locked
Windows 7 "this version is not genuine" notification, and unable to update Windows RRS feed

  • Question

  • Hi,

    I'm dealing with a PC which has had a virus issue, and hasn't installed updates since December. It had a copy of ESET antivirus, which eventually found an quarantined a couple of things; it now scans as clean with several different virus checkers, so I think the original infection has been healed. I'm not clear whether it was a virus infection which prevented Windows updates, or if the lack of updates allowed the infection (or both - one virus, then another).

    From time to time it pops up the "this copy of Windows is not genuine" box.

    Copy of WGA diag report below shows a number of files as not genuine. It's a PC bought from Dell; I doubt it's really not genuine (happy to be told I'm wrong), and suspect the files have been tampered with. I've run sfc /checknow, which reports no issues. Is there an easy way to repair this? From the windows update log, it seems that it has problems checking the validity of the certificate on Windows update downloads - which may or may not be related to this issue.

    Any help gratefully received, thanks.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {28175201-970C-4FE7-9844-329AF73006EE}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{28175201-970C-4FE7-9844-329AF73006EE}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-4285628840-2841581962-2484391955</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 780                 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="5"/><Date>20100811000000.000000+000</Date></BIOS><HWID>3DF13A07018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>B10K   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>2461D62FCDCD88</Val><Hash>PSwr0sYHczJi2VDfci2Nil6QqqI=</Hash><Pid>89409-708-8130556-65353</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700524-02-1033-7600.0000-0202011
    Installation ID: 008895610023099433689463966101299242394256507881942363
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 733WD
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 17/08/2012 09:43:40

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 8:17:2012 09:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: MgAAAAEAAgABAAIAAQACAAAAAQABAAEAJJReCvbayOtylgLcQAVY46jjHg/loWqfRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC DELL   B10K   
      FACP DELL   B10K   
      HPET DELL   B10K   
      BOOT DELL   B10K   
      MCFG DELL   B10K   
      SSDT DELL st_ex
      ASF! DELL   B10K   
      TCPA DELL   B10K   
      DMAR DELL   B10K   
      SLIC DELL   B10K   

    

    Friday, August 17, 2012 10:16 AM

Answers

  • STOP PRESS - we may have a solution.....

    Please open an Elevated Command Prompt window, and run the following commands

    REGSVR32 WINTRUST.DLL

    C:\WINDOWS\SYSWOW64\REGSVR32 c:\windows\syswow64\wintrust.dll

    reboot, and run another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 16, 2012 9:47 AM
    Moderator

All replies

  • This set of errors could simply be a poor driver set, or it could be an inidcator of deeper problems.

    Since you've had malware problems, the best thing to do would be to start with CHKDSK and SFC...

     

    Please run a full CHKDSK and SFC scan....

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

     At the Command prompt, type

     CHKDSK C: /R

     and hit the Enter key.

     

     You will be told that the drive is locked,

     and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

     The chkdsk will take a few hours depending on the size  of the drive, so be patient!

     After the CHKDSK has run, Windows should boot normally  (possibly after a second auto-reboot) - then run the SFC.

     

     SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     At the Command prompt, type

     SFC /SCANNOW

     and hit the Enter key

     

     Wait for the scan to finish - make a note of any error messages - and then reboot.

     Post an MGADiag report with details of any error messages encountered.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 17, 2012 11:05 AM
    Moderator
  • Hi,

    I did all the above.

    Chkdsk reported some changes in the event viewer, though nothing looked too drastic (log below).

    Then I ran sfc, which "did not find any integrity violations".

    Have re-run MGADiag, and posted contents below the chkdsk log.

    Finally, the event viewer is reporting something with a "problem signature" for a USB plug n play device.

    As I mentioned, the windows update log reports problems with the digital signature of download files. So I'm rather thinking that something is amiss with my digital certificates, and that may be what is causing MGADiag to find problematic files - I'm wondering if the problem isn't with the files, but with the certificates MGADiag is checking them against. But I may be wildly wrong.

    --

    CHKDSK report in event viewer

    ----

    Checking file system on C:
    The type of the file system is NTFS.
    Volume label is OS.

    A disk check has been scheduled.
    Windows will now check the disk.                         

    CHKDSK is verifying files (stage 1 of 5)...
      161792 file records processed.                                          File verification completed.
      212 large file records processed.                                      0 bad file records processed.                                        2 EA records processed.                                              97 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
      206048 index entries processed.                                         Index verification completed.
      0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
      161792 file SDs/SIDs processed.                                         Cleaning up 775 unused index entries from index $SII of file 0x9.
    Cleaning up 775 unused index entries from index $SDH of file 0x9.
    Cleaning up 775 unused security descriptors.
    Security descriptor verification completed.
      22129 data files processed.                                            CHKDSK is verifying Usn Journal...
      34446376 USN bytes processed.                                             Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
      161776 files processed.                                                 File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
      49757071 free clusters processed.                                         Free space verification is complete.
    CHKDSK discovered free space marked as allocated in the
    master file table (MFT) bitmap.
    CHKDSK discovered free space marked as allocated in the volume bitmap.
    Windows has made corrections to the file system.

     233471999 KB total disk space.
      34084876 KB in 127692 files.
         89368 KB in 22130 indexes.
             0 KB in bad sectors.
        269467 KB in use by the system.
         65536 KB occupied by the log file.
     199028288 KB available on disk.

          4096 bytes in each allocation unit.
      58367999 total allocation units on disk.
      49757072 allocation units available on disk.

    Internal Info:
    00 78 02 00 48 49 02 00 3d 36 04 00 00 00 00 00  .x..HI..=6......
    ea 56 00 00 61 00 00 00 00 00 00 00 00 00 00 00  .V..a...........
    a8 90 1e 00 50 01 1d 00 e8 1d 1d 00 00 00 1d 00  ....P...........

    Windows has finished checking your disk.
    Please wait while your computer restarts.

    ---

    MGADiag report

    ---

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {28175201-970C-4FE7-9844-329AF73006EE}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{28175201-970C-4FE7-9844-329AF73006EE}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-4285628840-2841581962-2484391955</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 780                 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="5"/><Date>20100811000000.000000+000</Date></BIOS><HWID>3DF13A07018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>B10K   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>2461D62FCDCD88</Val><Hash>PSwr0sYHczJi2VDfci2Nil6QqqI=</Hash><Pid>89409-708-8130556-65353</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700524-02-1033-7600.0000-0202011
    Installation ID: 008895610023099433689463966101299242394256507881942363
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 733WD
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 17/08/2012 14:00:21

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 8:17:2012 09:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: MgAAAAEAAgABAAIAAQACAAAAAQABAAEAJJReCvbayOtylgLcQAVY46jjHg/loWqfRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC DELL   B10K   
      FACP DELL   B10K   
      HPET DELL   B10K   
      BOOT DELL   B10K   
      MCFG DELL   B10K   
      SSDT DELL st_ex
      ASF! DELL   B10K   
      TCPA DELL   B10K   
      DMAR DELL   B10K   
      SLIC DELL   B10K   

    ---

    Example of error reported in event viewer for PnP driver

    ---

    Fault bucket , type 0
    Event Name: PnPDriverImportError
    Response: Not available
    Cab Id: 0

    Problem signature:
    P1: x86
    P2: E0000247
    P3: prnms001.Inf
    P4: 880411950d3a7fbdfee7af98c466ac0796a81d9a
    P5: 
    P6: 
    P7: 
    P8: 
    P9: 
    P10: 

    Attached files:

    Friday, August 17, 2012 1:12 PM
  • I don't *think* the driver problem is related, but it's possible.

    try this...

    Open an Elevated Command Prompt window, and run the following command -

    esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

    copy and paste the results to your reply.

    Then reboot, and post another mGADiag report

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Windows, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Friday, August 17, 2012 1:21 PM
    Moderator
  • Thanks - and thanks for such a quick reply

    Results don't look good..

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11
    D1-85E5-00C04FC295EE}\catdb

    Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
    Version 6.1
    Copyright (C) Microsoft Corporation. All Rights Reserved.

    Error: Access to source database 'C:\Windows\System32\catroot2\{F750E6C3-38EE-11
    D1-85E5-00C04FC295EE}\catdb' failed with Jet error -1032.

    Operation terminated with error -1032 (JET_errFileAccessDenied, Cannot access fi
    le, the file is locked or in use) after 20.46 seconds.


    C:\Windows\system32>


    Friday, August 17, 2012 1:28 PM
  • Nah - I get the same problem on test :(  (that's what comes of not testing someone else's fix first!)

    try it this way instead.....

    NET STOP CRYPTSVC

    esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

    NET START CRYPTSVC

    Note that you'll get a warning when the second command runs - accept it.

    again, run all commands, then post teh results, then reboot and post an MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 17, 2012 1:45 PM
    Moderator
  • Thanks again.

    EssentUtl response below, and WGADiag results below that (but WGADiag identical to before, except timestamp)

    I wonder - slightly ominously... - after reading various other forums (fora?), yesterday I renamed the catroot2 folder to catroot2.old, on the basis (I think, if I remember correctly), that Windows would create a new one. The folder which was checked was the one created yesterday; I wonder if that was an error on my part - although, given it checks OK, maybe it wasn't. Hmm. If this was a pretty standard PC, I'd be heading for a re-install by now; unfortunately, it's one of the few in the company with some extra software on it, so if you have any other thoughts, they'd be welcome; if not, I'll have to ensure I know what needs keeping/re-setting up and then think about re-installing.

    --

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>net stop cryptsvc
    The Cryptographic Services service is stopping..
    The Cryptographic Services service was stopped successfully.


    C:\Windows\system32>esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11
    D1-85E5-00C04FC295EE}\catdb

    Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
    Version 6.1
    Copyright (C) Microsoft Corporation. All Rights Reserved.

    Initiating REPAIR mode...
            Database: C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC2
    95EE}\catdb
      Temp. Database: TEMPREPAIR5636.EDB

    Checking database integrity.

                         Scanning Status (% complete)

              0    10   20   30   40   50   60   70   80   90  100
              |----|----|----|----|----|----|----|----|----|----|
              ...................................................


    Integrity check successful.

    Note:
      It is recommended that you immediately perform a full backup
      of this database. If you restore a backup made before the
      repair, the database will be rolled back to the state
      it was in at the time of that backup.

    Operation completed successfully in 16.786 seconds.


    C:\Windows\system32>
    C:\Windows\system32>net start cryptsvc
    The Cryptographic Services service is starting.
    The Cryptographic Services service was started successfully.


    C:\Windows\system32>

    ---

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {28175201-970C-4FE7-9844-329AF73006EE}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-

    80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{28175201-970C-4FE7-9844-329AF73006EE}

    </UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-

    OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-4285628840-2841581962-2484391955</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 780   

                  </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" 

    minor="5"/><Date>20100811000000.000000+000</Date></BIOS><HWID>3DF13A07018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard 

    Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>B10K   

    </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-

    0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 

    2007</Name><Ver>12</Ver><Val>2461D62FCDCD88</Val><Hash>PSwr0sYHczJi2VDfci2Nil6QqqI=</Hash><Pid>89409-708-8130556-

    65353</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" 

    Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" 

    Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700524-02-1033-7600.0000-0202011
    Installation ID: 008895610023099433689463966101299242394256507881942363
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 733WD
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 17/08/2012 15:12:48

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 8:17:2012 09:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: MgAAAAEAAgABAAIAAQACAAAAAQABAAEAJJReCvbayOtylgLcQAVY46jjHg/loWqfRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC DELL   B10K   
      FACP DELL   B10K   
      HPET DELL   B10K   
      BOOT DELL   B10K   
      MCFG DELL   B10K   
      SSDT DELL st_ex
      ASF! DELL   B10K   
      TCPA DELL   B10K   
      DMAR DELL   B10K   
      SLIC DELL   B10K   

    Friday, August 17, 2012 2:21 PM
  • Renaming the catroot2 folder would have been the next step :)

    The particular error message that you get - HealthStatus: 0x000000000003EFFF - is a rare one, and I have't discovered a specific reason for it (yet) :(

    I'm collaborating with a programmer to create a tool which will make isolating causes easier - but it's not ready :(

    I suppose it'll have to be hunt-and-peck again!

    I'm pretty sure that the problem lies somewhere with the certificates in Windows - perhaps one of them is missing or broken.

    The problem is how to discover which one.

    Try this...

    Click on Start, then enter in the Search box, 'certmgr.msc' (without the quotes), and hit the Enter key.

    The Certificate manager console should come up

    Navigate in the left pane to

    Trusted Root Certification Authorities\Local Computer\Certificates

    In the toolbar at the top, there should be an Export List option - use that, and save the file to your desktop.

    Please upload it to your public SkyDrive, and post a link in your response.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 17, 2012 2:53 PM
    Moderator
  • Again, thanks.

    I did that. I'd not realised I could easily export a list of certificates. I've uploaded the list - see below.

    I've gone a bit further - but still no success. I did the same - export a key list - from a working Windows 7 PC, and compared them. The problem PC had number missing, which I exported from the working PC and imported to the problem PC. Even after a re-boot, still no joy. The new list from the problem PC is in the same Skydrive folder, together with an excerpt from the windows_update log - as far as I can see, it doesn't give any clue as to which certificate it's trying to use, so alas no joy. Since adding the certificates I've also re-run the WGATool, and get exactly the same output. Hmmm...I like a challenge, but this is quite a challenge!

    Sky drive folder is here: original_certs is the certificate list before I changed anything; update_certs2 is the list now I've tried importing from a working PC; windows_update.log is an excerpt from the log.

    https://skydrive.live.com/redir?resid=15DA9F67E5342815!104

    Friday, August 17, 2012 3:46 PM
  • The big problem is that there are any number of ways to crew the system and end up with effectively the same response - the trick is to luck into an identifying error at an early stage and go from there.

     Your original export contained all the default certificates - which is why adding more has made no difference.

    Try running the fixit from this page - see if it helps.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 17, 2012 4:26 PM
    Moderator
  • Again, thanks for you help Noel - sorry to have disappeared - it was Friday pm :)

    I think you meant to include a Fixit link in the previous post, but didn't - it was Friday pm :)

    I think I've tried most of the available fixits, but willing to give any a go! I'm heading increasingly towards a fresh install (but don't like unsolved problems, so part of me wants to wrestle with it). Would it be worth me posting in a Windows update forum? I'm fairly sure it's a certificates issue, but someone there may have encountered it?


    Monday, August 20, 2012 8:39 AM
  • I coulda sworn I inserted the fixit!

    I *think* this is the one I meant.... http://support.microsoft.com/kb/971058 :)

    If it still offers two modes, run it first in Normal mode, reboot, and test. If the system still doesn't function, then run it in aggressive mode, reboot and test (and post an MGADiag report).

    Note that running it in agressive mode will delete your Update History (but not the Updates themselves - which can still be seen in the Installed Updates listing)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 20, 2012 9:07 AM
    Moderator
  • Alas, no joy.

    For info, the fixit didn't offer two modes - although last week I found one which did offer the Aggressive mode (but perhaps that's a generic term used by many fixits, where they offer two levels of operation/potential damage?)

    MGADiag identical except for changed dates - the "Trusted time" had changed, and the Event timestamp (in case you're wondering if I'm missing changes, I'm using ExamDiff to compare the new and old outputs).

    If you feel it may be time to throw in the towel, do say so - but if it may be helpful to others with similar problems, I'm happy to keep going (I'm happy doing "nasty" command line/scripting/VBS stuff, and have the possible advantage of access to other similar Windows installations, so may be able to try some things others wouldn't be able to).

    Monday, August 20, 2012 9:38 AM
  • Trusted Time will always change - it's the time at which the tool was run :)

    The Event Timestamp in the WAT area changes whenever the system detects a change in validation status - it may also change at other times depending on the type of error seen.

    Let me do a roundup if what we've tried so far - just so I can get it straight, and you can check me :)

    1) CHKDSK and SFC - minor problems in CHKDSK, nothing found in SFC

    2) CheckSUR (not run yet - because SFC didn't find anything - probably next on the list)

    3) Esentutl run, and Catroot2 folder renamed - no change

    4) various fixits run - no effect.

    does that cover it?

    If you haven't already, please run the CheckSUR tool from http://support.microsoft.com/kb/947821

    then zip the CheckSUR.log file, and a copy of the CBS.log file (you can't operate directly on the CBS log) together, and upload it to your public SkyDrive so I can take a look.

    The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on how much it has to do, and will exit silently - it may appear to freeze for most of that time, but be patient.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 20, 2012 9:59 AM
    Moderator
  • Downloaded CheckSUR, but alas

    "installer encountered an error: 0x80096001
    A system-level error occurred while verifying trust"

    - same error number as Windows Update generates.


    Monday, August 20, 2012 10:52 AM
  • I wonder if a few dll's have gotten unregistered?

    Try the fixit from this page, if you haven't already... http://support.microsoft.com/kb/822798


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 20, 2012 11:39 AM
    Moderator
  • We may be getting somewhere. The fixit ran OK (didn't report any errors), but you reminded me that I'd tried re-registering some DLLs last week, and met an error (though not one so obviously key related as some below), so I've just manually run the steps in the fixit kb article. I got several errors when running the DLL unregister.

    These ran fine:

    softpub.dll
    wintrust.dll
    dssenh.dll
    mssip32.dll
    rsaenh.dll
    cryptdlg.dll

    however all of the following failed to load - "the specified module could not be found"

    initpki.dll
    gpkcsp.dll
    sccbase.dll
    slbcsp.dll

     - there are no dlls of those names in system32; not sure if there should be. I *thought* sfc would create them if missing, but perhaps not, or perhaps it was unable to. I'm assuming that initpki is a good potential culprit for our key issues...

    Monday, August 20, 2012 12:05 PM
  • It's OK - those last ones don't exist in later versions of Windows :)

    They are actually for IE6, if I remember right.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 20, 2012 12:59 PM
    Moderator
  • Hmm. Any other thoughts on routes to try?
    Monday, August 20, 2012 1:37 PM
  • This *shouldn't* fix it - but they way things are going, anything could happen!

    Try installing the Intel Rapid Storage Drivers

    try downloading and installing them from here - http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=2101&DwnldID=21730

     

    Once complete, please reboot twice, then post another MGADiag report.   


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 20, 2012 1:58 PM
    Moderator
  • STOP PRESS - we may have a solution.....

    Please open an Elevated Command Prompt window, and run the following commands

    REGSVR32 WINTRUST.DLL

    C:\WINDOWS\SYSWOW64\REGSVR32 c:\windows\syswow64\wintrust.dll

    reboot, and run another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 16, 2012 9:47 AM
    Moderator