Solved

Another Windows validation issue

Posted on 2013-06-14
30
1,104 Views
Last Modified: 2013-07-22
Hi gurus. We're having a Windows Validation issues on a Win 7 SP1 PC. It is an Acer with Windows pre-installed, so it is definitely genuine. All was fine until a month or so ago, when the warning started appearing. According to the Windows Validation Diagnostic Tool, the two problem files are:

Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui

I'll pop the whole report below. The troubleshooting I've done so far are:

- Checked Intel Storage drivers

- Checked for multiple language packs ( as per: kb2105247)

- chkdsk /r

- sfc /scannow (found problems it couldn't fix - unsure if this is related, but I can send logs if needs be)

- Compared the files sppcomapi.dll and sppcommdlg.dll with another Acer machine. (They are exactly the same ie Hex the same)

I have no idea where to go from here. Can anyone give me a hand?

Windows Diagnostic Report:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE22
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {8503B9F3-F312-4C7F-AF69-E410461DCF49}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{8503B9F3-F312-4C7F-AF69-E410461DCF49}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-4264629450-2000698978-4044012267</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton M6610G     </Model></SYSTEM><BIOS><Manufacturer>Acer      </Manufacturer><Version>P01-A4                </Version><SMBIOSVersion major="2" minor="6"/><Date>20110726000000.000000+000</Date></BIOS><HWID>89B63707018400FE</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>86C2A29D61EFF38</Val><Hash>3OlCduAq4bX4Gk8ioVnw3ZZDhpI=</Hash><Pid>81602-924-8227986-68755</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700004-02-3081-7601.0000-1652013
Installation ID: 010516782945572835530405717083197202462041113706917201
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7TP9F
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 14/06/2013 12:47:50 PM

Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000006000
Event Time Stamp: 6:10:2013 23:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui


HWID Data-->
HWID Hash Current: NgAAAAEABgABAAIAAAABAAAAAQABAAEA6GFutbLrHMpiNL7U1A5K3QI7yPqMnc5wikco8y5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
  ACPI Table Name      OEMID Value      OEMTableID Value
  APIC                  ACRSYS            ACRPRDCT
  FACP                  ACRSYS            ACRPRDCT
  HPET                  ACRSYS            ACRPRDCT
  MCFG                  ACRSYS            ACRPRDCT
  TCPA                  APTIO4            NAPAASF
  SSDT                  AMICPU            PROC
  SLIC                  ACRSYS            ACRPRDCT
  ASF!                  INTEL              HCG
0
Comment
Question by:lukerussell
  • 15
  • 8
  • 2
  • +3
30 Comments
 
LVL 19

Expert Comment

by:strivoli
Comment Utility
Is your system virus/malware free?
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
The diag report show that you have a non genuine windows 7 professional key.


Update the key that you see on the windows 7 COA label...should be somewhere in the back of the system.

After updating reboot. Launch internet explorer and go to

http://www.microsoft.com/genuine/validate/

Install the addin and validate your copy ...now restart system and check.

Update key
http://windows.microsoft.com/en-IN/windows/help/genuine/product-key#T1=tab01



Ded9
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
Thanks for the fast replies experts! I'll give this a go on Monday
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
No, the Key is genuine (it's an ACER OEM key).

Is it possible to restore your PC to factory install using the recovery console? Or would you like to do that?
0
 
LVL 50

Expert Comment

by:jcimarron
Comment Utility
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
Thanks for the suggestions guys. Factory restore is my last resort - I'd really like to avoid this if possible.

RE the two links. I had already seen the 1st one and confirmed that the computer has the latest version of WAT

The second link is new to me, but I'm not sure what renaming  "tokens.dat" will do. I'm wiling to give it a go though...
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
Did u try updating the key that is on the back of the computer.

After that run diag and upload the new report.




Ded9
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
Hi Ded9,

No I assumed that wouldn't help because of the response by aadih ("No, the Key is genuine (it's an ACER OEM key)."

Is it still worth a try?
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
Just an update,

http://www.bleepingcomputer.com/forums/t/497146/this-computer-is-not-running-genuine-windows-error/ didn't help. Windows activated successfully, but is still not showing as genuine.

I guess I'll try the product key, but I really don't think this is the issue. From what I understand, it is not a product key or activation issue.

Someone please tell me if I'm wrong, but Windows validation is different to Windows Activation. It seems that the validation tool analyses the PC to make sure no files have been tampered with. If it finds files (like in my instance) it automatically assumes that someone has replaced these files and this it is no longer a valid version of Windows.

Is this right?
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
I cannot comment on other experts suggestion.

I will prove my point on why the copy is not genuine. In diag report check this info

Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F


Copy the product key info and put in google search. You will see the product key listed under blocked keys.


Also match the product key which is in your diag report
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F

with the one of the COA label...it will not match. Office program is genuine but not windows.



Ded9
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
OK thanks, I'll give it a go. It is definitely the key that came pre-installed on the Acer computer - I did the install myself. I assume it doesn't match the key on the bottom because it is a VLK from Acer?

I'll let you know how it goes.
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
Hi again,

I cannot change the product key using the instruction in link you gave me. At the bottom of the System Information screen, under "Windows Activation" it simply says "Windows is activated", shows my Product ID and that's it. No choice to change the product key.

I think the reason is here: http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/cannot-change-product-key-in-windows-7/80f896b1-3483-435a-9b7f-d0c92442284f

"Your computer has a OEM-SLP version of Windows 7 Ultimate installed.  Due to the fact that several critical system files have been tampered with, you will not be able to change the product key.  You will need to reinstall your Windows 7 operating system using the recovery method recommended by your computer manufacturer."

I hope that the only way to resolve this isn't to reinstall...
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
I would not go for reinstall...if you have a vanilla copy of windows 7 ..same version then repair install can be done.


You can also do repair install via the restore disk provided by acer. If you dont have the acer disk then under program files you will see a program  from acer to create recovery disk.

You can check acer website on how to create recovery disk.


Follow this article

http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/



Ded9
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
Again, it's a valid key for Acer OEM (SLP Key).  COA Key is different.  Did the OS came installed?  Or did you install the OS yourself?  That'd determine if you have a genuine key or not.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:lukerussell
Comment Utility
Thanks aadh. You'r right - it is pre-installed Acer OEM.
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
Ded 9,

It looks like the Acer disk will not let me do a repair install. It seems to be a recovery image disk rather than a standard Windows Installation Disk (it's called a Factory Default Disk). So it's wipe and reinstall or nothing..

Any other suggestions?
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
Did u try this article.

http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/

You can download vanilla copy of windows 7 iso from one of the digital river(ms partner) links and then do repair. Cannot give info about the links because its still not clear whether it can posted


Adding to the previous experts comment on tokens.dat...might have missed one last step.

Try renaming tokens.dat again

Follow these steps

Windows 7 and Windows Server 2008 R2
To rebuild the Tokens.dat file in Windows 7 or in Windows Server 2008 R2, follow these steps:

    Start an elevated command prompt. To do this, follow these steps:

        Click Start, and then type cmd in the search box.
        Right-click cmd, and then click Run as Administrator.
    Type the following commands in the order in which they are presented. Press Enter    after    each command.
    net stop sppsvc

    cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform

    ren tokens.dat tokens.bar

    net start sppsvc

    cscript.exe %windir%\system32\slmgr.vbs /rilc

    Restart the computer.


Ref
http://support.microsoft.com/kb/2736303

Make sure all steps are followed....


Ded9
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
I can try that ded9, but I have a feeling that the product key from the computer (Acer OEM key) will not work with a retail version of windows downloaded. From memory, I tried this once before and the key is not accepted. Them I'm stuck with a PC that is halfway through the setup.

Do you know why it is flagging these files as not genuine? Is there a way to make these files genuine without risking the repair install?
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
You can always do  a keyless repair install ...just uncheck activate windows online option and do not enter product key.

You will have no issues doing a repair install ...but first create acer recovery disk (o.s disk)

Also try the rilc and tokens.dat commands first.



Ded9
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
If you do not want to try the repair option then try this step and post results

  Click Start, and then type cmd in the search box.
        Right-click cmd, and then click Run as Administrator.
    Type the following commands in the order in which they are presented. Press Enter    after    each command.
    net stop sppsvc

    cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform

    ren tokens.dat tokens.bar

    net start sppsvc

    cscript.exe %windir%\system32\slmgr.vbs /rilc

    Restart the computer.

Then update the key via command prompt and run mgadiag again...upload the latest mga diag results here.


Ref
http://support.microsoft.com/kb/2736303

Make sure all steps are followed....


Ded9
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
Thanks again. I tried this method last night while troubleshooting, however, I did not try to update the key via the command prompt. I will try that.

Just to make sure that we are not barking up the wrong tree, are you certain it is an activation issue? It seems to me that Windows is activated fine and that the trouble is those two files that are listed as being tampered...

I'm getting the feeling that Windows "activation" and "validation" are different things. Like Windows can be activated, but if the validation tool finds "tampered files" it flags Windows as "corrupt" or something?

Tell me if I'm wrong here...
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
At this point we need to update the key first...without that nothing will work.

When you validate your copy via IE it automatically install the necessary files in the background .

Follow this article


http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/

Reboot and run mga diag and upload results here.


Ded9
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
Will do...
0
 
LVL 59

Expert Comment

by:LeeTutor
Comment Utility
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
LVL 1

Accepted Solution

by:
lukerussell earned 0 total points
Comment Utility
Hi Ded9,

Sorry for the delay. I still wasn't able to activate using the key even when re-entered. In the end unfortunately, it was going on so long we had to reformat.

Interestingly, we also discovered there were issues with the hard drive and other files were becoming corrupted. I have a feeling this may have been the cause of the corrupted files that were causing validation issues...

Not sure what to do with the ticket now...
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
0
 
LVL 1

Author Comment

by:lukerussell
Comment Utility
Thanks for the feedback. The experts tried to help, but in the end we had to give up and reformat. I'll wait for responses then refund points.

cheers.
0
 
LVL 1

Author Closing Comment

by:lukerussell
Comment Utility
Had to reformat in the end...
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now