none
Microsoft Security Essentials will not start

    Question

  • Hi,

    Originally I was getting Windows not genuine popups all of a sudden. I thought I had resolved that by Recreating the Licensing Store as suggested at this link: http://social.microsoft.com/Forums/zh/genuinewindows7/thread/4df28239-5015-45fc-8701-995650c6e772

    It did say windows was activated however Microsoft Security Essentials would not start. I went to MS activation website and was told I am still not genuine. I see tampered files in my MGADiag... do I have to reinstall? There was a malware issue about 6 weeks ago that we thought we had cleaned up so this may be a remnant.

    Thanks very much

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-MV8MH-98QJM-24367
    Windows Product Key Hash: wgci5Gdejx4esg7++zTOe3LWF+4=
    Windows Product ID: 55041-OEM-8992671-00437
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {A67CF3BC-DD53-45A3-BB82-0D2858A44DC8}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A67CF3BC-DD53-45A3-BB82-0D2858A44DC8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-24367</PKey><PID>55041-OEM-8992671-00437</PID><PIDType>2</PIDType><SID>S-1-5-21-60494826-3397146753-2340265930</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7269D7U</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT50AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20100204000000.000000+000</Date></BIOS><HWID>BCCD3A07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>B829D2E49F87714</Val><Hash>sAdJ929wEXlUK37EuBp5ZgqFdNM=</Hash><Pid>81605-906-7430016-65660</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700437-02-1033-7600.0000-2022009
    Installation ID: 021913708840874844869195566746462730427621620693760283
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 24367
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 6/8/2012 3:37:15 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 6:8:2012 15:09
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: OAAAAAIABAABAAEAAQACAAAAAgABAAEAeqj4WL4jTjRI5Kp2ymCaRXzclLbeiGIvo6BybhwvRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   LENOVO  TC-5H  
      FACP   LENOVO  TC-5H  
      HPET   LENOVO  TC-5H  
      MCFG   LENOVO  TC-5H  
      SLIC   LENOVO  TC-5H  
      OEMB   LENOVO  TC-5H  
      SSDT   LENOVO  TC-5H  

    Friday, June 08, 2012 10:30 PM

Answers

All replies

  • Try reinstalling the Intel Rapid Storage Drivers.  There is usually a corresponding set of file mismatches listed but this still looks like the same issue.

    Download the Intel Rapid Storage Drivers from here:
     
    http://bit.ly/xmcovN
     
     You’ll need the set for the x64 (64-bit) platform on Win7.
     
    Once complete, please reboot twice, then post another MGADiag report.
     
    Good Luck!


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

    Friday, June 08, 2012 10:34 PM
    Answerer
  • "CTNorthShore" wrote in message news:54b53215-b988-44cc-b9bb-b37c88ff5dd6...

    Hi,

    Originally I was getting Windows not genuine popups all of a sudden. I thought I had resolved that by Recreating the Licensing Store as suggested at this link: http://social.microsoft.com/Forums/zh/genuinewindows7/thread/4df28239-5015-45fc-8701-995650c6e772

    It did say windows was activated however Microsoft Security Essentials would not start. I went to MS activation website and was told I am still not genuine. I see tampered files in my MGADiag... do I have to reinstall? There was a malware issue about 6 weeks ago that we thought we had cleaned up so this may be a remnant.

    Thanks very much

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-MV8MH-98QJM-24367
    Windows Product Key Hash: wgci5Gdejx4esg7++zTOe3LWF+4=
    Windows Product ID: 55041-OEM-8992671-00437
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048

    File Scan Data-->

    Other data-->
    SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7269D7U</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT50AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20100204000000.000000+000</Date></BIOS

     

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Partial Product Key: 24367
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 6/8/2012 3:37:15 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 6:8:2012 15:09
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys  

     
     
    I don't think this is an IRST problem - it looks more to me like a Services problem, or a dll registration problem.
     
    try re-registering the Wintrust dll
     
    open an Elevated Command Prompt, and type the following command
     
    regsvr32 wintrust.dll
     
    wait for the pop-up announcing success (if you get a failure, tell us exactly what it is!)
    reboot, run another MGADiag report.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, June 08, 2012 11:11 PM
    Moderator
  • Thanks very much for your help.

     I'm not sure about the IRST as the system does not appear to use it. I did install an Intel chipset update which had something to do with the storage. The link you supplied was for HP site so I was a little confused and so did not install it. Let me know if you think I should.

    Noel, I did try re-registering the dll you suggested. That did not seem to make any difference.

    I have attached new MGADiag after the chipset update and the re-reg.

    -------

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-MV8MH-98QJM-24367
    Windows Product Key Hash: wgci5Gdejx4esg7++zTOe3LWF+4=
    Windows Product ID: 55041-OEM-8992671-00437
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {A67CF3BC-DD53-45A3-BB82-0D2858A44DC8}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A67CF3BC-DD53-45A3-BB82-0D2858A44DC8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-24367</PKey><PID>55041-OEM-8992671-00437</PID><PIDType>2</PIDType><SID>S-1-5-21-60494826-3397146753-2340265930</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7269D7U</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT50AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20100204000000.000000+000</Date></BIOS><HWID>BCCD3A07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>B829D2E49F87714</Val><Hash>sAdJ929wEXlUK37EuBp5ZgqFdNM=</Hash><Pid>81605-906-7430016-65660</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700437-02-1033-7600.0000-2022009
    Installation ID: 000146865475928595695606548124979774254666867193249480
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 24367
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 6/9/2012 10:57:54 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 6:8:2012 15:09
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: OAAAAAIABAABAAEAAQACAAAAAgABAAEAeqj4WE40viNI5Kp2ymCaRXzclLbeiGIvo6BybhwvRso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC LENOVO TC-5H   
      FACP LENOVO TC-5H   
      HPET LENOVO TC-5H   
      MCFG LENOVO TC-5H   
      SLIC LENOVO TC-5H   
      OEMB LENOVO TC-5H   
      SSDT LENOVO TC-5H   

    Sunday, June 10, 2012 5:56 AM
  • Use this link for the IRST download - http://downloadcenter.intel.com/Detail_Desc.aspx?ProductID=2101&DwnldID=20624

    If it doesn't install for any reason, try the HP one that Colin pointed you at - as far as I can tell, it's simply an earlier version which is compatible to a slightly different set of motherboards, and hasn't been customised by HP.

     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, June 10, 2012 6:06 AM
    Moderator
  • Hi,

    Thanks for your suggestions. Both of the links failed. I tried each one and in each case I got the identical message, that is: "This computer does not meet the minimum requirements for installing the software"

    Any other suggestions?

    thanks

    Saturday, June 16, 2012 5:23 AM
  • "Joel LaRusic" wrote in message news:c9cc7266-cd63-4f74-82b3-df4f751d0ae6...

    Hi,

    Thanks for your suggestions. Both of the links failed. I tried each one and in each case I got the identical message, that is: "This computer does not meet the minimum requirements for installing the software"

    Any other suggestions?

    thanks

     
     
    The error that sticks out for me is
    HealthStatus: 0x000000000003EFFF
     
    I have seen this a couple of times before, butt haven't (yet) been successful in discovering the cause or cure for it.
     
    Checking through the specifications for your system [ThinkCentre M58e (7269-D7U)], it would appear to have been shipped with Windows XP Pro?
    For what version and edition of Windows is it licensed *according to the COA sticker on the case*?
     
    Although Lenovo's site says that the machine is upgradeable to Win7, it has no drivers for it.
     
    Given that, it's possible that the machine actually requires a slightly different set of drivers to the IRST ones... I would suggest using Intel's Chipset Identification utility, and seeing if it has updated drivers for your machine.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, June 16, 2012 10:12 AM
    Moderator