J
Jamorino
Guest
I have suddenly had a machine running windows 7 Professional start popping up saying that Windows is not genuine, I have since reactivated and reactivated it, slui.exe shows that it is activated too.
I have searched for KB3004394 which has not been installed on this machine, I have checked the service startup types and attempted to run sfc /scannow which finds the mismatched files but does not repair them. I have tried this also with a brand new Windows key and I am still having this issue.
MGADiag.exe report
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-*****-*****-2Y323
Windows Product Key Hash: iVoSKGLm/gTStoCeQn2tcCwgiTE=
Windows Product ID: 55041-153-0374581-86135
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {19B9B131-5A69-46D1-BAE6-A98D0BB7B9CD}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_ldr_escrow.180801-1700
TTS Error: T:20191128030802888-
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{19B9B131-5A69-46D1-BAE6-A98D0BB7B9CD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-153-0374581-86135</PID><PIDType>6</PIDType><SID>S-1-5-21-2454115947-3003827357-2262524710</SID><SYSTEM><Manufacturer>Intel Corporation</Manufacturer><Model>CedarTrail Platform</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies Ltd.</Manufacturer><Version>C960VA10(C96A-168)</Version><SMBIOSVersion major="2" minor="6"/><Date>20140616000000.000000+000</Date></BIOS><HWID>B4EF0900018400FA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>AURES</OEMID><OEMTableID>POSLIGNE</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAABAAAAHtTfQAAAAAAWmICADw9GpmvqRwMmaXVAWbXGpOihAOpMHzDmWxsjur5xIUBBOQSmTcln9rpjoMYFcLBp0UgsenuG32nB4YALDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHsHSLzhfSxbnlXQecH7yFniWtBcO9LvqF0JXaDlzx9TIzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
Licensing Data-->
Software licensing service version: 6.1.7601.23403
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-153-037458-03-2057-7601.0000-3432019
Installation ID: 003302923863893975295832999825734966837792338703252081
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 2Y323
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 10/12/2019 10:39:22
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0000000000002C20
Event Time Stamp: 12:7:2019 17:56
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
HWID Data-->
HWID Hash Current: LAAAAAAAAgABAAIAAAABAAAAAQABAAEAJJQcVKp2IMyiZvgWLFH0lOSCBBo=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC AURES POSLIGNE
FACP AURES POSLIGNE
HPET AURES POSLIGNE
MCFG AURES POSLIGNE
SLIC AURES POSLIGNE
SSDT AURES PtidDevc
SSDT AURES PtidDevc
SSDT AURES PtidDevc
SSDT AURES PtidDevc
UEFI AURES POSLIGNE
UEFI AURES POSLIGNE
POAT AURES POSLIGNE
UEFI AURES POSLIGNE
Continue reading...
I have searched for KB3004394 which has not been installed on this machine, I have checked the service startup types and attempted to run sfc /scannow which finds the mismatched files but does not repair them. I have tried this also with a brand new Windows key and I am still having this issue.
MGADiag.exe report
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-*****-*****-2Y323
Windows Product Key Hash: iVoSKGLm/gTStoCeQn2tcCwgiTE=
Windows Product ID: 55041-153-0374581-86135
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {19B9B131-5A69-46D1-BAE6-A98D0BB7B9CD}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_ldr_escrow.180801-1700
TTS Error: T:20191128030802888-
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{19B9B131-5A69-46D1-BAE6-A98D0BB7B9CD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-153-0374581-86135</PID><PIDType>6</PIDType><SID>S-1-5-21-2454115947-3003827357-2262524710</SID><SYSTEM><Manufacturer>Intel Corporation</Manufacturer><Model>CedarTrail Platform</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies Ltd.</Manufacturer><Version>C960VA10(C96A-168)</Version><SMBIOSVersion major="2" minor="6"/><Date>20140616000000.000000+000</Date></BIOS><HWID>B4EF0900018400FA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>AURES</OEMID><OEMTableID>POSLIGNE</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAABAAAAHtTfQAAAAAAWmICADw9GpmvqRwMmaXVAWbXGpOihAOpMHzDmWxsjur5xIUBBOQSmTcln9rpjoMYFcLBp0UgsenuG32nB4YALDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHsHSLzhfSxbnlXQecH7yFniWtBcO9LvqF0JXaDlzx9TIzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
Licensing Data-->
Software licensing service version: 6.1.7601.23403
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-153-037458-03-2057-7601.0000-3432019
Installation ID: 003302923863893975295832999825734966837792338703252081
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 2Y323
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 10/12/2019 10:39:22
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0000000000002C20
Event Time Stamp: 12:7:2019 17:56
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
HWID Data-->
HWID Hash Current: LAAAAAAAAgABAAIAAAABAAAAAQABAAEAJJQcVKp2IMyiZvgWLFH0lOSCBBo=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC AURES POSLIGNE
FACP AURES POSLIGNE
HPET AURES POSLIGNE
MCFG AURES POSLIGNE
SLIC AURES POSLIGNE
SSDT AURES PtidDevc
SSDT AURES PtidDevc
SSDT AURES PtidDevc
SSDT AURES PtidDevc
UEFI AURES POSLIGNE
UEFI AURES POSLIGNE
POAT AURES POSLIGNE
UEFI AURES POSLIGNE
Continue reading...