lukerussell
asked on
Another Windows validation issue
Hi gurus. We're having a Windows Validation issues on a Win 7 SP1 PC. It is an Acer with Windows pre-installed, so it is definitely genuine. All was fine until a month or so ago, when the warning started appearing. According to the Windows Validation Diagnostic Tool, the two problem files are:
Tampered File: %systemroot%\system32\sppc
Tampered File: %systemroot%\system32\sppc
I'll pop the whole report below. The troubleshooting I've done so far are:
- Checked Intel Storage drivers
- Checked for multiple language packs ( as per: kb2105247)
- chkdsk /r
- sfc /scannow (found problems it couldn't fix - unsure if this is related, but I can send logs if needs be)
- Compared the files sppcomapi.dll and sppcommdlg.dll with another Acer machine. (They are exactly the same ie Hex the same)
I have no idea where to go from here. Can anyone give me a hand?
Windows Diagnostic Report:
Diagnostic Report (1.9.0027.0):
--------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GK4PY-FDWYH-7T
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2O
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.04
ID: {8503B9F3-F312-4C7F-AF69-E
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-15
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Applic
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineDa
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f2
Application ID: 55c92734-d682-4d71-983e-d6
Extended PID: 00371-00178-926-700004-02-
Installation ID: 01051678294557283553040571
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7TP9F
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 14/06/2013 12:47:50 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000006000
Event Time Stamp: 6:10:2013 23:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppc
Tampered File: %systemroot%\system32\sppc
HWID Data-->
HWID Hash Current: NgAAAAEABgABAAIAAAABAAAAAQ
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS ACRPRDCT
FACP ACRSYS ACRPRDCT
HPET ACRSYS ACRPRDCT
MCFG ACRSYS ACRPRDCT
TCPA APTIO4 NAPAASF
SSDT AMICPU PROC
SLIC ACRSYS ACRPRDCT
ASF! INTEL HCG
Tampered File: %systemroot%\system32\sppc
Tampered File: %systemroot%\system32\sppc
I'll pop the whole report below. The troubleshooting I've done so far are:
- Checked Intel Storage drivers
- Checked for multiple language packs ( as per: kb2105247)
- chkdsk /r
- sfc /scannow (found problems it couldn't fix - unsure if this is related, but I can send logs if needs be)
- Compared the files sppcomapi.dll and sppcommdlg.dll with another Acer machine. (They are exactly the same ie Hex the same)
I have no idea where to go from here. Can anyone give me a hand?
Windows Diagnostic Report:
Diagnostic Report (1.9.0027.0):
--------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GK4PY-FDWYH-7T
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2O
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.04
ID: {8503B9F3-F312-4C7F-AF69-E
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-15
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Applic
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineDa
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f2
Application ID: 55c92734-d682-4d71-983e-d6
Extended PID: 00371-00178-926-700004-02-
Installation ID: 01051678294557283553040571
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7TP9F
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 14/06/2013 12:47:50 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000006000
Event Time Stamp: 6:10:2013 23:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppc
Tampered File: %systemroot%\system32\sppc
HWID Data-->
HWID Hash Current: NgAAAAEABgABAAIAAAABAAAAAQ
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS ACRPRDCT
FACP ACRSYS ACRPRDCT
HPET ACRSYS ACRPRDCT
MCFG ACRSYS ACRPRDCT
TCPA APTIO4 NAPAASF
SSDT AMICPU PROC
SLIC ACRSYS ACRPRDCT
ASF! INTEL HCG
strivoli
Is your system virus/malware free?
The diag report show that you have a non genuine windows 7 professional key.
Update the key that you see on the windows 7 COA label...should be somewhere in the back of the system.
After updating reboot. Launch internet explorer and go to
http://www.microsoft.com/genuine/validate/
Install the addin and validate your copy ...now restart system and check.
Update key
http://windows.microsoft.com/en-IN/windows/help/genuine/product-key#T1=tab01
Ded9
Update the key that you see on the windows 7 COA label...should be somewhere in the back of the system.
After updating reboot. Launch internet explorer and go to
http://www.microsoft.com/genuine/validate/
Install the addin and validate your copy ...now restart system and check.
Update key
http://windows.microsoft.com/en-IN/windows/help/genuine/product-key#T1=tab01
Ded9
ASKER
Thanks for the fast replies experts! I'll give this a go on Monday
No, the Key is genuine (it's an ACER OEM key).
Is it possible to restore your PC to factory install using the recovery console? Or would you like to do that?
Is it possible to restore your PC to factory install using the recovery console? Or would you like to do that?
ASKER
Thanks for the suggestions guys. Factory restore is my last resort - I'd really like to avoid this if possible.
RE the two links. I had already seen the 1st one and confirmed that the computer has the latest version of WAT
The second link is new to me, but I'm not sure what renaming "tokens.dat" will do. I'm wiling to give it a go though...
RE the two links. I had already seen the 1st one and confirmed that the computer has the latest version of WAT
The second link is new to me, but I'm not sure what renaming "tokens.dat" will do. I'm wiling to give it a go though...
Did u try updating the key that is on the back of the computer.
After that run diag and upload the new report.
Ded9
After that run diag and upload the new report.
Ded9
ASKER
Hi Ded9,
No I assumed that wouldn't help because of the response by aadih ("No, the Key is genuine (it's an ACER OEM key)."
Is it still worth a try?
No I assumed that wouldn't help because of the response by aadih ("No, the Key is genuine (it's an ACER OEM key)."
Is it still worth a try?
ASKER
Just an update,
http://www.bleepingcomputer.com/forums/t/497146/this-computer-is-not-running-genuine-windows-error/ didn't help. Windows activated successfully, but is still not showing as genuine.
I guess I'll try the product key, but I really don't think this is the issue. From what I understand, it is not a product key or activation issue.
Someone please tell me if I'm wrong, but Windows validation is different to Windows Activation. It seems that the validation tool analyses the PC to make sure no files have been tampered with. If it finds files (like in my instance) it automatically assumes that someone has replaced these files and this it is no longer a valid version of Windows.
Is this right?
http://www.bleepingcomputer.com/forums/t/497146/this-computer-is-not-running-genuine-windows-error/ didn't help. Windows activated successfully, but is still not showing as genuine.
I guess I'll try the product key, but I really don't think this is the issue. From what I understand, it is not a product key or activation issue.
Someone please tell me if I'm wrong, but Windows validation is different to Windows Activation. It seems that the validation tool analyses the PC to make sure no files have been tampered with. If it finds files (like in my instance) it automatically assumes that someone has replaced these files and this it is no longer a valid version of Windows.
Is this right?
I cannot comment on other experts suggestion.
I will prove my point on why the copy is not genuine. In diag report check this info
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GK4PY-FDWYH-7T
Copy the product key info and put in google search. You will see the product key listed under blocked keys.
Also match the product key which is in your diag report
Windows Product Key: *****-*****-GK4PY-FDWYH-7T
with the one of the COA label...it will not match. Office program is genuine but not windows.
Ded9
I will prove my point on why the copy is not genuine. In diag report check this info
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GK4PY-FDWYH-7T
Copy the product key info and put in google search. You will see the product key listed under blocked keys.
Also match the product key which is in your diag report
Windows Product Key: *****-*****-GK4PY-FDWYH-7T
with the one of the COA label...it will not match. Office program is genuine but not windows.
Ded9
ASKER
OK thanks, I'll give it a go. It is definitely the key that came pre-installed on the Acer computer - I did the install myself. I assume it doesn't match the key on the bottom because it is a VLK from Acer?
I'll let you know how it goes.
I'll let you know how it goes.
ASKER
Hi again,
I cannot change the product key using the instruction in link you gave me. At the bottom of the System Information screen, under "Windows Activation" it simply says "Windows is activated", shows my Product ID and that's it. No choice to change the product key.
I think the reason is here: http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/cannot-change-product-key-in-windows-7/80f896b1-3483-435a-9b7f-d0c92442284f
"Your computer has a OEM-SLP version of Windows 7 Ultimate installed. Due to the fact that several critical system files have been tampered with, you will not be able to change the product key. You will need to reinstall your Windows 7 operating system using the recovery method recommended by your computer manufacturer."
I hope that the only way to resolve this isn't to reinstall...
I cannot change the product key using the instruction in link you gave me. At the bottom of the System Information screen, under "Windows Activation" it simply says "Windows is activated", shows my Product ID and that's it. No choice to change the product key.
I think the reason is here: http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/cannot-change-product-key-in-windows-7/80f896b1-3483-435a-9b7f-d0c92442284f
"Your computer has a OEM-SLP version of Windows 7 Ultimate installed. Due to the fact that several critical system files have been tampered with, you will not be able to change the product key. You will need to reinstall your Windows 7 operating system using the recovery method recommended by your computer manufacturer."
I hope that the only way to resolve this isn't to reinstall...
I would not go for reinstall...if you have a vanilla copy of windows 7 ..same version then repair install can be done.
You can also do repair install via the restore disk provided by acer. If you dont have the acer disk then under program files you will see a program from acer to create recovery disk.
You can check acer website on how to create recovery disk.
Follow this article
http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/
Ded9
You can also do repair install via the restore disk provided by acer. If you dont have the acer disk then under program files you will see a program from acer to create recovery disk.
You can check acer website on how to create recovery disk.
Follow this article
http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/
Ded9
Again, it's a valid key for Acer OEM (SLP Key). COA Key is different. Did the OS came installed? Or did you install the OS yourself? That'd determine if you have a genuine key or not.
ASKER
Thanks aadh. You'r right - it is pre-installed Acer OEM.
ASKER
Ded 9,
It looks like the Acer disk will not let me do a repair install. It seems to be a recovery image disk rather than a standard Windows Installation Disk (it's called a Factory Default Disk). So it's wipe and reinstall or nothing..
Any other suggestions?
It looks like the Acer disk will not let me do a repair install. It seems to be a recovery image disk rather than a standard Windows Installation Disk (it's called a Factory Default Disk). So it's wipe and reinstall or nothing..
Any other suggestions?
Did u try this article.
http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/
You can download vanilla copy of windows 7 iso from one of the digital river(ms partner) links and then do repair. Cannot give info about the links because its still not clear whether it can posted
Adding to the previous experts comment on tokens.dat...might have missed one last step.
Try renaming tokens.dat again
Follow these steps
Windows 7 and Windows Server 2008 R2
To rebuild the Tokens.dat file in Windows 7 or in Windows Server 2008 R2, follow these steps:
Start an elevated command prompt. To do this, follow these steps:
Click Start, and then type cmd in the search box.
Right-click cmd, and then click Run as Administrator.
Type the following commands in the order in which they are presented. Press Enter after each command.
net stop sppsvc
cd %windir%\ServiceProfiles\N
ren tokens.dat tokens.bar
net start sppsvc
cscript.exe %windir%\system32\slmgr.vb
Restart the computer.
Ref
http://support.microsoft.com/kb/2736303
Make sure all steps are followed....
Ded9
http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/
You can download vanilla copy of windows 7 iso from one of the digital river(ms partner) links and then do repair. Cannot give info about the links because its still not clear whether it can posted
Adding to the previous experts comment on tokens.dat...might have missed one last step.
Try renaming tokens.dat again
Follow these steps
Windows 7 and Windows Server 2008 R2
To rebuild the Tokens.dat file in Windows 7 or in Windows Server 2008 R2, follow these steps:
Start an elevated command prompt. To do this, follow these steps:
Click Start, and then type cmd in the search box.
Right-click cmd, and then click Run as Administrator.
Type the following commands in the order in which they are presented. Press Enter after each command.
net stop sppsvc
cd %windir%\ServiceProfiles\N
ren tokens.dat tokens.bar
net start sppsvc
cscript.exe %windir%\system32\slmgr.vb
Restart the computer.
Ref
http://support.microsoft.com/kb/2736303
Make sure all steps are followed....
Ded9
ASKER
I can try that ded9, but I have a feeling that the product key from the computer (Acer OEM key) will not work with a retail version of windows downloaded. From memory, I tried this once before and the key is not accepted. Them I'm stuck with a PC that is halfway through the setup.
Do you know why it is flagging these files as not genuine? Is there a way to make these files genuine without risking the repair install?
Do you know why it is flagging these files as not genuine? Is there a way to make these files genuine without risking the repair install?
You can always do a keyless repair install ...just uncheck activate windows online option and do not enter product key.
You will have no issues doing a repair install ...but first create acer recovery disk (o.s disk)
Also try the rilc and tokens.dat commands first.
Ded9
You will have no issues doing a repair install ...but first create acer recovery disk (o.s disk)
Also try the rilc and tokens.dat commands first.
Ded9
If you do not want to try the repair option then try this step and post results
Click Start, and then type cmd in the search box.
Right-click cmd, and then click Run as Administrator.
Type the following commands in the order in which they are presented. Press Enter after each command.
net stop sppsvc
cd %windir%\ServiceProfiles\N
ren tokens.dat tokens.bar
net start sppsvc
cscript.exe %windir%\system32\slmgr.vb
Restart the computer.
Then update the key via command prompt and run mgadiag again...upload the latest mga diag results here.
Ref
http://support.microsoft.com/kb/2736303
Make sure all steps are followed....
Ded9
Click Start, and then type cmd in the search box.
Right-click cmd, and then click Run as Administrator.
Type the following commands in the order in which they are presented. Press Enter after each command.
net stop sppsvc
cd %windir%\ServiceProfiles\N
ren tokens.dat tokens.bar
net start sppsvc
cscript.exe %windir%\system32\slmgr.vb
Restart the computer.
Then update the key via command prompt and run mgadiag again...upload the latest mga diag results here.
Ref
http://support.microsoft.com/kb/2736303
Make sure all steps are followed....
Ded9
ASKER
Thanks again. I tried this method last night while troubleshooting, however, I did not try to update the key via the command prompt. I will try that.
Just to make sure that we are not barking up the wrong tree, are you certain it is an activation issue? It seems to me that Windows is activated fine and that the trouble is those two files that are listed as being tampered...
I'm getting the feeling that Windows "activation" and "validation" are different things. Like Windows can be activated, but if the validation tool finds "tampered files" it flags Windows as "corrupt" or something?
Tell me if I'm wrong here...
Just to make sure that we are not barking up the wrong tree, are you certain it is an activation issue? It seems to me that Windows is activated fine and that the trouble is those two files that are listed as being tampered...
I'm getting the feeling that Windows "activation" and "validation" are different things. Like Windows can be activated, but if the validation tool finds "tampered files" it flags Windows as "corrupt" or something?
Tell me if I'm wrong here...
At this point we need to update the key first...without that nothing will work.
When you validate your copy via IE it automatically install the necessary files in the background .
Follow this article
http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/
Reboot and run mga diag and upload results here.
Ded9
When you validate your copy via IE it automatically install the necessary files in the background .
Follow this article
http://www.howtogeek.com/124286/how-to-uninstall-your-windows-product-key-before-you-sell-your-pc/
Reboot and run mga diag and upload results here.
Ded9
ASKER
Will do...
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi mods. Please see my last comment. Should I allocate points?https://www.experts-exchange.com/questions/28157215/Another-Windows-validation-issue.html#
ASKER
Thanks for the feedback. The experts tried to help, but in the end we had to give up and reformat. I'll wait for responses then refund points.
cheers.
cheers.
ASKER
Had to reformat in the end...