none
genuine windows 7 now says not genuine RRS feed

  • Question

  • I purchased my system from Alienware with Vista installed.  I later upgraded to Windows 7 Professional bought at a reputable big box store and it has run about a year with Windows 7 without problem until now.  I now get the validation screen when rebooting and now the "Windows 7, Build 7601, This copy of Windows is not genuine" message in the lower right of the screen.

    I have run MGADiag and pasted the result below.  I suspect that the problem may be with the "tampered file" entries near the bottom.  Perhaps the result of a virus? Is there any way to fix this?  I hope I do not have to reinstall windows but will do it if necessary.  Any suggestions on how to proceed would be much appreciated.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WTKHV-24H22-76WK2
    Windows Product Key Hash: Vmf2Lo/kv9Q/IziMN2T+TiMw1uk=
    Windows Product ID: 00371-154-4466062-85974
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {445F2549-1FC2-45E0-AAB1-1C69EC70FF95}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Small Business 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_70AFE6BE-656-80070057_E2AD56EA-815-80070057

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{445F2549-1FC2-45E0-AAB1-1C69EC70FF95}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-76WK2</PKey><PID>00371-154-4466062-85974</PID><PIDType>5</PIDType><SID>S-1-5-21-1342398742-1981426325-1783636326</SID><SYSTEM><Manufacturer>alienware</Manufacturer><Model>alienware</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="4"/><Date>20080122000000.000000+000</Date></BIOS><HWID>08C13707018400FA</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ALWARE</OEMID><OEMTableID>ALIENWRE</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small Business 2007</Name><Ver>12</Ver><Val>14ACE5A19B71DBE</Val><Hash>OSf+x824PuCqfNgy3/6xdqaxXik=</Hash><Pid>81606-OEM-6473564-22173</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1131, 5) (null): 0xC004F012

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 9:6:2012 19:18
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: MgAAAAIAAwABAAEAAAABAAAAAgABAAEAeqgsNtymnB9MH45mkgDuxRr2Ctbsdy4OzDE=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALWARE  ALIENWRE
      FACP   ALWARE  ALIENWRE
      HPET   ALWARE  ALIENWRE
      MCFG   ALWARE  ALIENWRE
      WDRT   ALWARE  ALIENWRE
      SLIC   ALWARE  ALIENWRE

    Saturday, September 8, 2012 9:46 PM

Answers

All replies

  •  

    Please  run the following commands in an Elevated command prompt window, and copy/paste the results to your reply, together with a new MGADiag report.

     

    NET START CRYPTSVC

    SC QC CRYPTSVC

    SC QUERYEX CRYPTSVC

     

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 9, 2012 5:55 AM
    Moderator
  • Thanks Noel.  See below

    Command Prompt results:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>NET START CRYPTSVC
    The requested service has already been started.

    More help is available by typing NET HELPMSG 2182.


    C:\Windows\system32>
    C:\Windows\system32>SC QC CRYPTSVC
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: CRYPTSVC
            TYPE               : 20  WIN32_SHARE_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : Cryptographic Services
            DEPENDENCIES       : RpcSs
            SERVICE_START_NAME : NT Authority\NetworkService

    C:\Windows\system32>
    C:\Windows\system32>SC QUERYEX CRYPTSVC

    SERVICE_NAME: CRYPTSVC
            TYPE               : 20  WIN32_SHARE_PROCESS
            STATE              : 4  RUNNING
                                    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 1560
            FLAGS              :

    C:\Windows\system32>
    C:\Windows\system32>

    MGADiag results:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WTKHV-24H22-76WK2
    Windows Product Key Hash: Vmf2Lo/kv9Q/IziMN2T+TiMw1uk=
    Windows Product ID: 00371-154-4466062-85974
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {445F2549-1FC2-45E0-AAB1-1C69EC70FF95}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Small Business 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{445F2549-1FC2-45E0-AAB1-1C69EC70FF95}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-76WK2</PKey><PID>00371-154-4466062-85974</PID><PIDType>5</PIDType><SID>S-1-5-21-1342398742-1981426325-1783636326</SID><SYSTEM><Manufacturer>alienware</Manufacturer><Model>alienware</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="4"/><Date>20080122000000.000000+000</Date></BIOS><HWID>08C13707018400FA</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ALWARE</OEMID><OEMTableID>ALIENWRE</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small Business 2007</Name><Ver>12</Ver><Val>14ACE5A19B71DBE</Val><Hash>OSf+x824PuCqfNgy3/6xdqaxXik=</Hash><Pid>81606-OEM-6473564-22173</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-446606-01-4105-7601.0000-2522012
    Installation ID: 019256936573392553977965973844296330183470020191051063
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 76WK2
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 09/09/2012 9:57:17 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 9:6:2012 19:18
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: MgAAAAIAAwABAAEAAAABAAAAAgABAAEAeqgsNtymnB9MH45mkgDuxRr2Ctbsdy4OzDE=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALWARE  ALIENWRE
      FACP   ALWARE  ALIENWRE
      HPET   ALWARE  ALIENWRE
      MCFG   ALWARE  ALIENWRE
      WDRT   ALWARE  ALIENWRE
      SLIC   ALWARE  ALIENWRE

    Sunday, September 9, 2012 1:58 PM
  • OK - we need to try updating the system certificates....

    Please run the following commands in an Elevated Command Prompt.

    NET STOP CRYPTSVC
    esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    NET START CRYPTSVC

    - post the results



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Sunday, September 9, 2012 2:14 PM
    Moderator
  • When I run this I get a "Warning - you should only run Repair on damaged or corrupted databases. Repair will not apply information in the transaction log files to the database and may cause infromation to be lost.  Do you wish to proceed? OK/Cancel"  Is this expected?
    Sunday, September 9, 2012 3:08 PM
  • Yes - that's why we're running it. :)

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 9, 2012 3:27 PM
    Moderator
  • Command Prompt results:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>NET STOP CRYPTSVC
    The Cryptographic Services service is stopping..
    The Cryptographic Services service was stopped successfully.


    C:\Windows\system32>esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11
    D1-85E5-00C04FC295EE}\catdb

    Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
    Version 6.1
    Copyright (C) Microsoft Corporation. All Rights Reserved.

    Initiating REPAIR mode...
            Database: C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC2
    95EE}\catdb
      Temp. Database: TEMPREPAIR2700.EDB

    Checking database integrity.

                         Scanning Status (% complete)

              0    10   20   30   40   50   60   70   80   90  100
              |----|----|----|----|----|----|----|----|----|----|
              ...................................................


    Integrity check successful.

    Note:
      It is recommended that you immediately perform a full backup
      of this database. If you restore a backup made before the
      repair, the database will be rolled back to the state
      it was in at the time of that backup.

    Operation completed successfully in 1787.241 seconds.


    C:\Windows\system32>NET START CRYPTSVC
    The Cryptographic Services service is starting.
    The Cryptographic Services service was started successfully.

    C:\Windows\system32>

    MGADiag results:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WTKHV-24H22-76WK2
    Windows Product Key Hash: Vmf2Lo/kv9Q/IziMN2T+TiMw1uk=
    Windows Product ID: 00371-154-4466062-85974
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {445F2549-1FC2-45E0-AAB1-1C69EC70FF95}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Small Business 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-

    80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{445F2549-1FC2-45E0-AAB1-1C69EC70FF95}

    </UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-

    *****-*****-*****-76WK2</PKey><PID>00371-154-4466062-85974</PID><PIDType>5</PIDType><SID>S-1-5-21-1342398742-1981426325-

    1783636326</SID><SYSTEM><Manufacturer>alienware</Manufacturer><Model>alienware</Model></SYSTEM><BIOS><Manufacturer>Phoeni

    x Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2"

    minor="4"/><Date>20080122000000.000000+000</Date></BIOS><HWID>08C13707018400FA</HWID><UserLCID>1009</UserLCID><SystemLCID

    >0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)

    </TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ALWARE</OE

    MID><OEMTableID>ALIENWRE</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products

    ><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small

    Business 2007</Name><Ver>12</Ver><Val>14ACE5A19B71DBE</Val><Hash>OSf+x824PuCqfNgy3/6xdqaxXik=</Hash><Pid>81606-OEM-

    6473564-22173</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App

    Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App

    Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-446606-01-4105-7601.0000-2522012
    Installation ID: 019256936573392553977965973844296330183470020191051063
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 76WK2
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 09/09/2012 11:34:52 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 9:6:2012 19:18
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: MgAAAAIAAwABAAEAAAABAAAAAgABAAEAeqgsNtymnB9MH45mkgDuxRr2Ctbsdy4OzDE=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALWARE  ALIENWRE
      FACP   ALWARE  ALIENWRE
      HPET   ALWARE  ALIENWRE
      MCFG   ALWARE  ALIENWRE
      WDRT   ALWARE  ALIENWRE
      SLIC   ALWARE  ALIENWRE

    Sunday, September 9, 2012 3:36 PM
  • OK - What Anti-virus do you have installed? - what other AV's have EVER been installed?

    Please run the following commands in anElevated Command Prompt, and post the results

    REG QUERY HKCR\Wow6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

    REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

    REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 9, 2012 4:19 PM
    Moderator
  • I have the security suite from my ISP that is supplied by Radialpoint.

    I also have  SuperAntiSpyware Free Version and HitmanPro free version.  These were leftovers from a virus removal several months ago.

    I don't think I have had any other AVs installed 

    Command Prompt results:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKCR\Wow6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00
    AA004A55E8}\InprocServer32
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3741-
    5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B54F3741-
    5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>

    MGADiag results:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WTKHV-24H22-76WK2
    Windows Product Key Hash: Vmf2Lo/kv9Q/IziMN2T+TiMw1uk=
    Windows Product ID: 00371-154-4466062-85974
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {445F2549-1FC2-45E0-AAB1-1C69EC70FF95}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Small Business 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{445F2549-1FC2-45E0-AAB1-1C69EC70FF95}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-76WK2</PKey><PID>00371-154-4466062-85974</PID><PIDType>5</PIDType><SID>S-1-5-21-1342398742-1981426325-1783636326</SID><SYSTEM><Manufacturer>alienware</Manufacturer><Model>alienware</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="4"/><Date>20080122000000.000000+000</Date></BIOS><HWID>08C13707018400FA</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ALWARE</OEMID><OEMTableID>ALIENWRE</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small Business 2007</Name><Ver>12</Ver><Val>14ACE5A19B71DBE</Val><Hash>OSf+x824PuCqfNgy3/6xdqaxXik=</Hash><Pid>81606-OEM-6473564-22173</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-446606-01-4105-7601.0000-2522012
    Installation ID: 019256936573392553977965973844296330183470020191051063
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 76WK2
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 09/09/2012 12:35:23 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 9:6:2012 19:18
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: MgAAAAIAAwABAAEAAAABAAAAAgABAAEAeqgsNtymnB9MH45mkgDuxRr2Ctbsdy4OzDE=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALWARE  ALIENWRE
      FACP   ALWARE  ALIENWRE
      HPET   ALWARE  ALIENWRE
      MCFG   ALWARE  ALIENWRE
      WDRT   ALWARE  ALIENWRE
      SLIC   ALWARE  ALIENWRE

    Sunday, September 9, 2012 5:09 PM
  • Ooops! - my fault, you wouldn't have those keys, since your install is 32-bit. Sorry about that!

    Please uninstall the WAT Update (KB971033) from Installed Updates, reboot, and post an MGADiag report

    then reinstall a new copy downloaded from  http://support.microsoft.com/kb/971033

    post another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 9, 2012 5:28 PM
    Moderator
  • Hey, no problem.  I appreciate the help.

    MGADiag result after uninstall of KB971033:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WTKHV-24H22-76WK2
    Windows Product Key Hash: Vmf2Lo/kv9Q/IziMN2T+TiMw1uk=
    Windows Product ID: 00371-154-4466062-85974
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {445F2549-1FC2-45E0-AAB1-1C69EC70FF95}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Small Business 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{445F2549-1FC2-45E0-AAB1-1C69EC70FF95}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-76WK2</PKey><PID>00371-154-4466062-85974</PID><PIDType>5</PIDType><SID>S-1-5-21-1342398742-1981426325-1783636326</SID><SYSTEM><Manufacturer>alienware</Manufacturer><Model>alienware</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="4"/><Date>20080122000000.000000+000</Date></BIOS><HWID>08C13707018400FA</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ALWARE</OEMID><OEMTableID>ALIENWRE</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small Business 2007</Name><Ver>12</Ver><Val>14ACE5A19B71DBE</Val><Hash>OSf+x824PuCqfNgy3/6xdqaxXik=</Hash><Pid>81606-OEM-6473564-22173</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-446606-01-4105-7601.0000-2522012
    Installation ID: 019256936573392553977965973844296330183470020191051063
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 76WK2
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 09/09/2012 3:59:42 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 9:6:2012 19:18
    ActiveX: Not Registered - 0x80040154
    Admin Service: Not Registered - 0x80040154
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MgAAAAIAAwABAAEAAAABAAAAAgABAAEAeqgsNtymnB9MH45mkgDuxRr2Ctbsdy4OzDE=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALWARE  ALIENWRE
      FACP   ALWARE  ALIENWRE
      HPET   ALWARE  ALIENWRE
      MCFG   ALWARE  ALIENWRE
      WDRT   ALWARE  ALIENWRE
      SLIC   ALWARE  ALIENWRE

    Sunday, September 9, 2012 8:03 PM
  • I get an error "0x80096001 - A system-level error occurred while verifying trust." when I try to re-install KB971033 
    Sunday, September 9, 2012 8:08 PM
  • Ahah! that may give me a clue :)

    OK - let's see if this shifts it :)

    reboot - open Internet Explorer, and navigate to http://support.microsoft.com/kb/923737

    Run the Fixit from there - leave the 'personal data' option unchecked for the moment.

    then immediately reboot, and post a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 9, 2012 8:42 PM
    Moderator
  • OK, ran the fixit.  MGADiag results below:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WTKHV-24H22-76WK2
    Windows Product Key Hash: Vmf2Lo/kv9Q/IziMN2T+TiMw1uk=
    Windows Product ID: 00371-154-4466062-85974
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {445F2549-1FC2-45E0-AAB1-1C69EC70FF95}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Small Business 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-

    80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{445F2549-1FC2-45E0-AAB1-1C69EC70FF95}

    </UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-

    *****-*****-*****-76WK2</PKey><PID>00371-154-4466062-85974</PID><PIDType>5</PIDType><SID>S-1-5-21-1342398742-1981426325-

    1783636326</SID><SYSTEM><Manufacturer>alienware</Manufacturer><Model>alienware</Model></SYSTEM><BIOS><Manufacturer>Phoeni

    x Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2"

    minor="4"/><Date>20080122000000.000000+000</Date></BIOS><HWID>08C13707018400FA</HWID><UserLCID>1009</UserLCID><SystemLCID

    >0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)

    </TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ALWARE</OE

    MID><OEMTableID>ALIENWRE</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products

    ><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small

    Business 2007</Name><Ver>12</Ver><Val>14ACE5A19B71DBE</Val><Hash>OSf+x824PuCqfNgy3/6xdqaxXik=</Hash><Pid>81606-OEM-

    6473564-22173</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App

    Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App

    Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-446606-01-4105-7601.0000-2522012
    Installation ID: 019256936573392553977965973844296330183470020191051063
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 76WK2
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 09/09/2012 5:44:32 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 9:6:2012 19:18
    ActiveX: Not Registered - 0x80040154
    Admin Service: Not Registered - 0x80040154
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MgAAAAIAAwABAAEAAAABAAAAAgABAAEAeqgsNtymnB9MH45mkgDuxRr2Ctbsdy4OzDE=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALWARE  ALIENWRE
      FACP   ALWARE  ALIENWRE
      HPET   ALWARE  ALIENWRE
      MCFG   ALWARE  ALIENWRE
      WDRT   ALWARE  ALIENWRE
      SLIC   ALWARE  ALIENWRE

    Sunday, September 9, 2012 9:45 PM
  • OK - now try installing the KB971033 update again.

    If it fails, run the Fixit again, and this time check the 'personal details' box, let it finish, and reboot, then attempt the KB971033 install again

    Post a new MGADiag report (again!)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 9, 2012 10:03 PM
    Moderator
  • Tried reinstalling KB971033 - same 0x80096001 error

    ran Fixit again with 'personal details' checked, rebooted, attempted KB971033 install again and still get the 0x80096001 error

    MGADiag result:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-WTKHV-24H22-76WK2
    Windows Product Key Hash: Vmf2Lo/kv9Q/IziMN2T+TiMw1uk=
    Windows Product ID: 00371-154-4466062-85974
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {445F2549-1FC2-45E0-AAB1-1C69EC70FF95}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Small Business 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-

    80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{445F2549-1FC2-45E0-AAB1-1C69EC70FF95}

    </UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-

    *****-*****-*****-76WK2</PKey><PID>00371-154-4466062-85974</PID><PIDType>5</PIDType><SID>S-1-5-21-1342398742-1981426325-

    1783636326</SID><SYSTEM><Manufacturer>alienware</Manufacturer><Model>alienware</Model></SYSTEM><BIOS><Manufacturer>Phoeni

    x Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2"

    minor="4"/><Date>20080122000000.000000+000</Date></BIOS><HWID>08C13707018400FA</HWID><UserLCID>1009</UserLCID><SystemLCID

    >0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)

    </TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ALWARE</OE

    MID><OEMTableID>ALIENWRE</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products

    ><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small

    Business 2007</Name><Ver>12</Ver><Val>14ACE5A19B71DBE</Val><Hash>OSf+x824PuCqfNgy3/6xdqaxXik=</Hash><Pid>81606-OEM-

    6473564-22173</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App

    Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App

    Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-446606-01-4105-7601.0000-2522012
    Installation ID: 019256936573392553977965973844296330183470020191051063
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 76WK2
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 09/09/2012 9:10:23 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 9:6:2012 19:18
    ActiveX: Not Registered - 0x80040154
    Admin Service: Not Registered - 0x80040154
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MgAAAAIAAwABAAEAAAABAAAAAgABAAEAeqgsNtymnB9MH45mkgDuxRr2Ctbsdy4OzDE=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ALWARE  ALIENWRE
      FACP   ALWARE  ALIENWRE
      HPET   ALWARE  ALIENWRE
      MCFG   ALWARE  ALIENWRE
      WDRT   ALWARE  ALIENWRE
      SLIC   ALWARE  ALIENWRE

    Monday, September 10, 2012 1:13 AM
  • ...and the report after reinstalling the WAT update?

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 16, 2012 10:28 AM
    Moderator
  • That is the report after running Fixit again with 'personal details' checked, rebooting and attempting to reinstall the WAT update (KB971033). Still get the 0x80096001 error when I try to install it.
    Sunday, September 16, 2012 12:38 PM
  • SO you get the error installing the update? that's extremely unusual, as it's such a small update that most of the usual WU problems don't affect it.

    Please follow the advice in this article http://support.microsoft.com/kb/822798 (use the Fixit first, then the manual methods) - test each attempt by rebooting, and attempting to install the update.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 16, 2012 1:09 PM
    Moderator
  • I am working my way through the slolution methods listed under KB822798:

    1. Fixit - no change still get the 0x80096001 error when trying to install WAT update.

    2. Under "let me fix it myself":

    a) Method 1: Set Cryptographic Services to automatic - already set to automatic

    b) Method 2: Rename the Catroot2 folder - not attempted since it says this for Windows XP and Windows Server 2003 only

    c) Method 3: Reregister the DLL files that are associated with Cryptographic Services - when I try and unregister/reregister the listed .dll's the following message is generated for initpki.dll, gpkcsp.dll, sccbase.dll, slbcsp.dll: 'The module "x.dll" failed to load.  Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .dll files.  The specified module could not be found.' where x.dll is one of the four dll's generating the message.  Might this be an issue?

    d) Method 4: Remove the hidden attribute from %Windir% and from its subfolders - done with no effect

    e)Method 5: Set non-driver signing policy to silently succeed - registry value already set to suggested 00 value.

    3. Rename the Edb.log file - when I try this I get the message "The process cannot access the file because it is being used by another process"

    I would like to know if any of this gives any insight on the problem before I continue with the other methods listed in KB822798, particularly the missing .dll's

    Sunday, September 16, 2012 5:07 PM
  • 1) OK :(

    2.1) good

    2.2) it also works in Vista and Windows 7

    2.3) That's normal - those files don't exist in Windows 7

    2.4) OK

    2.5) Not sure about that one

     3) Hmmm - the usual reason for that error is not first stopping the Cryptographics Service (use NET STOP CRYPTSVC first, and NET START CRYPTSVC after the command in the article)

    I don't see anything in the article about missing dlls??


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 16, 2012 5:47 PM
    Moderator
  • Anything more on this??

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, October 3, 2012 3:04 PM
    Moderator