Remove From My Forums

Windows Vista Build 6002 This copy of Windows is not Genuine

Question
0

Sign in to vote

I have had my Toshiba for a few years bought from a PC shop so I know it was a genuine vista windows.

I have tried a few of the suugestions to fix this but nothing works,cant even find a restore point.

Any help to what can be done?

Sunday, December 15, 2013 2:25 AM

Reply

|

Quote

Answers

0

Sign in to vote
That's still the same - I was hoping that the corrections we'd made would have at least changed the error message.

Unfortunately, There's not a lot more I can do.

There is stuff that can be done, but it doesn't really lend itself to being done in a forum context. (there's a relevant article in TechNet for one of your event viewer errors - which basically says 'phone MS and pay us to fix it for you').

Your best option may be a repair install, as there are a number of outstanding issues. Unfortunately, a repair install of Vista isn't necessarily a simple matter.

See the instructions here, and whether you think you're up to following them...

http://www.vistax64.com/tutorials/88236-repair-install-vista.html

If you want to have a go, then back up all data to external media first, and ask questions in the Vistax64 forum - they are friendly folk (I know - I'm one of them) :)

If not, then I can understand. Your best options would then be to get a techie to do the job, or to use the computer's Recovery media to clean install from scratch.

Sorry - but I think that's your best options at this point. :(

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Proposed as answer by Noel D PatonEditor Tuesday, December 24, 2013 9:33 AM
- Marked as answer by Noel D PatonEditor Tuesday, December 31, 2013 10:24 AM
Thursday, December 19, 2013 2:28 PM

Reply

|

Quote

Moderator

All replies

0

Sign in to vote

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Invalid License
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
Windows Product ID: 89578-OEM-7332157-00237
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {7509D39D-C287-4E95-AAFC-C2D8CB901A3C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.130707-1535
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: 100
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_FCEE394C-458-8007007e_025D1FF3-344-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7509D39D-C287-4E95-AAFC-C2D8CB901A3C}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-1261831544-69496413-3973043942</SID><SYSTEM/><BIOS/><HWID>0A313507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>1D91A574F08AD7A</Val><Hash>6/oA2me/ndVfKRsEwj8dP0Sk6LA=</Hash><Pid>70145-701-0352281-57907</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
CScript Error: Can't find script engine "VBScript" for script "C:\Windows\system32\slmgr.vbs".

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OgAAAAEABgABAAEAAQABAAAAAwABAAEAJJRy+kzWIEd8D16rTBNCEEaDxnVYt/L00DZW4QaHrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC   TOSINV  TOSINV00
FACP   TOSINV  TOSINV00
HPET   TOSINV  TOSINV00
BOOT   TOSINV  TOSINV00
MCFG   TOSINV  TOSINV00
ASF!   TOSINV  TOSINV00
SLIC   TOSINV  TOSINV00
SSDT   PmRef  CpuPm

Sunday, December 15, 2013 3:47 AM

Reply

|

Quote
0

Sign in to vote

"CScript Error: Can't find script engine "VBScript" for script "C:\Windows\system32\slmgr.vbs"."

CScript Error- Can't find script engine VBScript -alternate solution should help.

If not, please give the EXACT error messages you get when attempting the fix.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Sunday, December 15, 2013 11:02 AM

Reply

|

Quote

Moderator
0

Sign in to vote

I am unsure what to do :-( Iam not computer savvy

Sunday, December 15, 2013 11:22 AM

Reply

|

Quote
0

Sign in to vote
OK - I'll take it in easy steps :)

First, let's have some of the history of this machine.

Since it's a Toshiba, it probably shipped with an Anti-Virus already installed - which one?

What Anti-Virus is currently installed? (and what others have been installed in the meantime?)

Please open an Elevated Command Prompt, and run the following commands...

HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32 HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32 .

Post the results in your reply.

Here are some instructions to make life easier :)

1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.

2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.

3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
Sunday, December 15, 2013 11:52 AM

Reply

|

Quote

Moderator
0

Sign in to vote

My machine didnt have a antivirus when I bought it but ran one I got through our business. kapi something when that ran out I now run a windows free one.

Sunday, December 15, 2013 12:40 PM

Reply

|

Quote
0

Sign in to vote

HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32

Sunday, December 15, 2013 12:45 PM

Reply

|

Quote
0

Sign in to vote

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Belinda>HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer3
2
The system cannot find the path specified.

C:\Users\Belinda>
C:\Users\Belinda>HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer3
2
The system cannot find the path specified.

C:\Users\Belinda>HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32

The system cannot find the path specified.

C:\Users\Belinda>

Sunday, December 15, 2013 12:46 PM

Reply

|

Quote
0

Sign in to vote
It sound like you may have had Kaspersky installed?

If so, then follow the instructions here http://support.kaspersky.com/common/service.aspx?el=1464 before running the commands below.

Once completed, please run these commands...

REG QUERY HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 REG QUERY HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32 REG QUERY HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32 .

post the results.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Edited by Noel D PatonEditor Sunday, December 15, 2013 1:34 PM
Sunday, December 15, 2013 1:33 PM

Reply

|

Quote

Moderator
0

Sign in to vote

Hi

I did a year or so back.

But now just run the free microsoft windows one.

Sunday, December 15, 2013 1:36 PM

Reply

|

Quote
0

Sign in to vote

All anti-virus programs tend to leave stuff behind when uninstalled using the built-in tools - please run the cleanup tool I pointed at, then the commands so we can see the effects.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Sunday, December 15, 2013 1:41 PM

Reply

|

Quote

Moderator
0

Sign in to vote

REG QUERY HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32

Not sure what I have done wrong but nothing but the above will paste in here???

Monday, December 16, 2013 12:24 AM

Reply

|

Quote
0

Sign in to vote

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Belinda>
C:\Users\Belinda>REG QUERY HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Inp
rocServer32

HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
    (Default)    REG_SZ    C:\Windows\system32\vbscript.dll
    ThreadingModel    REG_SZ    Both

C:\Users\Belinda>REG QUERY HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\Inp
rocServer32

HKEY_CLASSES_ROOT\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32
    (Default)    REG_SZ    C:\Windows\system32\vbscript.dll
    ThreadingModel    REG_SZ    Apartment

C:\Users\Belinda>REG QUERY HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1
.0\0\win32

HKEY_CLASSES_ROOT\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32
    (Default)    REG_SZ    C:\Windows\system32\vbscript.dll\2

C:\Users\Belinda>
C:\Users\Belinda>
C:\Users\Belinda>

Monday, December 16, 2013 12:25 AM

Reply

|

Quote
0

Sign in to vote

The forums did seem to be acting up a bit last night!

That output is normal

Try running the MGADiag tool again - post the new results.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Monday, December 16, 2013 8:12 AM

Reply

|

Quote

Moderator
0

Sign in to vote

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Invalid License
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
Windows Product ID: 89578-OEM-7332157-00237
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {7509D39D-C287-4E95-AAFC-C2D8CB901A3C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.130707-1535
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: 100
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_FCEE394C-458-8007007e_025D1FF3-344-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7509D39D-C287-4E95-AAFC-C2D8CB901A3C}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-1261831544-69496413-3973043942</SID><SYSTEM/><BIOS/><HWID>0A313507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>1D91A574F08AD7A</Val><Hash>6/oA2me/ndVfKRsEwj8dP0Sk6LA=</Hash><Pid>70145-701-0352281-57907</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
C:\Windows\system32\slmgr.vbs(2000, 5) Microsoft VBScript runtime error: Object required: 'g_objWMIService'

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OgAAAAEABgABAAEAAQABAAAAAwABAAEAJJRy+kzWIEd8D16rTBNCEEaDxnVYt/L00DZW4QaHrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC   TOSINV  TOSINV00
FACP   TOSINV  TOSINV00
HPET   TOSINV  TOSINV00
BOOT   TOSINV  TOSINV00
MCFG   TOSINV  TOSINV00
ASF!   TOSINV  TOSINV00
SLIC   TOSINV  TOSINV00
SSDT   PmRef  CpuPm

Monday, December 16, 2013 8:21 AM

Reply

|

Quote
0

Sign in to vote

Is this the product key that is underneath the laptop?
Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F

Cos when I looked underneath it is different to this..

Monday, December 16, 2013 8:24 AM

Reply

|

Quote
0

Sign in to vote

Computers that come pre-installed with Windows from large manufacturers usually come with two Product Keys.

OEM SLP: This is the key that came in Windows (from the factory). It works by connecting to a BIOS flag (the SLIC table) found only on computers from that Manufacturer. It also checks for the existence of proper matching licenses in the OS itself. Once it sees both, it self-activates every time the machine is rebooted.

COA SLP: This is the key seen on the sticker located on the side, bottom or in the battery compartment of your machine. This key is for use if the OEM SLP self-activation stops working for whatever reason.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Monday, December 16, 2013 10:02 AM

Reply

|

Quote

Moderator
0

Sign in to vote

Licensing Data-->
C:\Windows\system32\slmgr.vbs(2000, 5) Microsoft VBScript runtime error: Object required: 'g_objWMIService'

Now that's an error I know I've never seen before!

I wonder if this indicates a problem with the WMI service (TrustedInstaller)?

Please open an elevated Command Prompt, and run the following commands...

SC QC TRUSTEDINSTALLER

SC QUERYEX TRUSTEDINSTALLER

SC SDSHOW TRUSTEDINSTALLER

SC QSIDTYPE TRUSTEDINSTALLER

SC QPRIVS TRUSTEDINSTALLER

Post the results.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Monday, December 16, 2013 5:35 PM

Reply

|

Quote

Moderator
0

Sign in to vote

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Belinda>SC QC TRUSTEDINSTALLER
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: TRUSTEDINSTALLER
        TYPE               : 10 WIN32_OWN_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\servicing\TrustedInstaller.exe
        LOAD_ORDER_GROUP   : ProfSvc_Group
        TAG                : 0
        DISPLAY_NAME       : Windows Modules Installer
        DEPENDENCIES       :
        SERVICE_START_NAME : localSystem

C:\Users\Belinda>SC QUERYEX TRUSTEDINSTALLER

SERVICE_NAME: TRUSTEDINSTALLER
        TYPE               : 10 WIN32_OWN_PROCESS
        STATE              : 1 STOPPED
        WIN32_EXIT_CODE    : 1077 (0x435)
        SERVICE_EXIT_CODE : 0 (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

C:\Users\Belinda>SC SDSHOW TRUSTEDINSTALLER

D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRRC;;;BA)(A;;CCLCSW
LOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;SAFA;WDWO;;;BA)

C:\Users\Belinda>SC QSIDTYPE TRUSTEDINSTALLER
[SC] QueryServiceConfig2 SUCCESS

SERVICE_NAME: TRUSTEDINSTALLER
SERVICE_SID_TYPE: UNRESTRICTED

C:\Users\Belinda>SC QPRIVS TRUSTEDINSTALLER
[SC] QueryServiceConfig2 SUCCESS

SERVICE_NAME: TRUSTEDINSTALLER
        PRIVILEGES       :

C:\Users\Belinda>
C:\Users\Belinda>

Tuesday, December 17, 2013 3:32 AM

Reply

|

Quote
0

Sign in to vote

That all looks normal apart from the 'which indicates that the service hasn't even attempted to start since booting (very unusual!)

Please download the Farbar Service Scanner from

http://www.bleepingcomputer.com/download/farbar-service-scanner/

Right-click on the saved file and select 'Run as Administrator', and tick all the options, then click on the Scan button - copy and paste the report to your response.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Tuesday, December 17, 2013 8:00 AM

Reply

|

Quote

Moderator
0

Sign in to vote

arbar Service Scanner Version: 05-12-2013
Ran by Belinda (administrator) on 17-12-2013 at 16:10:48
Running from "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03ZJSW64"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-15 07:56] - [2013-07-05 11:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Tuesday, December 17, 2013 8:12 AM

Reply

|

Quote
0

Sign in to vote

OUCH!

You've obviously had some severe malware infection (ZeroAccess, probably)

Download the removal tool from here... http://kb.eset.com/esetkb/index?page=content&id=SOLN2895 and follow the instructions.

When complete, run the Farbar scanner again, and post the new results.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Tuesday, December 17, 2013 8:21 AM

Reply

|

Quote

Moderator
0

Sign in to vote

Yes I did a while back no idea where it came from but thought it had been resolved..

will run and post, thanks

Tuesday, December 17, 2013 8:24 AM

Reply

|

Quote
0

Sign in to vote

    ....................................
..::::::::::::::::::....................
.::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Sirefef
.::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.1.0.15
.::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Nov 14 2013
.::EE:::::::::::::SS:.EE..........TT......
.::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright (c) ESET, spol. s r.o.
..::::::::::::::::::....................    1992-2013. All rights reserved.
    ....................................

-------------------------------------------------------------------------------

OS: 6.0.6002 SP2
Product Type: Workstation
WoW64: False
Machine guid: 83150B16-E79F-4F37-973D-72866ADF8BA6

-------------------------------------------------------------------------------
Scanning for system infection...
-------------------------------------------------------------------------------

Threat Not Found
You don't have Win32/Sirefef in your system.___________________ [Press Any Key]

Tuesday, December 17, 2013 8:31 AM

Reply

|

Quote
0

Sign in to vote

Oh heck - we'll have to try and fix the service problems another way, then.

Back later - I'm at work at the moment.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Tuesday, December 17, 2013 9:21 AM

Reply

|

Quote

Moderator
0

Sign in to vote

Ok thankyou,

Tuesday, December 17, 2013 9:27 AM

Reply

|

Quote
0

Sign in to vote

Download the Windows Repair All-in-one tool from here http://www.tweaking.com/content/page/windows_repair_all_in_one.html

Run is - UNSELECT all options, then select ONLY the 'Restore Important Windows Services' option, and run the tool.

Follow any instructions - then reboot again, and run the Farbar Service Scanner again - pot the new log

Then run the MGADiag tool again, and post that result.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Tuesday, December 17, 2013 4:25 PM

Reply

|

Quote

Moderator
0

Sign in to vote

Farbar Service Scanner Version: 05-12-2013
Ran by Belinda (administrator) on 18-12-2013 at 14:02:51
Running from "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54XKFW7G"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-15 07:56] - [2013-07-05 11:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Wednesday, December 18, 2013 6:03 AM

Reply

|

Quote
0

Sign in to vote

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Invalid License
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
Windows Product ID: 89578-OEM-7332157-00237
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {7509D39D-C287-4E95-AAFC-C2D8CB901A3C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.130707-1535
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: 100
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_FCEE394C-458-8007007e_025D1FF3-344-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7509D39D-C287-4E95-AAFC-C2D8CB901A3C}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-1261831544-69496413-3973043942</SID><SYSTEM/><BIOS/><HWID>0A313507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>1D91A574F08AD7A</Val><Hash>6/oA2me/ndVfKRsEwj8dP0Sk6LA=</Hash><Pid>70145-701-0352281-57907</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
C:\Windows\system32\slmgr.vbs(2000, 5) Microsoft VBScript runtime error: Object required: 'g_objWMIService'

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OgAAAAEABgABAAEAAQABAAAAAwABAAEAJJRy+kzWIEd8D16rTBNCEEaDxnVYt/L00DZW4QaHrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC   TOSINV  TOSINV00
FACP   TOSINV  TOSINV00
HPET   TOSINV  TOSINV00
BOOT   TOSINV  TOSINV00
MCFG   TOSINV  TOSINV00
ASF!   TOSINV  TOSINV00
SLIC   TOSINV  TOSINV00
SSDT   PmRef  CpuPm

Wednesday, December 18, 2013 6:06 AM

Reply

|

Quote
0

Sign in to vote

Well, we got the Windows Update services running again, at least :)

The problem with the MGADiag report still remains, though.

Please post the results to these commands

NET START TRUSTEDINSTALLER

SC QC TRUSTEDINSTALLER

Open Event Viewer

click on the Windows logs entry in the left pane to expand it.

Now click on the Application entry - wait while it loads.

Click on 'File' in the menu bar and select Save...

Save the file as
Appevt.evtx

Repeat for the
System log

then zip both,
and upload them to your Skydrive or other favoured fileshare site, and post a link.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Wednesday, December 18, 2013 9:17 AM

Reply

|

Quote

Moderator
0

Sign in to vote

in the file on menu bar there is nothing that says Save just options and exit..nothing in options to say save..

Wednesday, December 18, 2013 9:25 AM

Reply

|

Quote
0

Sign in to vote

plus i dont have a file share site not sure what you mean.

Told you Im not computer savvy so sorry...you have been awesome helping me appreciate it so much.

Wednesday, December 18, 2013 9:28 AM

Reply

|

Quote
0

Sign in to vote

Try this set of instructins instead...

Please open Event Viewer (eventvwr.msc)

In the left pane, navigate to the Windows Logs

right-click on Applications and select 'Save all events as...' save as Apps.evtx

repeat
for the System logs - save as Sys.evtx

Compress both files,

You almost certainly have a SkyDrive account - visit http://skydrive.live.com and see

If you install the tool, you can use it like another folder on your hard drive, and just copy files into it - for our purposes you would need to add the files to the Public subfolder, and then post a link to that folder from the site.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Wednesday, December 18, 2013 9:40 AM

Reply

|

Quote

Moderator
0

Sign in to vote

I have put files in sky drive how do I get them here. I highlighted the address bar and copied into here but it wont let me send.. :-(

bangs head!!!

Wednesday, December 18, 2013 10:06 AM

Reply

|

Quote
0

Sign in to vote

:)

That's possibly this forum's anti-spam protection getting in the way.

Copy the link into your reply, then change the 'http' at the front to 'hxxp'

That will 'break' the link and allow the reply to be posted.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Wednesday, December 18, 2013 10:34 AM

Reply

|

Quote

Moderator
0

Sign in to vote

When I put in the link it comes up as "body txt cannot contain images or links until we are able to verify your account

Wednesday, December 18, 2013 10:59 AM

Reply

|

Quote
0

Sign in to vote

In that case copy the link to Notepad, edit it there, and then copy the edited link to the reply :)

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Wednesday, December 18, 2013 11:28 AM

Reply

|

Quote

Moderator
0

Sign in to vote
https://skydrive.live.com/?mkt=en-AU&v=FirstRunView#cid=2FCF936706473570&id=2FCF936706473570%21133
- Edited by Noel D PatonEditor Wednesday, December 18, 2013 12:24 PM fix link
Wednesday, December 18, 2013 11:57 AM

Reply

|

Quote
0

Sign in to vote

Got 'em - well done!

Back later after I've had a chance to digest them.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Wednesday, December 18, 2013 12:26 PM

Reply

|

Quote

Moderator
0

Sign in to vote

There are a huge number of update-related errors - which is not surprising with the errors we've seen in the relevant services.

It's likely that as a result, there will be file problems, so...

run the SFC.

SFC -System File Checker - Instructions

Click on Start > All Programs > Accessories

Right-click on the Command Prompt entry

Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

At the Command prompt, type

SFC /SCANNOW

and hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.

Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive Public folder and post a link to it so that I can take a look.

Please download and save the CheckSUR tool from http://support.microsoft.com/kb/947821

(you'll need to look in the details for Windows 7, downloading from the Microsoft Download Center)

Run it - The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on how much it has to do, and may exit silently - it may appear to freeze for most of that time, but be patient.

The result is logged in the C:\Windows\Logs\CBS\CheckSUR.log file - and an archive …\checksur.persist.log file

Then zip the CheckSUR.log and upload it to your SkyDrive Public folder so I can take a look - post a link in your reply.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Wednesday, December 18, 2013 12:48 PM

Reply

|

Quote

Moderator
0

Sign in to vote

I will do this in the morning,

its 9.15pm here.

thanks for the help today

cheers

Wednesday, December 18, 2013 1:14 PM

Reply

|

Quote
0

Sign in to vote
https://skydrive.live.com/#cid=2FCF936706473570&id=2FCF936706473570%21133
- Edited by Noel D PatonEditor Thursday, December 19, 2013 7:53 AM fix link
Thursday, December 19, 2013 6:46 AM

Reply

|

Quote

Interesting - in the two SFC scans you ran, the first found the following problem, and fixed it...

	Line 21366: 2013-12-18 13:02:33, Info                  CSI    000001e6 [SR] Repairing 1 components
	Line 21367: 2013-12-18 13:02:33, Info                  CSI    000001e7 [SR] Beginning Verify and Repair transaction
	Line 21368: 2013-12-18 13:02:33, Info                  CSI    000001e8 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
	Line 21369: 2013-12-18 13:02:33, Info                  CSI    000001e9 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store

The second confirmed that the fix had worked

These two files are involved with the WMI services and may be either cause or effect.

VERY interesting - here's the summary from the CheckSUR report...

Summary:
Seconds executed: 2366
 Found 12 errors
 Fixed 12 errors
  CSI Payload File Missing Total count: 12
  Fixed: CSI Payload File Missing.  Total count: 12

Checking CoreOS key for repairing corruptions.
Winner version: 6.0.6002.18971.
Processor architecture: x86.
Check key to be repaired: wcm://Microsoft-Windows-CoreOS?version=6.0.6002.18971&language=neutral&processorArchitecture=x86&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\elements\ComputerName
Recreated value: @_type.
Recreated value: @dataOnly.
Recreated value: @default.
Recreated value: @description.
Recreated value: @displayName.
Recreated value: @handler.
Recreated value: @legacyName.
Recreated value: @legacyType.
Recreated value: @migrate.
Recreated value: @scope.
Recreated value: @xsd:type.

I have never seen the 'CoreOS' section before in the 1000 or so CheckSUR logs I've read!

It may explain some of the problems we've been having.

Please run another MGADiag report and post it, and we'll see if anything has changed.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Thursday, December 19, 2013 8:01 AM

Moderator

0

Sign in to vote

hxxps://skydrive.live.com/#cid=2FCF936706473570&id=2FCF936706473570%21133

Thursday, December 19, 2013 8:05 AM

Reply

|

Quote
0

Sign in to vote

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Invalid License
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
Windows Product ID: 89578-OEM-7332157-00237
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {7509D39D-C287-4E95-AAFC-C2D8CB901A3C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.130707-1535
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: 100
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_FCEE394C-458-8007007e_025D1FF3-344-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7509D39D-C287-4E95-AAFC-C2D8CB901A3C}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-1261831544-69496413-3973043942</SID><SYSTEM/><BIOS/><HWID>0A313507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>1D91A574F08AD7A</Val><Hash>6/oA2me/ndVfKRsEwj8dP0Sk6LA=</Hash><Pid>70145-701-0352281-57907</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
C:\Windows\system32\slmgr.vbs(2000, 5) Microsoft VBScript runtime error: Object required: 'g_objWMIService'

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OgAAAAEABgABAAEAAQABAAAAAwABAAEAJJRy+kzWIEd8D16rTBNCEEaDxnVYt/L00DZW4QaHrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC   TOSINV  TOSINV00
FACP   TOSINV  TOSINV00
HPET   TOSINV  TOSINV00
BOOT   TOSINV  TOSINV00
MCFG   TOSINV  TOSINV00
ASF!   TOSINV  TOSINV00
SLIC   TOSINV  TOSINV00
SSDT   PmRef  CpuPm

Thursday, December 19, 2013 8:12 AM

Reply

|

Quote
0

Sign in to vote
That's still the same - I was hoping that the corrections we'd made would have at least changed the error message.

Unfortunately, There's not a lot more I can do.

There is stuff that can be done, but it doesn't really lend itself to being done in a forum context. (there's a relevant article in TechNet for one of your event viewer errors - which basically says 'phone MS and pay us to fix it for you').

Your best option may be a repair install, as there are a number of outstanding issues. Unfortunately, a repair install of Vista isn't necessarily a simple matter.

See the instructions here, and whether you think you're up to following them...

http://www.vistax64.com/tutorials/88236-repair-install-vista.html

If you want to have a go, then back up all data to external media first, and ask questions in the Vistax64 forum - they are friendly folk (I know - I'm one of them) :)

If not, then I can understand. Your best options would then be to get a techie to do the job, or to use the computer's Recovery media to clean install from scratch.

Sorry - but I think that's your best options at this point. :(

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Proposed as answer by Noel D PatonEditor Tuesday, December 24, 2013 9:33 AM
- Marked as answer by Noel D PatonEditor Tuesday, December 31, 2013 10:24 AM
Thursday, December 19, 2013 2:28 PM

Reply

|

Quote

Moderator
0

Sign in to vote

Thanks so much for your help, dont think I want to do a reinstall might just leave things as they are and look at buying a new laptop next year sometime.

Friday, December 20, 2013 1:11 AM

Reply

|

Quote
0

Sign in to vote

The situation shouldn't get any worse than it already is - if it does, then come back, and we'll see what we can do.

Have a good Xmas and New Year!

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Friday, December 20, 2013 3:59 PM

Reply

|

Quote

Moderator
0

Sign in to vote

Report Chẩn đoán (1.9.0027.0):
---------------------------------------- -
Windows Mã sản phẩm Windows: ***** - ***** - JQMWD-2QJRJ-RJ34F Khóa sản phẩm Windows (Windows Product Key) - Kiểm tra tính
hợp lệ của
sản phẩm -> Xác nhận hợp lệ -> Xác nhận Tình trạng: Xác minh Giấy phép Không hợp lệ Số : 50 Cached Xác nhận
trực tuyến Mã số: N / A, hr = 0xc004f012 Hash: R8gPTEFMoOygFoot0 / uOoWMpz68 = Windows Product ID: 89578-OEM-7332157-00237 Windows Loại sản phẩm : 2 Windows Loại giấy phép: OEM SLP Phiên bản Hệ điều hành Windows: 6.0.6002.2.00010300.2.0.003 ID:(7509D39D-C287-4E95-AAFC-C2D8CB901A3C) (3) Có phải quản trị viên: Có TestCab: 0x0 LegitcheckControl ActiveX: N / A, hr = 0x80070002 Đăng ký bởi: N / A, hr = 0x80070002 Tên sản phẩm: Windows Vista (TM) Home Premium Kiến trúc: 0x00000000 Xây dựng phòng thí nghiệm: 6002.vistasp2_gdr.130707-1535 TTS Lỗi: Xác nhận Chẩn đoán: Nghị quyết Tình trạng: N / AXác định Chẩn đoán: Nghị quyết Tình trạng: N / AXác định Chẩn đoán: Nghị quyết Tình trạng: N / A

Dữ liệu Wgaer của Vista ->
ThreatID: N / A, hr = 0x80070002
Phiên bản: 6.0.6002.16398

Dữ liệu Thông báo của Windows XP ->
Kết quả Cached: N / A, hr = 0x80070002
Tồn tại tệp: Không
Phiên bản: N / A, hr = 0x80070002
WgaTray.exe Đăng ký: N / A, hr = 0x80070002
WgaLogon.dll Đã ký: N / A, hr = 0x80070002

OGA Thông báo Dữ liệu ->
Cached Kết quả: 100
Phiên bản: 2.0.48.0
OGAExec.exe Ký bởi: Microsoft
OGAAddin.dll Ký bởi: Microsoft

OGA Data ->
Office Tình trạng: 100 chính hãng
Microsoft Office Professional 2003 - 100 chính hãng
OGA Phiên bản: Registered, 2.0.48.0
Đã ký bởi: Chẩn đoán
Office của Microsoft: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_FCEE394C-458-8007007e_025D1FF3 -344-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Dữ liệu Trình duyệt ->
Cài đặt Proxy: http = 127.0.0.1: 16110; https = 127.0.0.1: 16110
User Agent: Mozilla / 4.0 (tương thích, MSIE 8.0; Win32)
Trình duyệt mặc định: C: \ Program Files \ Internet Explorer \ iexplore .exe
Tải về ký kết các điều khiển ActiveX: Prompt
Tải unsigned ActiveX controls: Disabled
Chạy điều khiển ActiveX và plug-ins: Được phép
Initialize và kịch bản điều khiển ActiveX không được đánh dấu là an toàn: Disabled
phép kịch bản kiểm soát Internet Explorer WebBrowser: Disabled
Active scripting: Được phép
điều khiển ActiveX script Được đánh dấu là an toàn cho việc viết kịch bản: Được cho phép

File Scan Data ->

Các dữ liệu khác ->
Chi tiết văn phòng: <GenuineResults> <MachineData> <UGUID> {7509D39D-C287-4E95-AAFC-C2D8CB901A3C} </ UGUID> <Version> 1.9.0027.0 </ Version> <OS> 6.0.6002.2.00010300.2 .0.003 </ OS> <Kiến trúc> x32 </ Kiến trúc> <PKey> ***** - ***** - ***** - ***** - RJ34F </ PKey> <PID> 89578 -OEM-7332157-00237 </ PID> <PIDType> 2 </ PIDType> <SID> S-1-5-21-1261831544-69496413-3973043942 </ SID> <SYSTEM /> <BIOS /> <HWID> 0A313507018400FA </ HWID> <UserLCID> 0C09 </ UserLCID> <SystemLCID> 0409 </ SystemLCID> <TimeZone> W. Giờ chuẩn của Úc (GMT + 08: 00) </ TimeZone> <iJoin> 0 </ iJoin> <SBID> <stat> 3 </ stat> <msppid> </ msppid> <tên> </ name> <model> </ Mô hình> <

Spsys.log Nội dung: 0x80070002

Giấy phép dữ liệu ->
C: \ Windows \ system32 \ slmgr.vbs (2000, 5) Microsoft VBScript runtime lỗi: Object yêu cầu: 'g_objWMIService'

Công nghệ Kích hoạt Windows ->
Không áp dụng

Dữ liệu HWID ->
Hash hiện tại Hash: OgAAAAEABgABAAEAAQABAAAAAwABAAEAJJRy + kzWIEd8D16rTBNCEEaDxnVYt / L00DZW4QaHrFYqhQ ==

Dữ liệu Kích hoạt OEM 1.0 ->
Không áp dụng

Kích hoạt dữ liệu OEM 2.0 ->
BIOS có hiệu lực đối với OA 2.0: Có Đánh
dấu Windows phiên bản: 0x20000
OEMID và OEMTableID Tuân thủ: Có Thông tin
BIOS:
ACPI Tên bảng Giá trị OEMID Giá OEMTableID
APOS TOSINV TOSINV00
FACP TOSINV00 HPOS
TOSINV00
TOSINV00 TOSINV00
MCFG TOSINV TOSINV00
ASF! TOSINV TOSINV00
SLIC TOSINV TOSINV00
SSDT PmRef CpuPm

Monday, May 15, 2017 6:30 PM

Reply

|

Quote

Answered by:

Windows Vista Build 6002 This copy of Windows is not Genuine

Question

Answers

All replies