk /r

- sfc /scannow (found problems it couldn't fix - unsure if this is related, but I can send logs if needs be)

- Compared the files sppcomapi.dll and sppcommdlg.dll with another Acer machine. (They are exactly the same ie Hex the same)

I have no idea where to go from here. Can anyone give me a hand?

Windows Diagnostic Report:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE22
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {8503B9F3-F312-4C7F-AF69-E410461DCF49}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{8503B9F3-F312-4C7F-AF69-E410461DCF49}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-4264629450-2000698978-4044012267</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton M6610G     </Model></SYSTEM><BIOS><Manufacturer>Acer      </Manufacturer><Version>P01-A4                </Version><SMBIOSVersion major="2" minor="6"/><Date>20110726000000.000000+000</Date></BIOS><HWID>89B63707018400FE</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>86C2A29D61EFF38</Val><Hash>3OlCduAq4bX4Gk8ioVnw3ZZDhpI=</Hash><Pid>81602-924-8227986-68755</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700004-02-3081-7601.0000-1652013
Installation ID: 010516782945572835530405717083197202462041113706917201
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7TP9F
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 14/06/2013 12:47:50 PM

Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000006000
Event Time Stamp: 6:10:2013 23:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui


HWID Data-->
HWID Hash Current: NgAAAAEABgABAAIAAAABAAAAAQABAAEA6GFutbLrHMpiNL7U1A5K3QI7yPqMnc5wikco8y5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
  ACPI Table Name      OEMID Value      OEMTableID Value
  APIC                  ACRSYS            ACRPRDCT
  FACP                  ACRSYS            ACRPRDCT
  HPET                  ACRSYS            ACRPRDCT
  MCFG                  ACRSYS            ACRPRDCT
  TCPA                  APTIO4            NAPAASF
  SSDT                  AMICPU            PROC
  SLIC                  ACRSYS            ACRPRDCT
  ASF!                  INTEL              HCG
0
Comment
Question by:lukerussell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 8
  • 2
  • +3
30 Comments
 
LVL 19

Expert Comment

by:strivoli
ID: 39246855
Is your system virus/malware free?
0
 
LVL 30

Expert Comment

by:ded9
ID: 39246905
The diag report show that you have a non genuine windows 7 professional key.


Update the key that you see on the windows 7 COA label...should be somewhere in the back of the system.

After updating reboot. Launch internet explorer and go to

http://www.microsoft.com/genuine/validate/

Install the addin and validate your copy ...now restart system and check.

Update key
http://windows.microsoft.com/en-IN/windows/help/genuine/product-key#T1=tab01



Ded9
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39246925
Thanks for the fast replies experts! I'll give this a go on Monday
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 24

Expert Comment

by:aadih
ID: 39247588
No, the Key is genuine (it's an ACER OEM key).

Is it possible to restore your PC to factory install using the recovery console? Or would you like to do that?
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39248322
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39252092
Thanks for the suggestions guys. Factory restore is my last resort - I'd really like to avoid this if possible.

RE the two links. I had already seen the 1st one and confirmed that the computer has the latest version of WAT

The second link is new to me, but I'm not sure what renaming  "tokens.dat" will do. I'm wiling to give it a go though...
0
 
LVL 30

Expert Comment

by:ded9
ID: 39252198
Did u try updating the key that is on the back of the computer.

After that run diag and upload the new report.




Ded9
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39252263
Hi Ded9,

No I assumed that wouldn't help because of the response by aadih ("No, the Key is genuine (it's an ACER OEM key)."

Is it still worth a try?
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39252270
Just an update,

http://www.bleepingcomputer.com/forums/t/497146/this-computer-is-not-running-genuine-windows-error/ didn't help. Windows activated successfully, but is still not showing as genuine.

I guess I'll try the product key, but I really don't think this is the issue. From what I understand, it is not a product key or activation issue.

Someone please tell me if I'm wrong, but Windows validation is different to Windows Activation. It seems that the validation tool analyses the PC to make sure no files have been tampered with. If it finds files (like in my instance) it automatically assumes that someone has replaced these files and this it is no longer a valid version of Windows.

Is this right?
0
 
LVL 30

Expert Comment

by:ded9
ID: 39252300
I cannot comment on other experts suggestion.

I will prove my point on why the copy is not genuine. In diag report check this info

Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F


Copy the product key info and put in google search. You will see the product key listed under blocked keys.


Also match the product key which is in your diag report
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F

with the one of the COA label...it will not match. Office program is genuine but not windows.



Ded9
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39252372
OK thanks, I'll give it a go. It is definitely the key that came pre-installed on the Acer computer - I did the install myself. I assume it doesn't match the key on the bottom because it is a VLK from Acer?

I'll let you know how it goes.
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39252399
Hi again,

I cannot change the product key using the instruction in link you gave me. At the bottom of the System Information screen, under "Windows Activation" it simply says "Windows is activated", shows my Product ID and that's it. No choice to change the product key.

I think the reason is here: http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/cannot-change-product-key-in-windows-7/80f896b1-3483-435a-9b7f-d0c92442284f

"Your computer has a OEM-SLP version of Windows 7 Ultimate installed.  Due to the fact that several critical system files have been tampered with, you will not be able to change the product key.  You will need to reinstall your Windows 7 operating system using the recovery method recommended by your computer manufacturer."

I hope that the only way to resolve this isn't to reinstall...
0
 
LVL 30

Expert Comment

by:ded9
ID: 39252411
I would not go for reinstall...if you have a vanilla copy of windows 7 ..same version then repair install can be done.


You can also do repair install via the restore disk provided by acer. If you dont have the acer disk then under program files you will see a program  from acer to create recovery disk.

You can check acer website on how to create recovery disk.


Follow this article

http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/



Ded9
0
 
LVL 24

Expert Comment

by:aadih
ID: 39253272
Again, it's a valid key for Acer OEM (SLP Key).  COA Key is different.  Did the OS came installed?  Or did you install the OS yourself?  That'd determine if you have a genuine key or not.
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39255322
Thanks aadh. You'r right - it is pre-installed Acer OEM.
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39255374
Ded 9,

It looks like the Acer disk will not let me do a repair install. It seems to be a recovery image disk rather than a standard Windows Installation Disk (it's called a Factory Default Disk). So it's wipe and reinstall or nothing..

Any other suggestions?
0
 
LVL 30

Expert Comment

by:ded9
ID: 39255387
Did u try this article.

http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/

You can download vanilla copy of windows 7 iso from one of the digital river(ms partner) links and then do repair. Cannot give info about the links because its still not clear whether it can posted


Adding to the previous experts comment on tokens.dat...might have missed one last step.

Try renaming tokens.dat again

Follow these steps

Windows 7 and Windows Server 2008 R2
To rebuild the Tokens.dat file in Windows 7 or in Windows Server 2008 R2, follow these steps:

    Start an elevated command prompt. To do this, follow these steps:

        Click Start, and then type cmd in the search box.
        Right-click cmd, and then click Run as Administrator.
    Type the following commands in the order in which they are presented. Press Enter    after    each command.
    net stop sppsvc

    cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform

    ren tokens.dat tokens.bar

    net start sppsvc

    cscript.exe %windir%\system32\slmgr.vbs /rilc

    Restart the computer.


Ref
http://support.microsoft.com/kb/2736303

Make sure all steps are followed....


Ded9
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39255396
I can try that ded9, but I have a feeling that the product key from the computer (Acer OEM key) will not work with a retail version of windows downloaded. From memory, I tried this once before and the key is not accepted. Them I'm stuck with a PC that is halfway through the setup.

Do you know why it is flagging these files as not genuine? Is there a way to make these files genuine without risking the repair install?
0
 
LVL 30

Expert Comment

by:ded9
ID: 39255400
You can always do  a keyless repair install ...just uncheck activate windows online option and do not enter product key.

You will have no issues doing a repair install ...but first create acer recovery disk (o.s disk)

Also try the rilc and tokens.dat commands first.



Ded9
0
 
LVL 30

Expert Comment

by:ded9
ID: 39255405
If you do not want to try the repair option then try this step and post results

  Click Start, and then type cmd in the search box.
        Right-click cmd, and then click Run as Administrator.
    Type the following commands in the order in which they are presented. Press Enter    after    each command.
    net stop sppsvc

    cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform

    ren tokens.dat tokens.bar

    net start sppsvc

    cscript.exe %windir%\system32\slmgr.vbs /rilc

    Restart the computer.

Then update the key via command prompt and run mgadiag again...upload the latest mga diag results here.


Ref
http://support.microsoft.com/kb/2736303

Make sure all steps are followed....


Ded9
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39255414
Thanks again. I tried this method last night while troubleshooting, however, I did not try to update the key via the command prompt. I will try that.

Just to make sure that we are not barking up the wrong tree, are you certain it is an activation issue? It seems to me that Windows is activated fine and that the trouble is those two files that are listed as being tampered...

I'm getting the feeling that Windows "activation" and "validation" are different things. Like Windows can be activated, but if the validation tool finds "tampered files" it flags Windows as "corrupt" or something?

Tell me if I'm wrong here...
0
 
LVL 30

Expert Comment

by:ded9
ID: 39255425
At this point we need to update the key first...without that nothing will work.

When you validate your copy via IE it automatically install the necessary files in the background .

Follow this article


http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/

Reboot and run mga diag and upload results here.


Ded9
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39255436
Will do...
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 39316365
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
LVL 1

Accepted Solution

by:
lukerussell earned 0 total points
ID: 39316336
Hi Ded9,

Sorry for the delay. I still wasn't able to activate using the key even when re-entered. In the end unfortunately, it was going on so long we had to reformat.

Interestingly, we also discovered there were issues with the hard drive and other files were becoming corrupted. I have a feeling this may have been the cause of the corrupted files that were causing validation issues...

Not sure what to do with the ticket now...
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39316366
0
 
LVL 1

Author Comment

by:lukerussell
ID: 39316546
Thanks for the feedback. The experts tried to help, but in the end we had to give up and reformat. I'll wait for responses then refund points.

cheers.
0
 
LVL 1

Author Closing Comment

by:lukerussell
ID: 39345137
Had to reformat in the end...
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question