none
Validation Pop Up Keeps Happening Even Though I Have Genuine W7 RRS feed

  • Question

  • I have Windows 7 Home Premium. I was out of town for 2 days. When I returned home, my PC would give me a pop up message from Microsoft saying that my Microsoft software is not genuine when ever I boot up. 

    I suspect this was caused by malware, so I ran a Full scan using Norton 360. This only found 4 tracking cookies and these were taken care of, but the problem still persists.

    Even worse, when I tried to use System Restore, it could not find a back up restore point, so that is not an option.

     

    How can I fix this?

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Disabled
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Disabled
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Disabled
    Script ActiveX controls marked as safe for scripting: Disabled

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-0422011
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 02/05/2014 6:18:33 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:1:2014 18:14
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            HPQOEM        SLIC-CPC
      FACP            HPQOEM        SLIC-CPC
      DBGP            HPQOEM        SLIC-CPC
      HPET            HPQOEM        SLIC-CPC
      MCFG            HPQOEM        SLIC-CPC
      SSDT            HPQOEM        SLIC-CPC
      SLIC            HPQOEM        SLIC-CPC


    • Edited by BrainD Saturday, May 3, 2014 12:03 AM
    Friday, May 2, 2014 11:23 PM

Answers

  • The file's still up there....

    I've uploaded a file - sluicom64.zip - to my OneDrive at  Noel's OneDrive
    
    Please download and save it to your desktop.
    
    Right-click on the saved file and select Extract all...
    
    Save it to the default location
    
    This should create a file sluicom64.reg 
    
     right-click on the file, and select Merge
    
    Accept the warnings, - you should then get a 'Success' message.
    
    Close all windows, and reboot.
    
    Run another MGADiag report, and post the results.
    

    Personally I am very happy using MSE and MalwareBytes - both free versions :)

    They are also what I recommend to 95% of my clients - the others tend to be rather esoteric users and can cope with the greater complexity of intrusive AVs or firewalls.

    I NEVER recommend using a 'Suite'-type product. Too many times, I've seen such products take over a system and make it almost unmanageable.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 18, 2014 9:15 AM
    Moderator
  • I did the complete W7 reinstall and System Restore seems to be working now. Thanks for your help.
    Wednesday, May 28, 2014 1:09 AM

All replies

  • To confirm that the problem is what I think it is, please run the following commands in an Elevated Command Prompt window and post the results.

    REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

    REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S              

    REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, May 7, 2014 7:57 PM
    Moderator
  • Thanks. I ran all three and all 3 were not found.
    Thursday, May 8, 2014 12:18 AM
  • Try this...

    I've uploaded a file - sluicom64.zip - to my OneDrive at  Noel's OneDrive

    Please download and save it to your desktop.

    Right-click on the saved file and select Extract all...

    Save it to the default location

    This should create a file sluicom64.reg

     right-click on the file, and select Merge

    Accept the warnings, - you should then get a 'Success' message.

    Close all windows, and reboot.

    Run another MGADiag report, and post the results.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Friday, May 9, 2014 10:38 AM
    Moderator
  • Done. Here is the latest Report:

    Diagnostic Report (1.9.0019.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0

    Cached Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Pale Moon\palemoon.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 5/9/14 8:57:08 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:6:2014 20:35
    WAT Activex: Registered
    WAT Admin Service: Registered

    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            HPQOEM        SLIC-CPC
      FACP            HPQOEM        SLIC-CPC
      DBGP            HPQOEM        SLIC-CPC
      HPET            HPQOEM        SLIC-CPC
      MCFG            HPQOEM        SLIC-CPC
      SSDT            HPQOEM        SLIC-CPC
      SLIC            HPQOEM        SLIC-CPC


    Also, even after this latest try, my Product Keys don't match. The one in the Report above is .....3Q6C9 AND the one at the bottom of my PC is..........RCJGG (COA for Windows 7). Should we try to change my Product Key? If so, how would I do that?
    • Edited by BrainD Saturday, May 10, 2014 2:15 AM
    Saturday, May 10, 2014 1:58 AM
  • Computers that come pre-installed with Windows from large manufacturers usually come with two Product Keys.

    OEM SLP: This is the key that came in Windows (from the factory). It works by connecting to a BIOS flag (the SLIC table) found only on  computers from that Manufacturer. It also checks for the existence of proper matching licenses in the OS itself. Once it sees both, it self-activates every time the machine is rebooted.

    COA SLP: This is the key seen on the sticker located on the side, bottom or in the battery compartment of your machine. This key is for use if the OEM SLP self-activation stops working for whatever reason.

    In other words - keep your COA Key for emergencies :)

    The report looks fine now, except for a minor error that should be cleared by going to www.microsoft.com/genuine/validate using Internet Explorer, and validating Windows. - you'll be offered IE11 and MSE if/when it passes, but you don't have to take them!

    You changed versions of MGADiag between your first post and this latest one? how did that happen? Where did you get this copy from, as it's not up-to-date?

    Once you've validated please use the proper version from http://go.microsoft.com/fwlink/?linkid=52012  and post a new report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, May 10, 2014 7:08 AM
    Moderator
  • I used a version of MGADiag that was saved on my desk top a while ago.

    Unfortunately, I get this when I tried to validate:

    https://www.dropbox.com/s/1ms0918ly309ayi/Screenshot%202014-05-10%2003.15.30.png

    New Report:Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Pale Moon\palemoon.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 5/10/14 3:19:37 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:10:2014 03:14
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            HPQOEM        SLIC-CPC
      FACP            HPQOEM        SLIC-CPC
      DBGP            HPQOEM        SLIC-CPC
      HPET            HPQOEM        SLIC-CPC
      MCFG            HPQOEM        SLIC-CPC
      SSDT            HPQOEM        SLIC-CPC
      SLIC            HPQOEM        SLIC-CPC

    Saturday, May 10, 2014 8:20 AM
  • If you look at your latest report, the original error is back again...

    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

    PLease run the same commands as earlier, and we'll see if they show anything this time...

    REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

    REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S              

    REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, May 10, 2014 3:28 PM
    Moderator
  • All three could not be found.

    BTW, I can't post links in these replies. How can I fix that?

    • Edited by BrainD Sunday, May 11, 2014 12:46 AM
    Saturday, May 10, 2014 7:44 PM
  • It'll fix itself after a few more days - it's an anti-spam measure (which is a bit of a PITA) - you can always break the links by changing the 'http' at the front to 'hxxp' if you want.

    Otherwise post a request in the 'Verify your account' sticky post in the forum here - http://social.microsoft.com/Forums/en-US/home?forum=reportabug

    Your result implies that you have software resident that is breaking stuff - please tell us the following details.

    Current Anti-Virus

    ALL past anti-virus products installed

    Other installed security software

    Tweaking tools installed.

    Any registry cleaners/optimisers/defraggers installed.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 11, 2014 9:37 AM
    Moderator
  • Current Anti-Virus: Notron 360 (2014), SUPERAntiSpyware, SpywareBlaster,  and Malwarebytes.

    Past Anti-virus: once a week I down load the latest FREE versions of Vipre Rescue and Norman malware cleaner. I have also had MS Security Essentials and BitDefender 2013. I can't remember any other software.

    Tweaking Tools: Tweaking.com, CCLeaner (free version), and CheckIt Diagnostics8.

    I don't think I have any registry cleaners other that what is listed. I have Diskeeper 12 (Professional version) that was a free trial. This free trial has run out, so I don't receive any updates any more.

    It is probably best to show what I have this way:

    hxxps://www.dropbox.com/s/oqwswsriqjtlakp/Screenshot%202014-05-11%2012.48.57.png

    Sunday, May 11, 2014 6:13 PM
  • I would not be at all surprised if Norton was the root of the problem - have you just upgraded it at all? BitDefender has also been known to cause the occasional problem.

    I'm not sure about Tweaking.com - I've heard good reports and bad.

    CCLeaner, is fine - but please avoid the Registry Cleaner part of it.

    CheckIt is an odd one - version 8 was launched in 2009 and I can't help feeling that it can't cope with Windows 7 - probably best uninstalled, especially as it no longer appears on their product list.

    MSE should have uninstalled cleanly - but BitDefender probably left some stuff behind...

    Please follow the instructions in http://www.bitdefender.com/support/How-to-uninstall-Bitdefender-333.html

    reboot again at the end.

    Then run the registry patch you downloaded again, and reboot - post another MGADiag report, then attempt validation.

    Post another MGADiag report, pass or fail.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 11, 2014 7:51 PM
    Moderator
  • Here is the first MGADiag Report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 5/11/14 5:36:39 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:10:2014 03:14
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HPQOEM SLIC-CPC
      FACP HPQOEM SLIC-CPC
      DBGP HPQOEM SLIC-CPC
      HPET HPQOEM SLIC-CPC
      MCFG HPQOEM SLIC-CPC
      SSDT HPQOEM SLIC-CPC
      SLIC HPQOEM SLIC-CPC

    Sunday, May 11, 2014 10:37 PM
  • Here is the second report after the Validation attempt:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 5/11/14 5:41:14 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:11:2014 17:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HPQOEM SLIC-CPC
      FACP HPQOEM SLIC-CPC
      DBGP HPQOEM SLIC-CPC
      HPET HPQOEM SLIC-CPC
      MCFG HPQOEM SLIC-CPC
      SSDT HPQOEM SLIC-CPC
      SLIC HPQOEM SLIC-CPC

    Sunday, May 11, 2014 10:42 PM
  • I did not get a success note after extracting/merging/completing the registry patch. I am not sure this was successful.
    Sunday, May 11, 2014 10:44 PM
  • It looks as if it wasn't - the error was still present in the first report.

    Please uninstall Norton (at least temporarily), and clean up using the Norton Removal Tool..

    Download the Norton Removal Tool from here https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

    Close all other programs, then run the tool. When it's complete, reboot the machine  whether it asks for it or not.

    After the reboot, open an Elevated Command Prompt, and run the following command

    NETSH WINSOCK RESET

    You'll be advised to reboot - do so.

    then post another MGADiag report.

    Run the registry patch again and see if you get a success message this time - post a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, May 12, 2014 10:14 AM
    Moderator
  • First MAGDiag Report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 5/12/14 5:45:14 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:11:2014 17:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HPQOEM SLIC-CPC
      FACP HPQOEM SLIC-CPC
      DBGP HPQOEM SLIC-CPC
      HPET HPQOEM SLIC-CPC
      MCFG HPQOEM SLIC-CPC
      SSDT HPQOEM SLIC-CPC
      SLIC HPQOEM SLIC-CPC

    I am still not seeing the registry patch work. Please give the link to me again and I will start over with it.

    Here is the second report (and this is why I don't think the registry patch is working) - 

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 5/12/14 5:55:58 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:11:2014 17:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HPQOEM SLIC-CPC
      FACP HPQOEM SLIC-CPC
      DBGP HPQOEM SLIC-CPC
      HPET HPQOEM SLIC-CPC
      MCFG HPQOEM SLIC-CPC
      SSDT HPQOEM SLIC-CPC
      SLIC HPQOEM SLIC-CPC

    BTW, what ATV/malware software would you recommend?
    • Edited by BrainD Wednesday, May 14, 2014 11:06 PM
    Monday, May 12, 2014 10:46 PM
  • First MAGDiag Report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 5/12/14 5:45:14 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:11:2014 17:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value
    OEMTableID Value
      APIC HPQOEM
    SLIC-CPC
      FACP HPQOEM
    SLIC-CPC
      DBGP HPQOEM
    SLIC-CPC
      HPET HPQOEM
    SLIC-CPC
      MCFG HPQOEM
    SLIC-CPC
      SSDT HPQOEM
    SLIC-CPC
      SLIC HPQOEM
    SLIC-CPC

    I am still not seeing the registry patch work. Please give the link to me again and I will start over with it.

    Here is the second report (and this is why I don't think the registry patch is working) - 

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 5/12/14 5:55:58 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:11:2014 17:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value
    OEMTableID Value
      APIC HPQOEM
    SLIC-CPC
      FACP HPQOEM
    SLIC-CPC
      DBGP HPQOEM
    SLIC-CPC
      HPET HPQOEM
    SLIC-CPC
      MCFG HPQOEM
    SLIC-CPC
      SSDT HPQOEM
    SLIC-CPC
      SLIC HPQOEM
    SLIC-CPC

    BTW, what ATV/malware software would you recommend?
    Saturday, May 17, 2014 11:40 PM
  • The file's still up there....

    I've uploaded a file - sluicom64.zip - to my OneDrive at  Noel's OneDrive
    
    Please download and save it to your desktop.
    
    Right-click on the saved file and select Extract all...
    
    Save it to the default location
    
    This should create a file sluicom64.reg 
    
     right-click on the file, and select Merge
    
    Accept the warnings, - you should then get a 'Success' message.
    
    Close all windows, and reboot.
    
    Run another MGADiag report, and post the results.
    

    Personally I am very happy using MSE and MalwareBytes - both free versions :)

    They are also what I recommend to 95% of my clients - the others tend to be rather esoteric users and can cope with the greater complexity of intrusive AVs or firewalls.

    I NEVER recommend using a 'Suite'-type product. Too many times, I've seen such products take over a system and make it almost unmanageable.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 18, 2014 9:15 AM
    Moderator
  • Here is are the results after completing your latest instructions:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.140303-2144
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 5/18/14 5:16:09 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 5:14:2014 18:08
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   HPQOEM  SLIC-CPC
      FACP   HPQOEM  SLIC-CPC
      DBGP   HPQOEM  SLIC-CPC
      HPET   HPQOEM  SLIC-CPC
      MCFG   HPQOEM  SLIC-CPC
      SSDT   HPQOEM  SLIC-CPC
      SLIC   HPQOEM  SLIC-CPC

    Sunday, May 18, 2014 10:18 AM
  • So far, so good - that's repaired the registry keys again.

    Now reboot a few times and see if it stays that way.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 18, 2014 11:04 AM
    Moderator
  • I have rebooted 8 times and here are the results after all that:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {399499E0-83A0-46E1-A45D-9792EABE8C83}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.140303-2144
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{399499E0-83A0-46E1-A45D-9792EABE8C83}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-649025149-514020257-970770016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>p7-1080t</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110613000000.000000+000</Date></BIOS><HWID>02F93D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-1232014
    Installation ID: 009403489793190695613624699523993334904995575671969772
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 5/18/14 2:37:56 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 5:18:2014 13:13
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAonYk6zRcJOnWF2B8Yj1YpUrNLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   HPQOEM  SLIC-CPC
      FACP   HPQOEM  SLIC-CPC
      DBGP   HPQOEM  SLIC-CPC
      HPET   HPQOEM  SLIC-CPC
      MCFG   HPQOEM  SLIC-CPC
      SSDT   HPQOEM  SLIC-CPC
      SLIC   HPQOEM  SLIC-CPC

    I also went to http://www.microsoft.com/genuine/validate/ and this also says my Windows 7 is genuine.

    Even better, my total restart time for my PC is about 88 seconds, which is what it was when it was brand new (2.5 years ago).

    Thanks very much for all your help.

    But I have another problem. My System Restore is not working. Should I open up a new Forum post for that?

    Sunday, May 18, 2014 8:05 PM
  • System Restore not working is possibly a related problem, maybe from a malware infection.

    Let's have a quick look at the VSS service and see if that's the cause - if it is, we may be able to fix it here...

    Please open an Elevated Command Prompt and run the following commands...

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\VSS

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\VSS\Settings /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl /S

    Post the results and we'll see if there's anything obvious.

    If not, then you're probably best posting a new thread in the appropriate Windows Community forum.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 18, 2014 8:29 PM
    Moderator
  • Here are the results:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\VSS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS
        DisplayName    REG_SZ    Volume Shadow Copy
        ImagePath    REG_EXPAND_SZ    %systemroot%\system32\vssvc.exe
        Description    REG_SZ    @%systemroot%\system32\vssvc.exe,-101
        ObjectName    REG_SZ    LocalSystem
        ErrorControl    REG_DWORD    0x1
        Start    REG_DWORD    0x2
        Type    REG_DWORD    0x10
        DependOnService    REG_MULTI_SZ    RPCSS
        ServiceSidType    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Providers
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\VSS\Setting
    s /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings\WritersBlockin
    gRevert
        {2707761B-2324-473D-88EB-EB007A359533}    REG_SZ    DFS-R Writer
        {D76F5A28-3092-4589-BA48-2958FB88CE29}    REG_SZ    FRS Writer
        {B2014C9E-8711-4C5C-A5A9-3CF384484757}    REG_SZ    AD Writer
        {DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD}    REG_SZ    ADAM Writer
        TornComponentsBlockRevert    REG_DWORD    0x1

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\VSS\VssAcce
    ssControl /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl
        NT Authority\NetworkService    REG_DWORD    0x1

    Sunday, May 18, 2014 8:46 PM
  • There's a couple of obvious errors there - let's see if fixing them gets things going...

    Please open an Elevated Command Prompt, and run the following commands.

    REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl /v "NT SERVICE\SQLWriter" /t REG_DWORD /d 0x1

    REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS /v Start /t REG_DWORD /d 0x3 /f

    SC START VSS

    post the results.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 18, 2014 9:26 PM
    Moderator
  • Here are the results:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    \VSS\VssAccessControl /v "NT SERVICE\SQLWriter" /t REG_DWORD /d 0x1
    The operation completed successfully.

    C:\Windows\system32>REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    \VSS /v Start /t REG_DWORD /d 0x3 /f
    The operation completed successfully.

    C:\Windows\system32>SC START VSS

    SERVICE_NAME: VSS
            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 2  START_PENDING
                                    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 5036
            FLAGS              :

    C:\Windows\system32>

    Sunday, May 18, 2014 9:41 PM
  • That looks OK now

    Is System Restore functional now? (reboot first, if you haven't already done so)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 18, 2014 9:53 PM
    Moderator
  • I was out and just got back home. There are 4 Restore points that show up on my System Restore. But, SR can not find them. This was true before we made the changes as well, so I would guess that this part can not be fixed. Is there some other way I can test to see if SR works?
    Monday, May 19, 2014 1:12 AM
  • In that case, try resetting System  Restore - it may be corrupted.

    Open Control Panel\All Control Panel Items\System

    Click on the System Protection ink in the left column.

    Click on the Configure button

    Turn off system protection in the popup, and click Apply, then OK out and reboot

    Now go back and turn System Protection back on then wait 15 minutes or so before rebooting -

    once rebooted, leave the system alone for a while, and then reboot.

    was the new System Restore point created properly?

    now make some minor system changes - do an update or two, or install a minor piece of software - then create a manual Restore point.

    Reboot, and see if you can now use System Restore to go back to the earlier point


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, May 19, 2014 10:14 AM
    Moderator
  • Unfortunately this did not work.

    Here is the error message when I tried to create a manual restore point:

    https://www.dropbox.com/s/376efbckodn0eoc/Screenshot%202014-05-19%2021.37.22.png

    Tuesday, May 20, 2014 2:43 AM
  • That may give us a clue - the problem appears to be with the VSS Writers.

    Please open an Elevated Command Prompt, and run the following command

    vssadmin list writers

    post the results.

    If (and only if) it fails completely, run the following commands...

    Takeown /f %windir%\winsxs\filemaps\* /a
    icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"
    icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"
    icacls %windir%\winsxs\filemaps\*.* /grant "BUILTIN\Users:(RX)"
    CLS
    icacls %windir%\winsxs\filemaps
    
    .

    (they could take a while!)

    post the results (the screen should be clear of anything apart from the results of the last command)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, May 20, 2014 8:46 PM
    Moderator
  • I don't think the VSS List Writers command failed, but all I received for results is this:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>vssadmin list writers
    vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
    (C) Copyright 2001-2005 Microsoft Corp.


    C:\Windows\system32>

    I did NOT run the other commands.
    • Edited by BrainD Tuesday, May 20, 2014 9:45 PM
    Tuesday, May 20, 2014 9:45 PM
  • Ouch - it looks rather as if there are some major problems.

    Let's have a look at the registry...

    Open an Elevated Command Prompt and run the following command...

    REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses /S

    Post the results - I'll look at them in the morning.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, May 20, 2014 9:57 PM
    Moderator
  • Here are the results:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\
    {26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
    fc79216}\EventClasses\{BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}-{00000000-0000-0000
    -0000-000000000000}-{00000000-0000-0000-0000-000000000000}
        Active    REG_DWORD    0x1
        AllowInprocActivation    REG_DWORD    0x0
        Description    REG_SZ    Subscribe to this event class to receive object cha
    nge notifications.
        EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        EventClassID    REG_SZ    {BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}
        EventClassName    REG_SZ    EventSystem.EventObjectChange2
        EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        FireInParallel    REG_DWORD    0xffffffff
        FiringInterfaceIID    REG_SZ    {7701A9C3-BD68-438f-83E0-67BF4F53A422}
        OwnerSID    REG_SZ    S-1-5-18
        PublisherID    REG_SZ    {BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}
        TypeLib    REG_EXPAND_SZ    %systemroot%\system32\es.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
    fc79216}\EventClasses\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}-{00000000-0000-0000
    -0000-000000000000}-{00000000-0000-0000-0000-000000000000}
        Active    REG_DWORD    0x1
        AllowInprocActivation    REG_DWORD    0x0
        Description    REG_SZ    Subscribe to this event class to receive object cha
    nge notifications
        EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        EventClassID    REG_SZ    {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
        EventClassName    REG_SZ    EventSystem.EventObjectChange
        EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        FireInParallel    REG_DWORD    0xffffffff
        FiringInterfaceIID    REG_SZ    {F4A07D70-2E25-11D1-9964-00C04FBBB345}
        OwnerSID    REG_SZ    S-1-5-18
        PublisherID    REG_SZ    {D0564C30-9DF4-11D1-A281-00C04FCA0AA7}
        TypeLib    REG_EXPAND_SZ    %systemroot%\system32\es.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
    fc79216}\EventClasses\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000
    -0000-000000000000}-{00000000-0000-0000-0000-000000000000}
        Active    REG_DWORD    0x1
        EventClassID    REG_SZ    {D5978620-5B9F-11D1-8DD2-00AA004ABD5E}
        EventClassName    REG_SZ    SENS Network Events
        OwnerSID    REG_SZ    S-1-5-18
        FiringInterfaceIID    REG_SZ    {D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}
        AllowInprocActivation    REG_DWORD    0xffffffff
        FireInParallel    REG_DWORD    0x0
        EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
    fc79216}\EventClasses\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000
    -0000-000000000000}-{00000000-0000-0000-0000-000000000000}
        Active    REG_DWORD    0x1
        EventClassID    REG_SZ    {D5978630-5B9F-11D1-8DD2-00AA004ABD5E}
        EventClassName    REG_SZ    SENS Logon Events
        OwnerSID    REG_SZ    S-1-5-18
        FiringInterfaceIID    REG_SZ    {D597BAB3-5B9F-11D1-8DD2-00AA004ABD5E}
        AllowInprocActivation    REG_DWORD    0xffffffff
        FireInParallel    REG_DWORD    0x0
        EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        SerialFiringTimeout    REG_DWORD    0x2bf20

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
    fc79216}\EventClasses\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000
    -0000-000000000000}-{00000000-0000-0000-0000-000000000000}
        Active    REG_DWORD    0x1
        EventClassID    REG_SZ    {D5978640-5B9F-11D1-8DD2-00AA004ABD5E}
        EventClassName    REG_SZ    SENS OnNow Events
        OwnerSID    REG_SZ    S-1-5-18
        FiringInterfaceIID    REG_SZ    {D597BAB2-5B9F-11D1-8DD2-00AA004ABD5E}
        AllowInprocActivation    REG_DWORD    0xffffffff
        FireInParallel    REG_DWORD    0x0
        EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
    fc79216}\EventClasses\{D5978650-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000
    -0000-000000000000}-{00000000-0000-0000-0000-000000000000}
        Active    REG_DWORD    0x1
        EventClassID    REG_SZ    {D5978650-5B9F-11D1-8DD2-00AA004ABD5E}
        EventClassName    REG_SZ    SENS Logon2 Events
        OwnerSID    REG_SZ    S-1-5-18
        FiringInterfaceIID    REG_SZ    {D597BAB4-5B9F-11D1-8DD2-00AA004ABD5E}
        AllowInprocActivation    REG_DWORD    0xffffffff
        FireInParallel    REG_DWORD    0x0
        EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        SerialFiringTimeout    REG_DWORD    0x2bf20

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
    fc79216}\EventClasses\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}-{00000000-0000-0000
    -0000-000000000000}-{00000000-0000-0000-0000-000000000000}
        Active    REG_DWORD    0x1
        AllowInprocActivation    REG_DWORD    0xffffffff
        EventClassID    REG_SZ    {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
        EventClassName    REG_SZ    ComEvents.ComServiceEvents
        FireInParallel    REG_DWORD    0x0
        EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        OwnerSID    REG_SZ    S-1-5-18
        Typelib    REG_EXPAND_SZ    %windir%\system32\comsvcs.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
    fc79216}\EventClasses\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}-{00000000-0000-0000
    -0000-000000000000}-{00000000-0000-0000-0000-000000000000}
        Active    REG_DWORD    0x1
        AllowInprocActivation    REG_DWORD    0xffffffff
        EventClassID    REG_SZ    {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
        EventClassName    REG_SZ    ComEvents.ComSystemAppEventData
        FireInParallel    REG_DWORD    0x0
        EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        OwnerSID    REG_SZ    S-1-5-18
        Typelib    REG_EXPAND_SZ    %windir%\system32\comsvcs.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805
    fc79216}\EventClasses\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}-{00000000-0000-0000
    -0000-000000000000}-{00000000-0000-0000-0000-000000000000}
        Active    REG_DWORD    0x1
        EventClassID    REG_SZ    {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
        EventClassName    REG_SZ    VssEvent
        OwnerSID    REG_SZ    S-1-5-18
        TypeLib    REG_EXPAND_SZ    %systemroot%\system32\EVENTCLS.DLL
        AllowInprocActivation    REG_DWORD    0xffffffff
        FireInParallel    REG_DWORD    0x0
        EventClassPartitionID    REG_SZ    {00000000-0000-0000-0000-000000000000}
        EventClassApplicationID    REG_SZ    {00000000-0000-0000-0000-000000000000}


    C:\Windows\system32>

    Thanks for looking at this. Could Norton 360 have caused this as well (I have NOT reinstalled Norton 360)??

    Tuesday, May 20, 2014 11:02 PM
  • In addition to the previous post, here is the error message when I tried to create a manual restore point:

    https://www.dropbox....19 21.37.22.png

    Sunday, May 25, 2014 12:17 AM
  • I think I've taken this as far as I feel comfortable doing - the results above are normal, so far as I can see.

    I think you'd be best reposting in the Windows Community forums at http://answers.microsoft.com/en-us/windows/forum/windows_7-system

    detail your symptoms, and include a link to this thread so people can see what we've already done.

    Good Luck!


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 25, 2014 10:27 AM
    Moderator
  • Ok, thanks for your help. I appreciate it greatly. The genuine W7 systems problem was the worst problem and that is fixed! Thanks again. 
    Sunday, May 25, 2014 7:08 PM
  • I did the complete W7 reinstall and System Restore seems to be working now. Thanks for your help.
    Wednesday, May 28, 2014 1:09 AM