locked
Why is Win 7 64 bit suddenly saying “You may be a victim of software counterfeiting”? RRS feed

  • Question

  • This started happening a week or two ago then it would be fine after reboot but now whenever I run updates it takes me to a web page that tells me not to navigate away and just has a circle spinning. I left it on that page for fourteen hours and it still did nothing but spin…

    This is highly annoying and the fact that virus updates are disabled seems to be a rather unusual choice when presented with something that could be virus related.

    Below find my report per request:

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Code: 50

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-42H2H-CM3GX-6V84D

    Windows Product Key Hash: ferZ5HIX01LTptaQsw0a7M/jD3o=

    Windows Product ID: 00426-292-7267024-85431

    Windows Product ID Type: 5

    Windows License Type: Retail

    Windows OS version: 6.1.7601.2.00010100.1.0.001

    ID: {24324635-3423-4FAE-B052-E433F401D9B7}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Ultimate

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.120830-0333

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 109 N/A

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{24324635-3423-4FAE-B052-E433F401D9B7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6V84D</PKey><PID>00426-292-7267024-85431</PID><PIDType>5</PIDType><SID>S-1-5-21-154956519-3706681310-2219728332</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0905   </Version><SMBIOSVersion major="2" minor="6"/><Date>20100326000000.000000+000</Date></BIOS><HWID>3A8F3607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->

    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.

    Error: 0xC004F012

    Windows Activation Technologies-->

    HrOffline: 0x00000000

    HrOnline: 0x00000000

    HealthStatus: 0x0000000000000000

    Event Time Stamp: 9:19:2012 00:42

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    HWID Data-->

    HWID Hash Current: OAAAAAEABAABAAEAAAAEAAAAAgABAAEAln08fUNIHL9CxoCWyt78dUi4TpF+upZ2M12ML+wsdlY=

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes, but no SLIC table

    Windows marker version: N/A

    OEMID and OEMTableID Consistent: N/A

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    032610                  APIC1055

      FACP                                   032610                  FACP1055

      HPET                                    032610                  OEMHPET

      MCFG                                 032610                  OEMMCFG

      OEMB                                 032610                  OEMB1055

      ASPT                                    032610                  PerfTune

      OSFR                                   032610                  OEMOSFR

    Thursday, November 15, 2012 5:42 PM

Answers

  •  

    Download the SP1 Refresh for your language and edition from the links on these pages...

     

    Heidoc - Microsoft DR Download links

     

    The links are for downloads from the Digital River servers run for MS, so are about as safe as you can get :)

     

    Once you have it downloaded, you then need to burn the DVD from it - use either the Windows Disk Image Burner, or (better still) your favourite burning application at the slowest speed possible.

     

    Note that you do NOT 'drag and drop' the file to the disk, you must use the 'burn an image'
    option from your app - or you'll end up with a useless coaster :)

     

    Once you have the  disk burnt, check that it boots the (or any other) system OK - but do NOT start
    the repair from there - you must start the repair from within a normal Windows boot.

     

    Follow the instructions in this tutorial - http://www.sevenforums.com/tutorials/3413-repair-install.html

    - and they should help you get through it (it's not as difficult as it looks!)

     

    Always ask questions first if you're unsure - either here, or in sevenforums.

     

    Good luck with it!



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, November 21, 2012 7:56 PM
    Moderator

All replies

  • The error you have is one that is often indicative of severe file corruption.

    Let's see if that's the case here...

     

    Please run a full CHKDSK and SFC scan....

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

     At the Command prompt, type

     CHKDSK C: /R

     and hit the Enter key.

     

     You will be told that the drive is locked,

     and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

     The CHKDSK will take a few hours depending on the size  of the drive, so be patient!

     After the CHKDSK has run, Windows should boot normally  (possibly after a second auto-reboot) -

     

    then run the SFC.

     

     SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     At the Command prompt, type

     SFC /SCANNOW

     and hit the Enter key

     

     Wait for the scan to finish - make a note of any error messages - and then reboot.

     Copy the CBS.log file created to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive (http://skydrive.live.com ) and post a link to it so that I can take a look.

     

    Post a new MGADiag report with details of any error messages encountered.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, November 15, 2012 6:08 PM
    Moderator
  • I have completed both scans without incident. However, the “CBS.log” file is nowhere to be found. The second scan said it found no problems with integrity… Perhaps that is why it did not create the log file?

    Ps- thanks for the fast reply! J

    Thursday, November 15, 2012 6:54 PM
  • The CHKDSK alone usually takes over an hour - or are you using a small/SSD drive?

    The CBS.log file is at C:\Windows\Logs\CBS\CBS.log

    Please run the CheckSUR tool from http://support.microsoft.com/kb/947821

    (you'll need to look in the details for Method 2)

     

    Then zip the CheckSUR.log and upload it to your public SkyDrive so I can take a look - post
    a link in your reply.

     

    The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on
    how much it has to do, and may exit silently - it may appear to freeze for most
    of that time, but be patient.



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, November 15, 2012 7:03 PM
    Moderator
  • Yes I am running it from an SSD drive boot times are much faster.

    Before reading your reply I ran it again and found it in C:\Windows\Logs\CBS.log and have uploaded it to the SkyDrive link you provided. It was a little creapy that the SkyDrive new my full name... :)

    I am running the CheckSUR tool now and will upload it ASAP.

    Thursday, November 15, 2012 7:10 PM
  • The SkyDrive uses whatever details you registered with your Windows LiveID (Passport, as was)

    please post a link to the folder


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, November 15, 2012 7:27 PM
    Moderator
  • These are the links:

    "h t t p s://skydrive.live.com/redir?resid=669D2BE2C84185F1!151&authkey=!AJh0973XSpDELUo"

    "h t t p s://skydrive.live.com/redir?resid=669D2BE2C84185F1!152&authkey=!AFGw5FYZzog4QHI"

    without the spaces...

    Thursday, November 15, 2012 7:35 PM
  • This could take a little while - the errors in the CheckSUR log are ones I've never dealt with, so I'm going to have to talk to someone about it.

    The SFC log is clear, so far as I can see.

    (To be honest - the errors I see in the log aren't ones that I would consider likely to cause problems with activation/validation)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, November 15, 2012 10:00 PM
    Moderator
  • ok well I appreciate the assistance.
    Thursday, November 15, 2012 10:15 PM
  • Hi Seawulf,

    Noel has asked me for some pointers in this thread, so here I am :)

    In order to best fix your issue, we are going to need more information on this problem. Your CheckSUR log is indicating registry problems, so could you upload your COMPONENTS registry hive please? It is located here:

    C:\Windows\system32\config\COMPONENTS (it has no file extension)

    Thanks!

    Tom

    Saturday, November 17, 2012 12:38 PM
  • Thanks for coming in, Tom!

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, November 17, 2012 12:56 PM
    Moderator
  • Saturday, November 17, 2012 4:44 PM
  • Hi Carl,

    Thanks for the registry hive. It appears we need to do more digging though.

    Batch File

    Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

    1. Click on the Start button and in the search box, type Notepad and click on it
    2. Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
      echo "Log Start" > %userprofile%\Desktop\tom982.txt
      
      REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing /s >> %userprofile%\Desktop\tom982.txt
      
      echo EOF >> %userprofile%\Desktop\tom982.txt

    3. Go to File > Save As... and save it to your Desktop named fix.bat. Make sure you change the Save as type to All Files (*.*)
    4. Locate fix.bat on your Desktop and right click then select Run as administrator

    This will generate a file, tom982.txt, on your Desktop. Please upload this to your Skydrive and send me the link :) It will be a very long log! But it's easier to do one big search rather than try and find it with lots of small ones.

    Tom


    • Edited by tom982 Monday, November 19, 2012 11:07 AM
    Monday, November 19, 2012 11:06 AM
  • Seawulf

    I ASSumed that the reason that you 'broke' the link in your response was because of the site's anti-spam verification restrictions, so I 'unbroke' it for you :)

    If I was wrong - my apologies, and either you can correct it, or I will do it.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, November 19, 2012 11:18 AM
    Moderator
  • You assumed correctly. :) Thank you.

    I have attempted email verification to no avail so the spaces will still be needed.

    Sadly the file created is rather small. I have uploaded it and the fix.bat that I created. I did run it as administrator, but the result seems barren.


    https://skydrive.live.com/redir?resid=669D2BE2C84185F1!154&authkey=!AOD3EXUrcm6IXA8


    Monday, November 19, 2012 4:36 PM
  • There is no email verification - it's automatic after a period of time (MS are still tweaking the system)

    The technical forms were being sujected to a number of spam attacks, which were taking more and more admin time to manually control - hence the 'verification' period.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, November 19, 2012 4:41 PM
    Moderator
  • I see, well thanks for the insight. The Settings page allows email verification (for updates) so I tried that in hopes it would work.

    Monday, November 19, 2012 4:44 PM
  • It seems Tom  missed the final quote (") off the command - so it was mis-interpreted.

    Please run this one instead

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" /s >> %userprofile%\Desktop\tom982.txt


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, November 19, 2012 4:47 PM
    Moderator
  • I see, well thanks for the insight. The Settings page allows email verification (for updates) so I tried that in hopes it would work.

    That just confirms the email you use for update notification - it's not for account verifiation (you're not the only person that's been confused, and I'm still trying to work out a decent advisory on how to post an MGADiag report under the restrictions, since every genuine report - and most of the non-genuine reports - contain at least 4 'banned' links under the new rules!)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, November 19, 2012 5:00 PM
    Moderator
  • Run which one? I see a slider

    Monday, November 19, 2012 5:03 PM
  • Run which one? I see a slider

    It's a one liner... I'll include Tom's EOF finish as well here.

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" /s > %userprofile%\Desktop\tom982.txt

    echo EOF >> %userprofile%\Desktop\tom982.txt

    ...and in teh code box....

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" /s > %userprofile%\Desktop\tom982.txt
    echo EOF >> %userprofile%\Desktop\tom982.txt
    :)

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Monday, November 19, 2012 5:11 PM
    Moderator
  • Which one?
    Monday, November 19, 2012 5:13 PM
  • h t t p s://skydrive.live.com/redir?resid=669D2BE2C84185F1!155&authkey=!AO41LW5_okrsBfo
    Monday, November 19, 2012 5:28 PM
  • Which one?

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" /s > %userprofile%\Desktop\tom982.txt
    echo EOF >> %userprofile%\Desktop\tom982.txt
    
    


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, November 19, 2012 5:31 PM
    Moderator
  • Monday, November 19, 2012 5:36 PM
  • Hi Seawulf,

    Ah ha, there's the problem. Your registry was missing the CurrentState and Visibility values all together, so let's make them:

    Backing Up Your Registry

    Registry Backup

      The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
      Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

    1. Download ERUNT from here: h ttp://www.geekstogo.com/forum/index.php?autocom=downloads&amp;showfile=113
      (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
    2. Install ERUNT by following the prompts
      (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
    3. Start ERUNT
      (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
    4. Choose a location for the backup
      (the default location is C:\WINDOWS\ERDNT which is acceptable).
    5. Make sure that at least the first two check boxes are ticked
    6. Press OK
    7. Press YES to create the folder.


    Registry Modifications

    1. Go to Start > Run to bring up the run box
    2. In the box, type notepad.exe and press OK to open Notepad
    3. Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-PhotoPremiumPackage~31bf3856ad364e35~amd64~~6.1.7600.16385\Owners] "CurrentState"=dword:00000070
      "Visibility"=dword:00000002
    4. Go to File > Save As... and save it to your Desktop named Fix.reg. Make sure you change the Save as type to All Files (*.*)
    5. Locate Fix.reg on your Desktop and double-click on it to merge it with your registry
    6. Answer Yes when prompted about merging with the registry

    Tom


    • Edited by tom982 Monday, November 19, 2012 6:21 PM
    Monday, November 19, 2012 6:20 PM
  • Ok, well that was cool... It doesn't say I am illegal anymore but it still gives errors trying to update Windows or Security essentials:

    "WindowsUpdate_C004F076" "WindowsUpdate_dt000"

    and

    Error code: 0xc004f076

    respectivley...

    Monday, November 19, 2012 6:45 PM
  • Plese post a new MGADiag report - I suspect I know what the problem is going to be.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, November 19, 2012 6:56 PM
    Moderator
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-42H2H-CM3GX-6V84D
    Windows Product Key Hash: ferZ5HIX01LTptaQsw0a7M/jD3o=
    Windows Product ID: 00426-292-7267024-85431
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {947DA16E-A89B-4D9F-A4DF-14778745E76C}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{947DA16E-A89B-4D9F-A4DF-14778745E76C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6V84D</PKey><PID>00426-292-7267024-85431</PID><PIDType>5</PIDType><SID>S-1-5-21-154956519-3706681310-2219728332</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0905   </Version><SMBIOSVersion major="2" minor="6"/><Date>20100326000000.000000+000</Date></BIOS><HWID>3A8F3607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
    Error: 0xC004F012

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 9:19:2012 00:42
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: OAAAAAEABAABAAEAAAAEAAAAAgABAAEAln08fUNIHL9CxoCWyt78dUi4TpF+upZ2M12ML+wsdlY=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   032610  APIC1055
      FACP   032610  FACP1055
      HPET   032610  OEMHPET
      MCFG   032610  OEMMCFG
      OEMB   032610  OEMB1055
      ASPT   032610  PerfTune
      OSFR   032610  OEMOSFR

    Monday, November 19, 2012 7:20 PM
  • Hmm - what I was expecting to see is probably hidden by the major error that still remains.

    Please run the following cmmands and post the results...

    ICACLS c:\Windows\System32\spp\plugin-manifests-signed\*.* REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Modules\c42d83ff-5958-4af4-a0dd-ba02fed39662" /S



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth



    Monday, November 19, 2012 7:53 PM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\Kraut>ICACLS c:\Windows\System32\spp\plugin-manifests-signed\*.*
    c:\Windows\System32\spp\plugin-manifests-signed\sppobjs-spp-plugin-manifest-sign
    ed.xrm-ms NT SERVICE\TrustedInstaller:(F)

              BUILTIN\Administrators:(RX)

              NT AUTHORITY\SYSTEM:(RX)

              BUILTIN\Users:(RX)

    c:\Windows\System32\spp\plugin-manifests-signed\sppwinob-spp-plugin-manifest-sig
    ned.xrm-ms NT SERVICE\TrustedInstaller:(F)

               BUILTIN\Administrators:(RX)

               NT AUTHORITY\SYSTEM:(RX)

               BUILTIN\Users:(RX)

    Successfully processed 2 files; Failed processing 0 files

    C:\Users\Kraut>

    Monday, November 19, 2012 8:15 PM
  • There's a second command in the box - it may be hidden....

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Modules\c42d83ff-5958-4af4-a0dd-ba02fed39662" /S


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, November 19, 2012 8:27 PM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\Kraut>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Curre
    ntVersion\SoftwareProtectionPlatform\Plugins\Modules\c42d83ff-5958-4af4-a0dd-ba0
    2fed39662" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtecti
    onPlatform\Plugins\Modules\c42d83ff-5958-4af4-a0dd-ba02fed39662
        ManifestFile    REG_SZ    %windir%\system32\spp\plugin-manifests-signed\sppo
    bjs-spp-plugin-manifest-signed.xrm-ms
        PluginFile    REG_SZ    %windir%\system32\sppobjs.dll


    C:\Users\Kraut>

    Monday, November 19, 2012 8:32 PM
  • They look OK

    please run the following

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Modules" /s



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, November 19, 2012 9:44 PM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\Kraut>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Curre
    ntVersion\SoftwareProtectionPlatform\Plugins\Modules" /s

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtecti
    onPlatform\Plugins\Modules\179b8a65-b0f6-41d9-acea-12006ef9b32a
        ManifestFile    REG_SZ    %windir%\system32\spp\plugin-manifests-signed\sppw
    inob-spp-plugin-manifest-signed.xrm-ms
        PluginFile    REG_SZ    %windir%\system32\sppwinob.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtecti
    onPlatform\Plugins\Modules\c42d83ff-5958-4af4-a0dd-ba02fed39662
        ManifestFile    REG_SZ    %windir%\system32\spp\plugin-manifests-signed\sppo
    bjs-spp-plugin-manifest-signed.xrm-ms
        PluginFile    REG_SZ    %windir%\system32\sppobjs.dll


    C:\Users\Kraut>

    Monday, November 19, 2012 10:06 PM
  • Maybe we'd better have a new SFC result....

    Please run SFC /SCANNOW again, and post the new CBS.log - things may have changed


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, November 20, 2012 12:40 PM
    Moderator
  • Will do... the original "you may be a victim.." has returned again...
    Tuesday, November 20, 2012 2:04 PM
  • That's no surprise at all :(
    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
    Error: 0xC004F012

    ..will always result in a non-genuine state, but it may take a while for the system to notice :)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, November 20, 2012 2:29 PM
    Moderator
  • Tuesday, November 20, 2012 2:31 PM
  • That's clear.

    Please post another MGADiag report - I have to go out, but I'll read it in the morning and see where we go from there.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, November 20, 2012 4:41 PM
    Moderator
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-42H2H-CM3GX-6V84D
    Windows Product Key Hash: ferZ5HIX01LTptaQsw0a7M/jD3o=
    Windows Product ID: 00426-292-7267024-85431
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {947DA16E-A89B-4D9F-A4DF-14778745E76C}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{947DA16E-A89B-4D9F-A4DF-14778745E76C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6V84D</PKey><PID>00426-292-7267024-85431</PID><PIDType>5</PIDType><SID>S-1-5-21-154956519-3706681310-2219728332</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0905   </Version><SMBIOSVersion major="2" minor="6"/><Date>20100326000000.000000+000</Date></BIOS><HWID>3A8F3607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
    Error: 0xC004F012

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 9:19:2012 00:42
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: OAAAAAEABAABAAEAAAAEAAAAAgABAAEAln08fUNIHL9CxoCWyt78dUi4TpF+upZ2M12ML+wsdlY=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   032610  APIC1055
      FACP   032610  FACP1055
      HPET   032610  OEMHPET
      MCFG   032610  OEMMCFG
      OEMB   032610  OEMB1055
      ASPT   032610  PerfTune
      OSFR   032610  OEMOSFR

    Tuesday, November 20, 2012 4:59 PM
  • Thie will almost certainly fail - but the errors may give us clues....

    go to www.microsoft.com/genuine/validate  - what happens?

    (assuming it fails)

    go to www.microsoft.com/genuine/diag  - what is shown as failing (if anything)?

    follow any instructions there - and then attempt validation again at....

    www.microsoft.com/genuine/validate

    what happens this time?

    post a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, November 20, 2012 10:04 PM
    Moderator
  • Genuine Microsoft Software – Diagnostic Site

    Diagnostic Error Error Code More Information

    What is the purpose of this site?

    These diagnostic pages will help you ensure that your Internet Explorer (6.0 or later) settings are configured properly to see images, run scripts, and allow ActiveX controls to download and run.

    Genuine Microsoft Software Diagnostic Results

    Passed Active scripting allowed
    Passed Display images enabled
    Passed Computer time and date correct
    Passed Cookies enabled
    Passed ActiveX enabled
    Wednesday, November 21, 2012 5:24 AM
  • The other sites besides the one that said it all passed just spin forever... :(
    Wednesday, November 21, 2012 5:25 AM
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-42H2H-CM3GX-6V84D
    Windows Product Key Hash: ferZ5HIX01LTptaQsw0a7M/jD3o=
    Windows Product ID: 00426-292-7267024-85431
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {947DA16E-A89B-4D9F-A4DF-14778745E76C}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{947DA16E-A89B-4D9F-A4DF-14778745E76C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6V84D</PKey><PID>00426-292-7267024-85431</PID><PIDType>5</PIDType><SID>S-1-5-21-154956519-3706681310-2219728332</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0905   </Version><SMBIOSVersion major="2" minor="6"/><Date>20100326000000.000000+000</Date></BIOS><HWID>3A8F3607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
    Error: 0xC004F012

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 9:19:2012 00:42
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NgAAAAEABAABAAEAAAAEAAAAAQABAAEAln08fUNIHL9CxoCWyt78dUi4TpF+upZ2M12ML3ZW

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   032610  APIC1055
      FACP   032610  FACP1055
      HPET   032610  OEMHPET
      MCFG   032610  OEMMCFG
      OEMB   032610  OEMB1055
      ASPT   032610  PerfTune
      OSFR   032610  OEMOSFR

    Wednesday, November 21, 2012 5:28 AM
  • I am seriously wondering if this is a forced upgrade ploy from MS... :(
    Wednesday, November 21, 2012 5:29 AM
  • They're not that clever :)

    Please open an Elevated COmmand Prompt, and run the following command...

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Modules\c42d83ff-5958-4af4-a0dd-ba02fed39662" /S
     
    

    post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, November 21, 2012 9:38 AM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
    CurrentVersion\SoftwareProtectionPlatform\Plugins\Modules\c42d83ff-5958-4af4-a0d
    d-ba02fed39662" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtecti
    onPlatform\Plugins\Modules\c42d83ff-5958-4af4-a0dd-ba02fed39662
        ManifestFile    REG_SZ    %windir%\system32\spp\plugin-manifests-signed\sppo
    bjs-spp-plugin-manifest-signed.xrm-ms
        PluginFile    REG_SZ    %windir%\system32\sppobjs.dll


    C:\Windows\system32>

    Wednesday, November 21, 2012 5:40 PM
  • I think we're down to two options now :(

    1) a repair install - post back for more details if you opt for this route.

    2) MS WGA Support - which may or may not be free (they keep on making it harder to find a way through the maze to the free support),

    WGA Support can be found here

     

    North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4

     

    Outside North America: http://support.microsoft.com/contactus/?ws=support#tab0

     

    Please let us know if (and how) MS manage to repair the problem without a repair install of the OS - it would be useful for future reference!    


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, November 21, 2012 6:39 PM
    Moderator
  • I was leaning toward the repair already so I would appreciate any tips which will reduce the pain... :)
    Wednesday, November 21, 2012 6:58 PM
  •  

    Download the SP1 Refresh for your language and edition from the links on these pages...

     

    Heidoc - Microsoft DR Download links

     

    The links are for downloads from the Digital River servers run for MS, so are about as safe as you can get :)

     

    Once you have it downloaded, you then need to burn the DVD from it - use either the Windows Disk Image Burner, or (better still) your favourite burning application at the slowest speed possible.

     

    Note that you do NOT 'drag and drop' the file to the disk, you must use the 'burn an image'
    option from your app - or you'll end up with a useless coaster :)

     

    Once you have the  disk burnt, check that it boots the (or any other) system OK - but do NOT start
    the repair from there - you must start the repair from within a normal Windows boot.

     

    Follow the instructions in this tutorial - http://www.sevenforums.com/tutorials/3413-repair-install.html

    - and they should help you get through it (it's not as difficult as it looks!)

     

    Always ask questions first if you're unsure - either here, or in sevenforums.

     

    Good luck with it!



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, November 21, 2012 7:56 PM
    Moderator