Vista: no Windows Updates / invalid license / Software Licensing service won't run

All replies

• 

  

  1

  Sign in to vote

  "howardandval" wrote in message news:40f9b1b3-18ae-4680-8bdb-e4999766f67d...

  Hi gang. Sorry to take up everyone's time here but I'm sitting here with a desktop PC I'm very reluctant to turn off in case Windows doesn't start again. . . Situation is:

  User location: Cumbria, United Kingdom

  Computer: Dell Studio Sllim 540s with Vista Home Premium SP 2 build 6002 installed (32-bit).

  Purchase date: December 14th, 2009. Currently under Dell 3-year warranty.

  Windows Update user setting: Advise me of new updates but let me choose which to select and install.

  Date of last Windows update: 15/09/2010

  Date of Windows failure to update notification: yesterday, October 22nd. (No failure notification given before this date)

  Error code: 80070426

  Error description: Windows Activation Error reporting states: The service has not been started.

  Computer System (Dell) display: Windows activation: This copy of Windows is not activated. Click here to activate Windows now. Product ID: xxxxx-OEM-7332157-0xxxx (license numbers redacted for this post)

  System condition: excellent, no problems. Avast antivirus updates every morning; Online Armor firewall updates as and when.

  System protection: Avast real-time shield / Online Armor firewall / router firewall / WinPatrol Pro.

  Malware / spyware: none found.

  Remedies attempted: the following remedies have been attempted after searching for information here and at Dell:

  (1) Services.  Remedy: Automatic Updates, startup type list, automatic. Outcome: Automatic Updates is not listed in my Services so I cannot actually amend / configure anything under this heading.

  (2) Administrator: C\Windows\system32\cmd.exe. Remedy: net start slsvc. Outcome: System 3 error has occurred. The system cannot find the path specified.

  Remedy not attempted: System Restore. The earliest System restore point for this computer is October 12th. As whatever problem occurring here seems most likely to have occurred not long after the September 15th update, using System restore to roll back seemed pointless.

  Diagnostics, summary: (a) Invalid License;* (b) Software Licensing service not running.

  (* However: product ID and Product Key showing in BELARC Advisor report both appear to match those shown by Microsoft Genuine Advantage Diagnostic Tool)

  Diagnostics, full report:

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  Validation Status: Invalid License
  Validation Code: 50
  Cached Online Validation Code: N/A, hr = 0x80070426
  Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
  Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
  Windows Product ID: 89578-OEM-7332157-00204
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.0.6002.2.00010300.2.0.003
  ID: {5418AD52-256F-4EAB-92A0-95896F9DCC23}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: Registered, 1.9.42.0
  Signed By: Microsoft
  Product Name: Windows Vista (TM) Home Premium
  Architecture: 0x00000000
  Build lab: 6002.vistasp2_gdr.100608-0458
  TTS Error: M:20091223173556932-
  

  Vista is in, what we call a 'Mod-Auth' Tamper state.  There are 2 types of Mod-Auth tampers.

  1)    A critical system file was modified On Disk - What this means is that the file, located on the hard drive, was modified in some way. This can be caused by a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off-chance that the roll back did not occur.

   

  2)    A critical system file was modified In Memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way and is caused by a running program that is incompatible with Vista.

   

    Because there is No Mismatched files listed under the "File Scan Data-->" line of your Diagnostic Report, we know that your issue is an In Memory Mod-Auth and therefore caused by an incompatible program. This means there is a program install and Running that is trying to access parts of the OS that Vista does not allow, which by definition, means it is incompatible with Vista.

  NOTE: We have seen an increase in this type of issue and we believe it is unlikely that software writers are still making programs that are incompatible with Vista. Instead, we believe that a majority of the issues are being caused by Malware that are doing the same things (on purpose) as incompatible programs do (by accident).

   

    In addition to why a Mod-Auth occurs, it's also important to understand how Vista detects a Mod-Auth event. There is a Service that runs in Vista that detects a Tamper to a Critical System file. But this Service runs randomly, so if you were to install an incompatible program and run it, Vista (most likely) would not immediately enter a Mod-Auth  State and it could take some time for the Mod-Auth to be detected. The important point to note is that the moment Vista detects the Mod-Auth, you know that the program that is causing the Mod-Auth, is currently running.

   

     Below I have provided a number of steps to help you identify the program that is causing the tamper:
   
    First, go to http://support.microsoft.com/kb/931699/ and confirm that you do not have any of the programs known to cause this type of issue.
   
    Second, in your Diagnostic report above, you can see the line that starts with 'TTS Error:' followed by a bunch numbers: M:20091223173556932- This is the Tamper Time Stamp and it breaks down like this:

      (year)  (month) (day) (time in 24format) (millisecond)
  M:2009    12        23        1735                    56932

  
  Now that you know the time of the tamper, you can now try to connect that time with a program.

  1)    Login to Vista and select the option that launches an Internet Browser

  2)    Type into the browser address bar: %windir%\system32\perfmon.msc and hit Enter

  3)    When asked if you want to Open or Save this file, select Open

  4)     In the left hand panel, click Reliability Monitor

  5)    Click on the “System Stability Chart” above the date 23 Dec 2009 

  6)    Below the chart, in the “System Stability Report” section look at the report titled "Software (Un)Installs for 23 Dec 2009 "

  7)    Look for any program that shows "Application Install" in the 'Activity' column.

  8)    Since the process that detects Tampers runs randomly, it can take up to 3 days for the process to detect the tamper and set Vista to a Tamper State. Because of this, please repeat steps 5) thru 7) for the dates 21/12, 22/12 2009  (or around the date the issue first occurred)

    This could tell you what programs were installed on or around the Tamper date and should help you narrow down the possible programs that could be causing the issue. Unfortunately, if you installed the program at some time in the past, but didn’t run it till now, this process may not be helpful.  The removal of any application you may have installed recently could go a long way to troubleshooting this issues.

   

  Note: Since everyone has different programs installed on their computer, it is extremely hard for support to figure out what program is causing the problem, but if you still need assistance in identifying the Incompatible Program, please create a no cost support request at http://go.microsoft.com/fwlink/?linkid=52029

  Also Note: it has been found that Malware, such as Viruses and Trojans, can also be incompatible with Vista and can cause an In Memory Mod-Auth. A number of users (that were experiencing your same issue) have confirmed that a Malware infection was the cause. If you follow the above steps and cannot find a program that is causing the Mod-Auth, you may want to investigate if a Virus, Worm or Trojan may be to blame. You can contact PC Safety, which is a Microsoft group, which provides free assistance with Malware infections. I encourage you to use the ‘Windows Live Safety Scan for Windows Vista’ (http://onecare.live.com/site/en-us/center/whatsnew.htm) before contacting PC Safety.

  PC Safety:

  http://www.microsoft.com/protect/support/default.mspx

  http://onecare.live.com/site/en-us/center/whatsnew.htm

  
  

   

  
  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Saturday, October 23, 2010 7:03 PM

  Moderator
• 

  

  0

  Sign in to vote

  Noel: many, many thanks for the above -- the time you've spent and the amount of detail you've so kindly gone into is greatly appreciated. It being Saturday night here, we're about to go out (due to a previous commitment) but I will implement all your recommendations tomorrow and post back here with outcomes. Meantime, and again, sincere thanks from both of us, and apologies for any inconvenience inadvertently caused.

  Saturday, October 23, 2010 7:38 PM
• 

  

  1

  Sign in to vote

  "howardandval" wrote in message news:7fb607fb-2c6f-429b-b523-db7f31a4a107...

  Noel: many, many thanks for the above -- the time you've spent and the amount of detail you've so kindly gone into is greatly appreciated. It being Saturday night here, we're about to go out (due to a previous commitment) but I will implement all your recommendations tomorrow and post back here with outcomes. Meantime, and again, sincere thanks from both of us, and apologies for any inconvenience inadvertently caused.

  
  

  No problem - it's what I hang around for :)

  Good luck, and I hope it sorts your problem out - please post back with any further queries, or if you are unable to get it sorted.

  As you can see for yourself, it looks like your machine has had a problem since just before Christmas last year - that's an awful long time to be without updates in the modern world if, as I suspect, Windows has not been properly updating since then!

  My first thoughts on what may be causing the problem (from past posts) is Avast - it's not exactly a common problem, but it does seem that Avast is more likely to cause a Mod-Auth problem than other AV's.

  Second thought is to wonder why you have a third-party firewall present - I've never felt the need for one since XP introduce the Windows Firewall, and Win7's firewall is nearly as good as any commercial offering, and a lot less intrusive than all of them. Add in a router with NAT, and you already have a pretty good belt-and-braces to hold your trousers up:)

   

  Third, I've never liked WinPatrol - but that may simply be a prejudice from early days, as I've not played with it for years. I'd recommend using MalwareBytes Anti-Malware (www.malwarebytes.org) as a malware scanner in addition to both Avast and WinPatrol - see if it finds anything significant.

   

  WRT Updates services, note that most of the work for AU is done by the BITS service (Background Intelligent Transfer service) - which should be set to Automatic (Delayed Start), while Automatic Updates has been renamed to Windows Update in the Services table (also Auto/DS)

   

  The System 3 error you get when attempting to start the SLS suggests that you may have used a registry cleaner in the past - and this has destroyed a few entries - please go to the main Vista Validation forum page http://social.microsoft.com/Forums/en-US/genuinevista/threads/, look in the announcement section and follow the steps found in thread "Fix for ‘Software Licensing service Has Stopped’ on some Vista 64bit systems". Note that until we have resolved the Mod-Auth problem there is no point in attempting repair of anything else, especially until we see another MGADiag report.

  HTH, and good Luck!
  

  
  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Saturday, October 23, 2010 8:05 PM

  Moderator
• 

  

  0

  Sign in to vote

  Hi Neil! Again, many thanks from both of us for your help here: you have the experience and expertise we're both lacking! Anyway, before going further, and just to do a quick reference back to your most recent post:

  1) Services: unable to amend Auto Updates. Remedy: all credit to you, Neil -- we had absolutely no idea that particular entry's name has changed to Windows Update. And yes. . . It is there in this computer's Services (so that's one mystery resolved!)

  2) Windows Updates. This computer was purchased new from Dell and arrived on December 20th 2009. As I'm never sure of the time interval between manufacturer build date and customer acquisition, I immediately ran Windows Update on December 21st 2009. Looking at the update history, it seems -- quite literally -- that the computer successfully received and installed dozens of updates between then and September 15th this year.  So, um, I don't *think* I've missed anything. . . Hmmm!

  3) System 3 error, failure to start SLS. Oh Gawd, registry cleaners. I'm always (or think I am) ultra careful but for the life of me cannot remember what I may have used last December. Ironically, from January this year I've used jvPowerTools because (to me) it seems robust, careful, accurate and dependable. But did I use jv last December? I'm thinking not. As to why use a registry cleaner anyway on a computer so brand-new. . . unfortunately, Dell is one of those suppliers which lumber you with crapware / trialware and Heaven only knows what else, and I uninstalled that stuff (using Revo) at the earliest opportunity. And no, there were no side effects. . . except that, unbeknownst to me, the entry relating to SLS may have been deleted. As to a possible fix:

  4) Sorry, but I don't think I can use the procedure you kindly referred to. This computer is running Vista x32, not x64. The fix for 'software licensing has stopped' says it shouldn't be used on x32 OS.

  5) MGADiagnosis.  I checked out the install / uninstall activity for December 23, 2009. . . and it's absolutely packed with activity -- reams of it -- relating to 'Compatability Pack for 2007 Office System'; Microsoft Office Compatability Pack SP1 (seems to relate exclusively to PowerPoint); and Microsoft 2007 Office System Security Update. It's a lengthy list of application installs and application configuration changes, all of which were successful. The *only* non-Microsoft install activity on this date was SUPER Antispyware Free Edition.

  6) Re the above: I *think* Office 2007 was installed on this PC by Dell as a 60-day trial. I didn't want it or need it: I have Office 2000 Professional, genuine suite, paid for by us (!) and we certainly don't need anything better (especially not Word's bloat!) So *all of Office 2007* was uninstalled at some point after Christmas, and Office 2000 installed in its place. The suite has run perfectly since: no problems. As to SUPER: I used it for a while, then uninstalled, possibly in March or April this year.

  7) In the days surrounding December 23rd, there was, er, nothing afterwards until December 27th (on account of Christmas), and only Windows updates on December 21st and December 22nd.

  8) A lengthy OneCare LIve scan today produced no result other than:

  9) Protection. 1 Severe issue found. TrojanClicker:Win32/Yabector.b, sitting inside an executable file in the folder where I keep downloaded apps prior to installing 'em. This 'severe issue' was said to be in the Exact Audio Copy executable. Yes, well. . .

  10) I actually potter around with audio on this PC and vaguely remember the hoo-ha that occurred with EAC last year and the row about whether it was infecting computers worldwide with a Trojan. I couldn't for the life of me remember the outcome so asked OneCare to fix the problem. It couldn't. To be honest, this didn't surprise me at all, seeing as how this whole business of the "severe" EAC Trojan has been contentious from the get-go. Rather than mess around here with my own single AV scanner (Avast), I uploaded the 'infected' EAC executable to VirusTotal, with the result that 12 out of 43 scanners flagged it as a Trojan, but the rest did not. Those who *didn't* rate it as any kind of issue included specialists who I in turn rate as pretty reliable, viz: Sophos, Kaspersky, and TrendMicro.

  11) Having more or less exhaustively investigated this alleged Trojan today, I finally deleted the downloaded file. OneCare did *not* flag up any warning over the actual app itself, installed on this computer. But I've Revo'd it anyway on a deep scan.

  12) I also took the precaution a little while back of running jvPowerTools 2010 Pro again. It's reporting 100% Registry Health and 100% Computer health. (Though both would seem, er, fallible, in view of the failed Windows Update situation. . . (!!)

  13) Finally. . . I dunno, I've always lilked Bill P's Scottie, and it's never let me down. But: WinPatrol Pro loads on start-up, so, having noted your comment, I've now disabled it. As to firewalls, well, I had Comodo for years until I got fed up with its intrusiveness and amnesiac behaviour, and switched to TallEmu's Online Armor because it, er, worked. So I never considered using the Microsoft product (maybe now I should!) As to Avast. . . ah! I love it! In all honesty, it has been the best / lightest / most dependable AV I've ever used. Bar none. Over the years I must've used 'em all and at one time was wedded very firmly to Avira, but then the updates continually failed and all you got was the splashed nag-screen and finally, like thousands of other Avira users, I packed it in and went with Avast. I'm now wondering if I should uninstall Avast, bearing in mind your comment?

  Right. That's it. Apologies are due yet again, this time for such a lo-nnn-g post, but as before, I figured the more detail I stuck in, then -- hopefully! -- the better.

  * PS: the computer is still in Sleep mode operation. I still haven't dared to shut it down. . .

  All best, and thanks for your time, skill and patience:

  Howard

   

  Sunday, October 24, 2010 10:10 PM
• 

  

  1

  Sign in to vote

  "howardandval" wrote in message news:754e496c-35e5-410b-8d71-cf84acb42ec5...

  Hi Neil! Again, many thanks from both of us for your help here: you have the experience and expertise we're both lacking! Anyway, before going further, and just to do a quick reference back to your most recent post:

  1) Services: unable to amend Auto Updates. Remedy: all credit to you, Neil -- we had absolutely no idea that particular entry's name has changed to Windows Update. And yes. . . It is there in this computer's Services (so that's one mystery resolved!)

  2) Windows Updates. This computer was purchased new from Dell and arrived on December 20th 2009. As I'm never sure of the time interval between manufacturer build date and customer acquisition, I immediately ran Windows Update on December 21st 2009. Looking at the update history, it seems -- quite literally -- that the computer successfully received and installed dozens of updates between then and September 15th this year.  So, um, I don't *think* I've missed anything. . . Hmmm!

  3) System 3 error, failure to start SLS. Oh Gawd, registry cleaners. I'm always (or think I am) ultra careful but for the life of me cannot remember what I may have used last December. Ironically, from January this year I've used jvPowerTools because (to me) it seems robust, careful, accurate and dependable. But did I use jv last December? I'm thinking not. As to why use a registry cleaner anyway on a computer so brand-new. . . unfortunately, Dell is one of those suppliers which lumber you with crapware / trialware and Heaven only knows what else, and I uninstalled that stuff (using Revo) at the earliest opportunity. And no, there were no side effects. . . except that, unbeknownst to me, the entry relating to SLS may have been deleted. As to a possible fix:

  4) Sorry, but I don't think I can use the procedure you kindly referred to. This computer is running Vista x32, not x64. The fix for 'software licensing has stopped' says it shouldn't be used on x32 OS.

  5) MGADiagnosis.  I checked out the install / uninstall activity for December 23, 2009. . . and it's absolutely packed with activity -- reams of it -- relating to 'Compatability Pack for 2007 Office System'; Microsoft Office Compatability Pack SP1 (seems to relate exclusively to PowerPoint); and Microsoft 2007 Office System Security Update. It's a lengthy list of application installs and application configuration changes, all of which were successful. The *only* non-Microsoft install activity on this date was SUPER Antispyware Free Edition.

  6) Re the above: I *think* Office 2007 was installed on this PC by Dell as a 60-day trial. I didn't want it or need it: I have Office 2000 Professional, genuine suite, paid for by us (!) and we certainly don't need anything better (especially not Word's bloat!) So *all of Office 2007* was uninstalled at some point after Christmas, and Office 2000 installed in its place. The suite has run perfectly since: no problems. As to SUPER: I used it for a while, then uninstalled, possibly in March or April this year.

  7) In the days surrounding December 23rd, there was, er, nothing afterwards until December 27th (on account of Christmas), and only Windows updates on December 21st and December 22nd.

  8) A lengthy OneCare LIve scan today produced no result other than:

  9) Protection. 1 Severe issue found. TrojanClicker:Win32/Yabector.b, sitting inside an executable file in the folder where I keep downloaded apps prior to installing 'em. This 'severe issue' was said to be in the Exact Audio Copy executable. Yes, well. . .

  10) I actually potter around with audio on this PC and vaguely remember the hoo-ha that occurred with EAC last year and the row about whether it was infecting computers worldwide with a Trojan. I couldn't for the life of me remember the outcome so asked OneCare to fix the problem. It couldn't. To be honest, this didn't surprise me at all, seeing as how this whole business of the "severe" EAC Trojan has been contentious from the get-go. Rather than mess around here with my own single AV scanner (Avast), I uploaded the 'infected' EAC executable to VirusTotal, with the result that 12 out of 43 scanners flagged it as a Trojan, but the rest did not. Those who *didn't* rate it as any kind of issue included specialists who I in turn rate as pretty reliable, viz: Sophos, Kaspersky, and TrendMicro.

  11) Having more or less exhaustively investigated this alleged Trojan today, I finally deleted the downloaded file. OneCare did *not* flag up any warning over the actual app itself, installed on this computer. But I've Revo'd it anyway on a deep scan.

  12) I also took the precaution a little while back of running jvPowerTools 2010 Pro again. It's reporting 100% Registry Health and 100% Computer health. (Though both would seem, er, fallible, in view of the failed Windows Update situation. . . (!!)

  13) Finally. . . I dunno, I've always lilked Bill P's Scottie, and it's never let me down. But: WinPatrol Pro loads on start-up, so, having noted your comment, I've now disabled it. As to firewalls, well, I had Comodo for years until I got fed up with its intrusiveness and amnesiac behaviour, and switched to TallEmu's Online Armor because it, er, worked. So I never considered using the Microsoft product (maybe now I should!) As to Avast. . . ah! I love it! In all honesty, it has been the best / lightest / most dependable AV I've ever used. Bar none. Over the years I must've used 'em all and at one time was wedded very firmly to Avira, but then the updates continually failed and all you got was the splashed nag-screen and finally, like thousands of other Avira users, I packed it in and went with Avast. I'm now wondering if I should uninstall Avast, bearing in mind your comment?

  Right. That's it. Apologies are due yet again, this time for such a lo-nnn-g post, but as before, I figured the more detail I stuck in, then -- hopefully! -- the better.

  * PS: the computer is still in Sleep mode operation. I still haven't dared to shut it down. . .

  All best, and thanks for your time, skill and patience:

  Howard

   

  
  

  I was kinda afraid that you were going to come back with the news that the problem has existed since the initial installation flurry :)
  Please try uninstalling Avast, rebooting, and then running a new MGADiag report - you can then install a fresh download of Avast, if you like. (especially if the Mod-Auth tamper is still present)

  I'd also do a scan with MalwareBytes - it may find something different to the other stuff, which could point us in the right direction.

  
  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Monday, October 25, 2010 8:25 AM

  Moderator
• 

  

  0

  Sign in to vote

  Hi Neil.Sorry to have to come back again  and pester. . . OK, here we go then:

  1) Malwarebytes full scan. Result: no infections found.

  2) Avast antivirus uninstalled using software's uninstaller (not Revo.) Computer shut down (yes, I finally risked it!) and re-started, and then re-booted again (after an uninstall of anything as deeply hooked as an AV, I always do two re-boots.)

  3) Online Armor disabled at start up.

  4) WinPatrol disabled at start up.

  5) Following on from a tip I remembered reading elsewhere on these forums about problems in starting the Software Licensing Service, I changed the Windows System32 attributes from 'read only'. According to number of posters, unchecking this solved their problems, i.e., they could now simply click start, and Software Licensing Services ran without a hitch. I haven't a clue why changing the attributes of this folder could result in so immediate an improvement in so many cases.

  6) In Services, I set all relevant entries to their required values, viz: Windows Updates / automatic; Windows Installer / manual; Background Intelligent Transfer Service / manual.

  7) I then re-booted. The computer, said by Malwarebytes to be infection-free, now started without  Avast anti-virus; Online Armor firewall; WinPatrol monitor; with System32 'read-only' unchecked; and with all relevant Service entries at their required settings. 

  8) Result: no change. After a few moments, the warning screen appeared about the inability to check for Windows Updates. I then used cmd to net start slsvc. Result: no change: 'System 3 error. The system cannot find the path specified.'

  9) I then ran Windows Genuine Advantage Diagnostic Tool, with the following result:

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  Validation Status: Genuine
  Validation Code: 0
  Cached Online Validation Code: N/A, hr = 0x80070426
  Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
  Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
  Windows Product ID: 89578-OEM-7332157-00204
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.0.6002.2.00010300.2.0.003
  ID: {5418AD52-256F-4EAB-92A0-95896F9DCC23}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: Registered, 1.9.42.0
  Signed By: Microsoft
  Product Name: Windows Vista (TM) Home Premium
  Architecture: 0x00000000
  Build lab: 6002.vistasp2_gdr.100608-0458
  TTS Error: M:20091223173556932-
  Validation Diagnostic:
  Resolution Status: N/A

  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002

  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002

  OGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  OGAExec.exe Signed By: N/A, hr = 0x80070002
  OGAAddin.dll Signed By: N/A, hr = 0x80070002

  OGA Data-->
  Office Status: 109 N/A
  OGA Version: N/A, 0x80070002
  Signed By: N/A, hr = 0x80070002
  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

  Browser Data-->
  Proxy settings: N/A
  User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
  Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed

  File Scan Data-->

  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{5418AD52-256F-4EAB-92A0-95896F9DCC23}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-182430996-3635425936-1853046939</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio Slim 540s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.12</Version><SMBIOSVersion major="2" minor="5"/><Date>20090511000000.000000+000</Date></BIOS><HWID>68303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>AS09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

  Spsys.log Content: U1BMRwEAAAAAAQAABAAAADMYAAAAAAAAYWECAASg44eLlHzPVILKARhy9171jCizkdIEkQaJZ670tIziSnbCjjGE0TGfHNbAVqzPheO5BEsdUGgtFJguwKgON3PxLbxZnJWMm7YDMIu+LK/+SDPcsDBO745qsnkJsEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTBYC/G/amipOp+xBjXwWbbP9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo725nC7v1JIKy7Fhxh6qIspY2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeu93lDEkTacIeazWNoNHbFHHzedG4ByVLkF/JMcfKRNbyoDjdz8S28WZyVjJu2AzCL4tTYvTsyqTCR/LmOrP9++rBBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwWAvxv2poqTqfsQY18Fm2z/UvxlA2HnHjxUSjP5Xkve28TlVZvXyAmVJHx3QzW6O9uZwu79SSCsuxYcYeqiLKWNjuj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

  Licensing Data-->
  Software Licensing service is not running.

  Windows Activation Technologies-->
  N/A

  HWID Data-->
  HWID Hash Current: OgAAAAEABAABAAEAAQACAAAABAABAAEAeqhoZjAkdJTQC4Q0RrwEadaW8vQa7CbYckGsVlB6UXpGyg==

  OEM Activation 1.0 Data-->
  N/A

  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20000
  OEMID and OEMTableID Consistent: yes
  BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC   051109  APIC1620
    FACP   051109  FACP1620
    HPET   051109  OEMHPET
    MCFG   051109  OEMMCFG
    SLIC   DELL    AS09  
    OEMB   051109  OEMB1620
    GSCI   051109  GMCHSCI
    SSDT   DpgPmm  CpuPm

  
  I'm really not that bright enough to detect any meaningful difference between this report and that of two days ago. But I don't think anything has altered.

  I'm now going to re-install Avast anti-virus as its absence seems not to have improved the situation. I'm also going to re-enable OnlilneArmor at start-up. I'm also changing the system32 properties back to their original attribute of 'read only'.

  As noted, apart from the warning about Windows Update's inability to 'check for updates', this computer is running as smoothly as the day it was first booted up. It has never crashed, never been unstable, and never let me down.

  I'm still at a loss to understand how an error that seemingly occurred on or around December 23rd 2009 did not manifest itself in an update failure warning until around October 23 2010. . . and, of course, I'm still baffled as to why, having already received and installed 204 Microsoft updates (according to Update History) Windows Activation is reporting that 'this copy of Windows is not activated' (though of course, it's presumably all part-and-parcel of the same problem!)

  Sorry to have to come back with such dismal news. . .

   

  Howard  

   

   

  Monday, October 25, 2010 12:11 PM
• 

  

  1

  Sign in to vote

  "howardandval" wrote in message news:94507e3b-9a51-4127-9d19-de0d2850e28d...

  Hi Neil.Sorry to have to come back again  and pester. . . OK, here we go then:

  1) Malwarebytes full scan. Result: no infections found.

  2) Avast antivirus uninstalled using software's uninstaller (not Revo.) Computer shut down (yes, I finally risked it!) and re-started, and then re-booted again (after an uninstall of anything as deeply hooked as an AV, I always do two re-boots.)

  3) Online Armor disabled at start up.

  4) WinPatrol disabled at start up.

  5) Following on from a tip I remembered reading elsewhere on these forums about problems in starting the Software Licensing Service, I changed the Windows System32 attributes from 'read only'. According to number of posters, unchecking this solved their problems, i.e., they could now simply click start, and Software Licensing Services ran without a hitch. I haven't a clue why changing the attributes of this folder could result in so immediate an improvement in so many cases.

  6) In Services, I set all relevant entries to their required values, viz: Windows Updates / automatic; Windows Installer / manual; Background Intelligent Transfer Service / manual.

  7) I then re-booted. The computer, said by Malwarebytes to be infection-free, now started without  Avast anti-virus; Online Armor firewall; WinPatrol monitor; with System32 'read-only' unchecked; and with all relevant Service entries at their required settings. 

  8) Result: no change. After a few moments, the warning screen appeared about the inability to check for Windows Updates. I then used cmd to net start slsvc. Result: no change: 'System 3 error. The system cannot find the path specified.'

  9) I then ran Windows Genuine Advantage Diagnostic Tool, with the following result:

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  Validation Status: Genuine
  Validation Code: 0
  Cached Online Validation Code: N/A, hr = 0x80070426
  Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
  Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
  Windows Product ID: 89578-OEM-7332157-00204
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.0.6002.2.00010300.2.0.003
  ID: {5418AD52-256F-4EAB-92A0-95896F9DCC23}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: Registered, 1.9.42.0
  Signed By: Microsoft
  Product Name: Windows Vista (TM) Home Premium
  Architecture: 0x00000000
  Build lab: 6002.vistasp2_gdr.100608-0458
  TTS Error: M:20091223173556932-
  

  Licensing Data-->
  Software Licensing service is not running.

  
  I'm really not that bright enough to detect any meaningful difference between this report and that of two days ago. But I don't think anything has altered.

  I'm now going to re-install Avast anti-virus as its absence seems not to have improved the situation. I'm also going to re-enable OnlilneArmor at start-up. I'm also changing the system32 properties back to their original attribute of 'read only'.

  As noted, apart from the warning about Windows Update's inability to 'check for updates', this computer is running as smoothly as the day it was first booted up. It has never crashed, never been unstable, and never let me down.

  I'm still at a loss to understand how an error that seemingly occurred on or around December 23rd 2009 did not manifest itself in an update failure warning until around October 23 2010. . . and, of course, I'm still baffled as to why, having already received and installed 204 Microsoft updates (according to Update History) Windows Activation is reporting that 'this copy of Windows is not activated' (though of course, it's presumably all part-and-parcel of the same problem!)

  Sorry to have to come back with such dismal news. . .

   

  Howard  

   

   

  
  

  No problem - I like a challenge:)

   

  Here's the content of my registry key, per the similar one for x64 that you saw and (sensibly) didn't use in the Announcements.

  ==================================

  Windows Registry Editor Version 5.00

   

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\slsvc]
  "DisplayName"="@%SystemRoot%\\system32\\SLsvc.exe,-101"
  "Group"="ProfSvc_Group"
  "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
    74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,\
    00,4c,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00
  "Description"="@%SystemRoot%\\system32\\SLsvc.exe,-102"
  "ObjectName"="NT AUTHORITY\\NetworkService"
  "ErrorControl"=dword:00000001
  "Start"=dword:00000002
  "Type"=dword:00000010
  "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
  "ServiceSidType"=dword:00000001
  "RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
    00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\
    61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\
    00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
    61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\
    00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,\
    72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,\
    00,65,00,67,00,65,00,00,00,00,00
  "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
    00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

   

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\slsvc\Enum]
  "0"="Root\\LEGACY_SLSVC\\0000"
  "Count"=dword:00000001
  "NextInstance"=dword:00000001

   

  =============================

   

  First make a backup of the similar key in your own registry, by exporting it to a safe place. Also create a new System Restore point (with any luck, you won't need either!).

   

  copy EVERYTHING between the ==== (including the blank line) to Notepad, and save it to your desktop as slsvc.reg

   

  then right-click on the file, and select Mergereboot - and see if that has cured the problem
  

  run another MGADiag, and post the results.

   

  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  • Proposed as answer by Darin Smith MS Monday, October 25, 2010 11:40 PM

  Monday, October 25, 2010 1:01 PM

  Moderator
• 

  

  0

  Sign in to vote

  Many thanks for your sterling efforts, Neil -- and apologies for this slightly belated response: what with time zones and, er, shopping, it's not easy to keep in sync. Anyway. . . Here's the latest news:

  1. Registry key merge. All done as you advised, with restore point set first and existing key safely exported to USB flash drive. Result: sadly, no change. Windows Update failure alert continues.

  2. MGADiagnostics. I ran this anyway, just in case it might flag up something informative in light of the registry change. Result: MGADiag fails to run:

  Description:

    A problem caused this program to stop interacting with Windows.

   

  Problem signature:

    Problem Event Name:  AppHangXProcB1

    Application Name:  MGADiag.exe

    Application Version:  1.9.27.0

    Application Timestamp:  4bc4fd3a

    Hang Signature:  81b4

    Hang Type:  128

    Waiting on Application Name:  svchost.exe:keysvc

    Waiting on Application Version:  0.0.0.0

    OS Version:  6.0.6002.2.2.0.768.3

    Locale ID:  2057

    Additional Hang Signature 1:  c6ff8724b0e1405601d5fe8ec5e40a67

    Additional Hang Signature 2:  9b49

    Additional Hang Signature 3:  762d9c776db5b0dbc71cbb25ce371e73

    Additional Hang Signature 4:  81b4

    Additional Hang Signature 5:  c6ff8724b0e1405601d5fe8ec5e40a67

    Additional Hang Signature 6:  9b49

    Additional Hang Signature 7:  762d9c776db5b0dbc71cbb25ce371e73

  3. Seeing as MGADiag has performed OK before, I re-ran it. Result: same as above.

  4. Reg key restoration: I deleted the revised key and restored the original, then ran MGADiag again. Result: same as above.

  5. System restore: I decided to roll back to the restore point created before the registry change. Result: System restore failed to run:

                       Details: writer experienced a transient error. (0x800423F3.)

  6. System restore repeat runs: worked through different restore points. Result: same as above.

  7. Safe Mode: ran System restore. Result: successful. (NB: I've never run System restore before on this Vista machine but am aware it's less than 100% dependable. I've always told friends who've had System restore 'failures' to run in Safe Mode only.

  8. MGADiag re-run: with system restored to an earlier checkpoint and functioning perfectly (apart from the continuing WU failure alert) I tried the diagnostic tool again. Result: same as before (as at 2, above.)

  9. jvPowerTools. Seeing as my last Windows Updates were on September 15th, I decided to check jvPT's back-up history for anything undertaken in the week following that date, assumption being that a change to the registry may have triggered the WU failure. jvPT back-up history had three histories  in that time comprising a total of 286 entries -- not particularly significant in view of the fact that MUD is included. I checked restore for all three histories to return the computer to its state prior to that week's changes. Result: success. jvPT restored everything. 

  10. MGADiag and WU: with the computer now restored to an earlier date and working fine, and jvPT's registry restoration accomplished, I ran MGADiag again. Results: same as before; MGADiag no longer works while WU failure alerts continue.

  11. sfc /scannow. I ran this to assess the integrity or otherwise of system files. The process worked fine. Result:

  "Windows Resource Protection found corrupt files but was unable to fix some of them."

  12. CBS log: I worked through the log to locate the files (thank God for Ctrl/F). Result:

  2010-10-25 20:20:21, Info                  CSI    00000142 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted

   

  2010-10-25 20:22:10, Info                  CSI    000001bf [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted

   

  13.  The two tcpmon.ini files are, as expected, at Windows\System32 and Windows\winsxs\x86_microsoft-windows. There are no other instances of this file on this computer. According to the CBS log, SFS verified all other files and repaired where necessary.

   

  14. tcpmon.ini: this particular file has been the topic of thousands of posts all over the Internet from Vista users. To what extent it is vulnerable to Microsoft patches and updates is questionable, but the question has certainly been raised often. The solution most usually propounded is to make repairs using the Vista installation disc, advice that's clearly of the unreal world kind seeing as how "ordinary" home computer users like myself buy from majors like Dell and don't get that Vista disc included in their purchase. I'm pretty sure any Vista installation disc of recent provenance would work in my computer but I don't have access to one as friends/neighbours are either on XP (wish I still was) or Windows 7. Absent the disc, both Microsoft and Dell seem able to recommend only a full re-installation., a nuclear option I'm very reluctant to follow here: a repair effort involving just one corrupt file should not necessitate the equivalent of a global response.

   

  15. So, um, that's where we're at now. WU is still nagging, Software License Service is still not running, and Windows is still reporting that my license has yet to be activated. And for some inexplicable reason, it's now no longer possible to run MGADiag. On the up side, however, this computer continues to be as stable and dependable as a rock: there are no glitches anywhere with its operations (Internet, printing, Office, Photoshop, etc etc.)

   

  Sorry for yet another long post but I thought you'd need to have details of progress here (or, er, not!)

   

  Sincere thanks again for all your help; we really are imposing on your time. 

   

    

   

   

   

   

  Tuesday, October 26, 2010 11:33 AM
• 

  

  1

  Sign in to vote

  "howardandval" wrote in message news:c2f0c7ef-8f37-446b-ab78-73321d133038...

  Many thanks for your sterling efforts, Neil -- and apologies for this slightly belated response: what with time zones and, er, shopping, it's not easy to keep in sync. Anyway. . . Here's the latest news:

  1. Registry key merge. All done as you advised, with restore point set first and existing key safely exported to USB flash drive. Result: sadly, no change. Windows Update failure alert continues.

  2. MGADiagnostics. I ran this anyway, just in case it might flag up something informative in light of the registry change. Result: MGADiag fails to run:

  Description:

    A problem caused this program to stop interacting with Windows.

   

  Problem signature:

    Problem Event Name:  AppHangXProcB1

    Application Name:  MGADiag.exe

    Application Version:  1.9.27.0

    Application Timestamp:  4bc4fd3a

    Hang Signature:  81b4

    Hang Type:  128

    Waiting on Application Name:  svchost.exe:keysvc

    Waiting on Application Version:  0.0.0.0

    OS Version:  6.0.6002.2.2.0.768.3

    Locale ID:  2057

    Additional Hang Signature 1:  c6ff8724b0e1405601d5fe8ec5e40a67

    Additional Hang Signature 2:  9b49

    Additional Hang Signature 3:  762d9c776db5b0dbc71cbb25ce371e73

    Additional Hang Signature 4:  81b4

    Additional Hang Signature 5:  c6ff8724b0e1405601d5fe8ec5e40a67

    Additional Hang Signature 6:  9b49

    Additional Hang Signature 7:  762d9c776db5b0dbc71cbb25ce371e73

  3. Seeing as MGADiag has performed OK before, I re-ran it. Result: same as above.

  4. Reg key restoration: I deleted the revised key and restored the original, then ran MGADiag again. Result: same as above.

  5. System restore: I decided to roll back to the restore point created before the registry change. Result: System restore failed to run:

                       Details: writer experienced a transient error. (0x800423F3.)

  6. System restore repeat runs: worked through different restore points. Result: same as above.

  7. Safe Mode: ran System restore. Result: successful. (NB: I've never run System restore before on this Vista machine but am aware it's less than 100% dependable. I've always told friends who've had System restore 'failures' to run in Safe Mode only.

  8. MGADiag re-run: with system restored to an earlier checkpoint and functioning perfectly (apart from the continuing WU failure alert) I tried the diagnostic tool again. Result: same as before (as at 2, above.)

  9. jvPowerTools. Seeing as my last Windows Updates were on September 15th, I decided to check jvPT's back-up history for anything undertaken in the week following that date, assumption being that a change to the registry may have triggered the WU failure. jvPT back-up history had three histories  in that time comprising a total of 286 entries -- not particularly significant in view of the fact that MUD is included. I checked restore for all three histories to return the computer to its state prior to that week's changes. Result: success. jvPT restored everything. 

  10. MGADiag and WU: with the computer now restored to an earlier date and working fine, and jvPT's registry restoration accomplished, I ran MGADiag again. Results: same as before; MGADiag no longer works while WU failure alerts continue.

  11. sfc /scannow. I ran this to assess the integrity or otherwise of system files. The process worked fine. Result:

  "Windows Resource Protection found corrupt files but was unable to fix some of them."

  12. CBS log: I worked through the log to locate the files (thank God for Ctrl/F). Result:

  2010-10-25 20:20:21, Info                  CSI    00000142 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted

   

  2010-10-25 20:22:10, Info                  CSI    000001bf [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted

   

  13.  The two tcpmon.ini files are, as expected, at Windows\System32 and Windows\winsxs\x86_microsoft-windows. There are no other instances of this file on this computer. According to the CBS log, SFS verified all other files and repaired where necessary.

   

  14. tcpmon.ini: this particular file has been the topic of thousands of posts all over the Internet from Vista users. To what extent it is vulnerable to Microsoft patches and updates is questionable, but the question has certainly been raised often. The solution most usually propounded is to make repairs using the Vista installation disc, advice that's clearly of the unreal world kind seeing as how "ordinary" home computer users like myself buy from majors like Dell and don't get that Vista disc included in their purchase. I'm pretty sure any Vista installation disc of recent provenance would work in my computer but I don't have access to one as friends/neighbours are either on XP (wish I still was) or Windows 7. Absent the disc, both Microsoft and Dell seem able to recommend only a full re-installation., a nuclear option I'm very reluctant to follow here: a repair effort involving just one corrupt file should not necessitate the equivalent of a global response.

   

  15. So, um, that's where we're at now. WU is still nagging, Software License Service is still not running, and Windows is still reporting that my license has yet to be activated. And for some inexplicable reason, it's now no longer possible to run MGADiag. On the up side, however, this computer continues to be as stable and dependable as a rock: there are no glitches anywhere with its operations (Internet, printing, Office, Photoshop, etc etc.)

   

  Sorry for yet another long post but I thought you'd need to have details of progress here (or, er, not!)

   

  Sincere thanks again for all your help; we really are imposing on your time. 

   

    

   

   

   

   

  
  

  I'm at a loss as to why you got that result!

  The only thing I can think to do now is

  a CHKDSK  /F   to make sure that there's no disk problems,

  then try to insert a new copy of tcpmon.ini

   

  For interest's sake -

  for the file in System32...

  what are the properties of the file? (especially size and date) 

  what are the first and last 5 lines?

  Mine is dated 21/1/3008, and 58.7KB (which means that it came in with SP1)

  I see that tcpmon.dll (which is probably the file that accesses tcpmon.ini) had a later update in SP2

   

  I suspect that reinstalling the patch that contains the tcpmon.ini update may correct the problem - but I'm not sure which patch that is, and a quick search produces no suggestions.

   

  However, from what limited reading I've done on it, it doesn't usually cause any serious problems.

   

  If the chkdsk doesn't find any problems, then unless Darin has some suggestions to make, the next thing to do would be to create a no-cost support request -

  http://support.microsoft.com/ph/9860#tab4

  (make sure that the locale is set to the UK!)

   

  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Wednesday, October 27, 2010 8:57 AM

  Moderator
• 

  

  0

  Sign in to vote

  Hi Noel: well, thank Heaven there's something I can baffle you with <g>. (In addition, of course, to changing your name to Neil: must admit I was feeling a bit frazzled after mucking about so long with the computer!)

  Right. Here's the situation here:

  tcpmon.ini

  Location: Windows\System32. File type: configuration setting. File description: none available. Opens with: Notepad. Size: 58.8KB (60,224 bytes). Size on disk: 60KB (61,440 bytes). Created: 21 January 2008, 03.24:38. Modified: 22 September 2009, 02.31:40. Accessed: 21 January, 2008, 03.24:38.

  tcpmon.dll

  Location: Windows\System32. File type: application extension. File description: standard TCP/IP Port Monitor DLL. Microsoft Corporation. File version: 6.0.6002.18005.  Opens with: Unknown Applicatiion. Size: 132KB (135,168 bytes). Size on disk: 132KB (135,168 bytes). Created: 21 December, 2009, 16.15:57. Modified: 11 April, 2009, 07.28:24. Accessed: 21 December, 2009, 16.15:57.

  As ever, I get a bit lost when trying to figure out what 'file properties' is attempting to tell me, because where the dll is concerned, it seems to have been modified before it was actually created. About the only thing that is clear is that the tcpmon.ini file has never been 'officially' modified during my ownership: the 22nd September 2009 date predates my purchase of the computer by three months. (Whereas the dll's 21st December 2009 'creation' date does coincide with the computer's first boot.)

  Anyway: if there are any clues in the foregoing, we'd be delighted to know what they are! Meantime, I'm going to run checkdisk as we're off out this afternoon and I'm guessing the checking process will take hours.

  Oh, and also in the meantime, I've "fixed" the Windows Update failure alert situation. By turning Windows Update off. Hardly ideal, but there's no point in me being nagged all the time by an Update service that keeps saying it cannot update.

  Wednesday, October 27, 2010 10:58 AM
• 

  

  0

  Sign in to vote

  "howardandval" wrote in message news:17d1831a-3333-49f3-8b7a-d3ca5be0f567...

  Hi Noel: well, thank Heaven there's something I can baffle you with <g>. (In addition, of course, to changing your name to Neil: must admit I was feeling a bit frazzled after mucking about so long with the computer!)

  Right. Here's the situation here:

  tcpmon.ini

  Location: Windows\System32. File type: configuration setting. File description: none available. Opens with: Notepad. Size: 58.8KB (60,224 bytes). Size on disk: 60KB (61,440 bytes). Created: 21 January 2008, 03.24:38. Modified: 22 September 2009, 02.31:40. Accessed: 21 January, 2008, 03.24:38.

  tcpmon.dll

  Location: Windows\System32. File type: application extension. File description: standard TCP/IP Port Monitor DLL. Microsoft Corporation. File version: 6.0.6002.18005.  Opens with: Unknown Applicatiion. Size: 132KB (135,168 bytes). Size on disk: 132KB (135,168 bytes). Created: 21 December, 2009, 16.15:57. Modified: 11 April, 2009, 07.28:24. Accessed: 21 December, 2009, 16.15:57.

  As ever, I get a bit lost when trying to figure out what 'file properties' is attempting to tell me, because where the dll is concerned, it seems to have been modified before it was actually created. About the only thing that is clear is that the tcpmon.ini file has never been 'officially' modified during my ownership: the 22nd September 2009 date predates my purchase of the computer by three months. (Whereas the dll's 21st December 2009 'creation' date does coincide with the computer's first boot.)

  Anyway: if there are any clues in the foregoing, we'd be delighted to know what they are! Meantime, I'm going to run checkdisk as we're off out this afternoon and I'm guessing the checking process will take hours.

  Oh, and also in the meantime, I've "fixed" the Windows Update failure alert situation. By turning Windows Update off. Hardly ideal, but there's no point in me being nagged all the time by an Update service that keeps saying it cannot update.

  
  

  thanks for the update - I'm keeping fingers crossed :)

  
  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Wednesday, October 27, 2010 11:42 AM

  Moderator
• 

  

  0

  Sign in to vote

  Heigh-ho, Noel. Back yet again. . .

  Right. I changed the computer's power settings to 'never off' so Chkdsk could run for as long as it wanted, then set Chkdsk to scan for errors and fix 'em where possible and also look for bad sectors and fix 'em also (and presumably, where possible.) I* then re-booted the computer and as expected, it started in Chkdsk mode before Windows could launch. I watched it doing its stuff for a few minutes, and all seemed to be going well, then switched off the monitor and we went out for the afternoon into the 'far country' of the high Northumberland dales. Glorious.

  We returned a half hour ago and I turned the monitor back on and found the computer was sitting patiently in Windows mode. So, um, Chkdsk must have finished everything whilst we were out, and then switched to Windows mode or re-booted: I've no idea which.

  To be on the safe side (and to make sure Chkdsk wasn't going to start running every time this computer turns on) I re-booted and everything's fine. Well, um, apart from:

  1) I don't know what Chkdsk found (if anything) or what Chkdsk fixed (if anything.) And, er:

  2) Windows Update still isn't running (same error code as usual). And:

  3) Software Licensing Service still won't start, same error / error code as usual. . . and:

  4) MGADiagnosis is still bust:

  Description:
    A problem caused this program to stop interacting with Windows.

  Problem signature:
    Problem Event Name: AppHangXProcB1
    Application Name: MGADiag.exe
    Application Version: 1.9.27.0
    Application Timestamp: 4bc4fd3a
    Hang Signature: 81b4
    Hang Type: 128
    Waiting on Application Name: svchost.exe:keysvc
    Waiting on Application Version: 0.0.0.0
    OS Version: 6.0.6002.2.2.0.768.3
    Locale ID: 2057
    Additional Hang Signature 1: c6ff8724b0e1405601d5fe8ec5e40a67
    Additional Hang Signature 2: 72af
    Additional Hang Signature 3: 32b6704fdec517162f555e305c9ed47e
    Additional Hang Signature 4: 81b4
    Additional Hang Signature 5: c6ff8724b0e1405601d5fe8ec5e40a67
    Additional Hang Signature 6: 72af
    Additional Hang Signature 7: 32b6704fdec517162f555e305c9ed47e

  (But apart from that, Mrs Lincoln . . . how did you enjoy the play?)

  Wednesday, October 27, 2010 7:06 PM
• 

  

  1

  Sign in to vote

  "howardandval" wrote in message news:60f93dc4-3a85-4d31-bddb-5b0605ec58b2...

  Heigh-ho, Noel. Back yet again. . .

  Right. I changed the computer's power settings to 'never off' so Chkdsk could run for as long as it wanted, then set Chkdsk to scan for errors and fix 'em where possible and also look for bad sectors and fix 'em also (and presumably, where possible.) I* then re-booted the computer and as expected, it started in Chkdsk mode before Windows could launch. I watched it doing its stuff for a few minutes, and all seemed to be going well, then switched off the monitor and we went out for the afternoon into the 'far country' of the high Northumberland dales. Glorious.

  We returned a half hour ago and I turned the monitor back on and found the computer was sitting patiently in Windows mode. So, um, Chkdsk must have finished everything whilst we were out, and then switched to Windows mode or re-booted: I've no idea which.

  To be on the safe side (and to make sure Chkdsk wasn't going to start running every time this computer turns on) I re-booted and everything's fine. Well, um, apart from:

  1) I don't know what Chkdsk found (if anything) or what Chkdsk fixed (if anything.) And, er:

  2) Windows Update still isn't running (same error code as usual). And:

  3) Software Licensing Service still won't start, same error / error code as usual. . . and:

  4) MGADiagnosis is still bust:

  Description:
    A problem caused this program to stop interacting with Windows.

  Problem signature:
    Problem Event Name: AppHangXProcB1
    Application Name: MGADiag.exe
    Application Version: 1.9.27.0
    Application Timestamp: 4bc4fd3a
    Hang Signature: 81b4
    Hang Type: 128
    Waiting on Application Name: svchost.exe:keysvc
    Waiting on Application Version: 0.0.0.0
    OS Version: 6.0.6002.2.2.0.768.3
    Locale ID: 2057
    Additional Hang Signature 1: c6ff8724b0e1405601d5fe8ec5e40a67
    Additional Hang Signature 2: 72af
    Additional Hang Signature 3: 32b6704fdec517162f555e305c9ed47e
    Additional Hang Signature 4: 81b4
    Additional Hang Signature 5: c6ff8724b0e1405601d5fe8ec5e40a67
    Additional Hang Signature 6: 72af
    Additional Hang Signature 7: 32b6704fdec517162f555e305c9ed47e

  (But apart from that, Mrs Lincoln . . . how did you enjoy the play?)

  
  

  'If you can keep your head when all around are losing theirs - you don't understand the problem!' <g>

   

  You can use Event Viewer to see what the results of the chkdsk were.

  Unless Darin has any suggestion, I think we've exhausted the possibilities within the forum - you need to start a WGA no-cost support incident, and see how that goes. 
  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Thursday, October 28, 2010 6:02 AM

  Moderator
• 

  

  0

  Sign in to vote

  Hi Noel: thanks for that. Yup, I realised immediately after posting I should've checked the Event Viewer but when I did so, an error report came up: "Event Log service is unavailable. Verify that the service is running." Verifying proved impossible though as Services reported: "Windows could not start the Event Log service on Local Computer. Error 5. Access is denied." Going into Properties / Log On for Event Log produced a greyed-out screen where the checked option was "this account Local Service" and a Password and Confirm password. I don't run a log on password for this machine and I don't run UAC either nor ever have, so how come the "Local Service" is password protected and the entire configuration on a lock-out anyway I've no idea.

  Delving deeper, I thought I'd run perfmon to see what's happening but have now discovered that it has gone wrong too, seemingly, only a few days ago, viz: Performance Monitor: Error: "Microsoft Management Console cannot initialize the snap-in" whilst the Reliability Monitor stopped at October 24th and hasn't moved since.

  I think I was doing the registry key merge on the 25th and although I've deleted the amended key and restored the original, somehow the system itself has been affected and not improved by System Restore, so that it now seems that not only is MGADiag no longer functioning, but the Microsoft Management Console has also gone down. Weird.

  Anyway. . . I'm thinking that having started by treading in a puddle, I'm now splashing in a bog, and that if I undertake any further exertions I'll likely find myself in quicksand and go down along with this computer. For that reason, then, I'm not going to attempt any further changes for the time being, nor raise a ticket with WGA, but instead will investigate over the weekend the possibility of creating a Vista Recovery disc using the free download from NeoSmart Technologies.

  This is going to require faffing around with torrents (about which I've not a clue) and ISO imaging (never done that before either) but as Dell has never provided a Vista DVD to any purchaser of its computers, and as the Dell Recovery Partition on this hard drive is well-nigh pointless because it doesn't permit a repair anyway, I might just as well devote time to NeoSmart.

  I don't know if anyone here has ever resorted to NeoSmart but if my pending exercise with its rescue disc works, then I'll report back here or on a different thread if this is closed in the meantime. For now though, many thanks Noel for your help: it's been a good run and I'm only sorry we didn't manage to resolve this situation, despite all best efforts.  

   

  Thursday, October 28, 2010 9:49 AM
• 

  

  0

  Sign in to vote

  "howardandval" wrote in message news:aaf6ac9d-a629-4683-8124-e973693516c0...

  Hi Noel: thanks for that. Yup, I realised immediately after posting I should've checked the Event Viewer but when I did so, an error report came up: "Event Log service is unavailable. Verify that the service is running." Verifying proved impossible though as Services reported: "Windows could not start the Event Log service on Local Computer. Error 5. Access is denied." Going into Properties / Log On for Event Log produced a greyed-out screen where the checked option was "this account Local Service" and a Password and Confirm password. I don't run a log on password for this machine and I don't run UAC either nor ever have, so how come the "Local Service" is password protected and the entire configuration on a lock-out anyway I've no idea.

  Delving deeper, I thought I'd run perfmon to see what's happening but have now discovered that it has gone wrong too, seemingly, only a few days ago, viz: Performance Monitor: Error: "Microsoft Management Console cannot initialize the snap-in" whilst the Reliability Monitor stopped at October 24th and hasn't moved since.

  I think I was doing the registry key merge on the 25th and although I've deleted the amended key and restored the original, somehow the system itself has been affected and not improved by System Restore, so that it now seems that not only is MGADiag no longer functioning, but the Microsoft Management Console has also gone down. Weird.

  Anyway. . . I'm thinking that having started by treading in a puddle, I'm now splashing in a bog, and that if I undertake any further exertions I'll likely find myself in quicksand and go down along with this computer. For that reason, then, I'm not going to attempt any further changes for the time being, nor raise a ticket with WGA, but instead will investigate over the weekend the possibility of creating a Vista Recovery disc using the free download from NeoSmart Technologies.

  This is going to require faffing around with torrents (about which I've not a clue) and ISO imaging (never done that before either) but as Dell has never provided a Vista DVD to any purchaser of its computers, and as the Dell Recovery Partition on this hard drive is well-nigh pointless because it doesn't permit a repair anyway, I might just as well devote time to NeoSmart.

  I don't know if anyone here has ever resorted to NeoSmart but if my pending exercise with its rescue disc works, then I'll report back here or on a different thread if this is closed in the meantime. For now though, many thanks Noel for your help: it's been a good run and I'm only sorry we didn't manage to resolve this situation, despite all best efforts.  

   

  
  

  If you contact Dell, they should be able to provide you with Recovery disks - at a price.

  You may also be able to make your own using Dell's built-in software- check your manual for details.

  You may also be able to do a 'one-key' recovery - again, check your manual.

  Dell MUST include a way of restoring your PC to factory-fresh as part of their license conditions - mostly they do it using the recovery partition, and the ability to create a set of disks, but they also usually provide disks at a cost either on original purchase, or later.

   

  I agree that it does look as if it's likely that a reformat/reinstall is your best option in terms of time and effort - but do explore the Dell options for that before attempting anything involving torrents - many are infected with malware.

   

   

  
  --
  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  • Marked as answer by Darin Smith MS Thursday, October 28, 2010 8:22 PM

  Thursday, October 28, 2010 12:58 PM

  Moderator