Windows Vista Build 6002 This copy of Windows is not Genuine

All replies

• 

  

  0

  Sign in to vote

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  Validation Status: Invalid License
  Validation Code: 50
  Cached Online Validation Code: N/A, hr = 0xc004f012
  Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
  Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
  Windows Product ID: 89578-OEM-7332157-00237
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.0.6002.2.00010300.2.0.003
  ID: {7509D39D-C287-4E95-AAFC-C2D8CB901A3C}(1)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows Vista (TM) Home Premium
  Architecture: 0x00000000
  Build lab: 6002.vistasp2_gdr.130707-1535
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A

  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: 6.0.6002.16398

  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002

  OGA Notifications Data-->
  Cached Result: 100
  Version: 2.0.48.0
  OGAExec.exe Signed By: Microsoft
  OGAAddin.dll Signed By: Microsoft

  OGA Data-->
  Office Status: 100 Genuine
  Microsoft Office Professional Edition 2003 - 100 Genuine
  OGA Version: Registered, 2.0.48.0
  Signed By: Microsoft
  Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_FCEE394C-458-8007007e_025D1FF3-344-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

  Browser Data-->
  Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed

  File Scan Data-->

  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{7509D39D-C287-4E95-AAFC-C2D8CB901A3C}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-1261831544-69496413-3973043942</SID><SYSTEM/><BIOS/><HWID>0A313507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>1D91A574F08AD7A</Val><Hash>6/oA2me/ndVfKRsEwj8dP0Sk6LA=</Hash><Pid>70145-701-0352281-57907</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults> 

  Spsys.log Content: 0x80070002

  Licensing Data-->
  CScript Error: Can't find script engine "VBScript" for script "C:\Windows\system32\slmgr.vbs".

  Windows Activation Technologies-->
  N/A

  HWID Data-->
  HWID Hash Current: OgAAAAEABgABAAEAAQABAAAAAwABAAEAJJRy+kzWIEd8D16rTBNCEEaDxnVYt/L00DZW4QaHrFYqhQ==

  OEM Activation 1.0 Data-->
  N/A

  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20000
  OEMID and OEMTableID Consistent: yes
  BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC   TOSINV  TOSINV00
    FACP   TOSINV  TOSINV00
    HPET   TOSINV  TOSINV00
    BOOT   TOSINV  TOSINV00
    MCFG   TOSINV  TOSINV00
    ASF!   TOSINV  TOSINV00
    SLIC   TOSINV  TOSINV00
    SSDT   PmRef  CpuPm

  Sunday, December 15, 2013 3:47 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  "CScript Error: Can't find script engine "VBScript" for script "C:\Windows\system32\slmgr.vbs"."

    CScript Error- Can't find script engine VBScript -alternate solution   should help.

  If not, please give the EXACT error messages you get when attempting the fix.   

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Sunday, December 15, 2013 11:02 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  I am unsure what to do :-( Iam not computer savvy

  Sunday, December 15, 2013 11:22 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  OK - I'll take it in easy steps :)

  First, let's have some of the history of this machine.

  Since it's a Toshiba, it probably shipped with an Anti-Virus already installed  - which one?

  What Anti-Virus is currently installed? (and what others have been installed in the meantime?)

  Please open an Elevated Command Prompt, and run the following commands...

  HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
  HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32
  HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32
  
  .
  

  Post the results in your reply.

    Here are some instructions to make life easier :)

  1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

  2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

  3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Sunday, December 15, 2013 11:52 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  My machine didnt have a antivirus when I bought it but ran one I got through our business. kapi something when that ran out I now run a windows free one.

  Sunday, December 15, 2013 12:40 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32

  Sunday, December 15, 2013 12:45 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Microsoft Windows [Version 6.0.6002]
  Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

  C:\Users\Belinda>HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer3
  2
  The system cannot find the path specified.

  C:\Users\Belinda>
  C:\Users\Belinda>HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer3
  2
  The system cannot find the path specified.

  C:\Users\Belinda>HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32

  The system cannot find the path specified.

  C:\Users\Belinda>

  Sunday, December 15, 2013 12:46 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  It sound like you may have had Kaspersky installed?

  If so, then follow the instructions here http://support.kaspersky.com/common/service.aspx?el=1464 before running the commands below.

  Once completed, please run these commands...

  REG QUERY HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
  REG QUERY HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32
  REG QUERY HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32
  
  .

  
  

  post the results.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  
  

  • Edited by Noel D PatonEditor Sunday, December 15, 2013 1:34 PM

  Sunday, December 15, 2013 1:33 PM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  Hi

  I did a year or so back.

  But now just run the free microsoft windows one.

  Sunday, December 15, 2013 1:36 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  All anti-virus programs tend to leave stuff behind when uninstalled using the built-in tools - please run the cleanup tool I pointed at, then the commands so we can see the effects.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Sunday, December 15, 2013 1:41 PM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  
  
  REG QUERY HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32

  Not sure what I have done wrong but nothing but the above will paste in here???
  
  

  Monday, December 16, 2013 12:24 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Microsoft Windows [Version 6.0.6002]
  Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

  C:\Users\Belinda>
  C:\Users\Belinda>REG QUERY HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Inp
  rocServer32

  HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
      (Default)    REG_SZ    C:\Windows\system32\vbscript.dll
      ThreadingModel    REG_SZ    Both

  
  C:\Users\Belinda>REG QUERY HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\Inp
  rocServer32

  HKEY_CLASSES_ROOT\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32
      (Default)    REG_SZ    C:\Windows\system32\vbscript.dll
      ThreadingModel    REG_SZ    Apartment

  
  C:\Users\Belinda>REG QUERY HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1
  .0\0\win32

  HKEY_CLASSES_ROOT\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32
      (Default)    REG_SZ    C:\Windows\system32\vbscript.dll\2

  
  C:\Users\Belinda>
  C:\Users\Belinda>
  C:\Users\Belinda>

  Monday, December 16, 2013 12:25 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  The forums did seem to be acting up a bit last night!

  That output is normal

  Try running the MGADiag tool again - post the new results.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Monday, December 16, 2013 8:12 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  Validation Status: Invalid License
  Validation Code: 50
  Cached Online Validation Code: N/A, hr = 0xc004f012
  Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
  Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
  Windows Product ID: 89578-OEM-7332157-00237
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.0.6002.2.00010300.2.0.003
  ID: {7509D39D-C287-4E95-AAFC-C2D8CB901A3C}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows Vista (TM) Home Premium
  Architecture: 0x00000000
  Build lab: 6002.vistasp2_gdr.130707-1535
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A

  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: 6.0.6002.16398

  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002

  OGA Notifications Data-->
  Cached Result: 100
  Version: 2.0.48.0
  OGAExec.exe Signed By: Microsoft
  OGAAddin.dll Signed By: Microsoft

  OGA Data-->
  Office Status: 100 Genuine
  Microsoft Office Professional Edition 2003 - 100 Genuine
  OGA Version: Registered, 2.0.48.0
  Signed By: Microsoft
  Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_FCEE394C-458-8007007e_025D1FF3-344-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

  Browser Data-->
  Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed

  File Scan Data-->

  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{7509D39D-C287-4E95-AAFC-C2D8CB901A3C}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-1261831544-69496413-3973043942</SID><SYSTEM/><BIOS/><HWID>0A313507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>1D91A574F08AD7A</Val><Hash>6/oA2me/ndVfKRsEwj8dP0Sk6LA=</Hash><Pid>70145-701-0352281-57907</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults> 

  Spsys.log Content: 0x80070002

  Licensing Data-->
  C:\Windows\system32\slmgr.vbs(2000, 5) Microsoft VBScript runtime error: Object required: 'g_objWMIService'

  Windows Activation Technologies-->
  N/A

  HWID Data-->
  HWID Hash Current: OgAAAAEABgABAAEAAQABAAAAAwABAAEAJJRy+kzWIEd8D16rTBNCEEaDxnVYt/L00DZW4QaHrFYqhQ==

  OEM Activation 1.0 Data-->
  N/A

  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20000
  OEMID and OEMTableID Consistent: yes
  BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC   TOSINV  TOSINV00
    FACP   TOSINV  TOSINV00
    HPET   TOSINV  TOSINV00
    BOOT   TOSINV  TOSINV00
    MCFG   TOSINV  TOSINV00
    ASF!   TOSINV  TOSINV00
    SLIC   TOSINV  TOSINV00
    SSDT   PmRef  CpuPm

  Monday, December 16, 2013 8:21 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Is this the product key that is underneath the laptop?
  Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F

  Cos when I looked underneath it is different to this..

  Monday, December 16, 2013 8:24 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Computers that come pre-installed with Windows from large manufacturers usually come with two Product Keys.

  OEM SLP: This is the key that came in Windows (from the factory). It works by connecting to a BIOS flag (the SLIC table) found only on  computers from that Manufacturer. It also checks for the existence of proper matching licenses in the OS itself. Once it sees both, it self-activates every time the machine is rebooted.

  COA SLP: This is the key seen on the sticker located on the side, bottom or in the battery compartment of your machine. This key is for use if the OEM SLP self-activation stops working for whatever reason.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Monday, December 16, 2013 10:02 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  Licensing Data-->
  C:\Windows\system32\slmgr.vbs(2000, 5) Microsoft VBScript runtime error: Object required: 'g_objWMIService'

  Now that's an error I know I've never seen before!

  I wonder if this indicates a problem with the WMI service (TrustedInstaller)?

  Please open an elevated Command Prompt, and run the following commands...

  SC QC TRUSTEDINSTALLER

  SC QUERYEX TRUSTEDINSTALLER

  SC SDSHOW TRUSTEDINSTALLER

  SC QSIDTYPE TRUSTEDINSTALLER

  SC QPRIVS TRUSTEDINSTALLER

  Post the results.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Monday, December 16, 2013 5:35 PM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  Microsoft Windows [Version 6.0.6002]
  Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

  C:\Users\Belinda>SC QC TRUSTEDINSTALLER
  [SC] QueryServiceConfig SUCCESS

  SERVICE_NAME: TRUSTEDINSTALLER
          TYPE               : 10  WIN32_OWN_PROCESS
          START_TYPE         : 3   DEMAND_START
          ERROR_CONTROL      : 1   NORMAL
          BINARY_PATH_NAME   : C:\Windows\servicing\TrustedInstaller.exe
          LOAD_ORDER_GROUP   : ProfSvc_Group
          TAG                : 0
          DISPLAY_NAME       : Windows Modules Installer
          DEPENDENCIES       :
          SERVICE_START_NAME : localSystem

  C:\Users\Belinda>SC QUERYEX TRUSTEDINSTALLER

  SERVICE_NAME: TRUSTEDINSTALLER
          TYPE               : 10  WIN32_OWN_PROCESS
          STATE              : 1  STOPPED
          WIN32_EXIT_CODE    : 1077  (0x435)
          SERVICE_EXIT_CODE  : 0  (0x0)
          CHECKPOINT         : 0x0
          WAIT_HINT          : 0x0
          PID                : 0
          FLAGS              :

  C:\Users\Belinda>SC SDSHOW TRUSTEDINSTALLER

  D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRRC;;;BA)(A;;CCLCSW
  LOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;SAFA;WDWO;;;BA)

  C:\Users\Belinda>SC QSIDTYPE TRUSTEDINSTALLER
  [SC] QueryServiceConfig2 SUCCESS

  SERVICE_NAME: TRUSTEDINSTALLER
  SERVICE_SID_TYPE:  UNRESTRICTED

  C:\Users\Belinda>SC QPRIVS TRUSTEDINSTALLER
  [SC] QueryServiceConfig2 SUCCESS

  SERVICE_NAME: TRUSTEDINSTALLER
          PRIVILEGES       :

  C:\Users\Belinda>
  C:\Users\Belinda>

  Tuesday, December 17, 2013 3:32 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  That all looks normal apart from the 'which indicates that the service hasn't even attempted to start since booting (very unusual!)

  Please download the Farbar Service Scanner from

  http://www.bleepingcomputer.com/download/farbar-service-scanner/

   

  Right-click on the saved file and select 'Run as Administrator', and tick all the options, then click on the Scan button - copy and paste the report to your response.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Tuesday, December 17, 2013 8:00 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  arbar Service Scanner Version: 05-12-2013
  Ran by Belinda (administrator) on 17-12-2013 at 16:10:48
  Running from "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03ZJSW64"
  Windows Vista (TM) Home Premium Service Pack 2 (X86)
  Boot Mode: Normal
  ****************************************************************

  Internet Services:
  ============

  Connection Status:
  ==============
  Localhost is accessible.
  LAN connected.
  Google IP is accessible.
  Google.com is accessible.
  Yahoo.com is accessible.
  IE proxy is enabled.
  ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110

  
  Windows Firewall:
  =============
  mpsdrv Service is not running. Checking service configuration:
  The start type of mpsdrv service is OK.
  The ImagePath of mpsdrv service is OK.

  MpsSvc Service is not running. Checking service configuration:
  Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
  Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
  Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
  Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

  bfe Service is not running. Checking service configuration:
  Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
  Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
  Unable to retrieve ServiceDll of bfe. The value does not exist.
  Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

  
  Firewall Disabled Policy:
  ==================
  "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

  
  System Restore:
  ============

  System Restore Disabled Policy:
  ========================

  
  Security Center:
  ============

  wscsvc Service is not running. Checking service configuration:
  Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
  Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
  Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
  Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

  Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

  
  Windows Update:
  ============

  Windows Autoupdate Disabled Policy:
  ============================

  
  Windows Defender:
  ==============
  WinDefend Service is not running. Checking service configuration:
  Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
  Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
  Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

  
  Windows Defender Disabled Policy:
  ==========================
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
  "DisableAntiSpyware"=DWORD:1

  
  Other Services:
  ==============
  Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
  Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
  Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

  Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
  Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
  Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
  Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

  
  File Check:
  ========
  C:\Windows\system32\nsisvc.dll => MD5 is legit
  C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
  C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
  C:\Windows\system32\Drivers\afd.sys => MD5 is legit
  C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
  C:\Windows\system32\Drivers\tcpip.sys
  [2013-08-15 07:56] - [2013-07-05 11:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

  C:\Windows\system32\dnsrslvr.dll => MD5 is legit
  C:\Windows\system32\mpssvc.dll => MD5 is legit
  C:\Windows\system32\bfe.dll => MD5 is legit
  C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
  C:\Windows\system32\SDRSVC.dll => MD5 is legit
  C:\Windows\system32\vssvc.exe => MD5 is legit
  C:\Windows\system32\wscsvc.dll => MD5 is legit
  C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
  C:\Windows\system32\wuaueng.dll => MD5 is legit
  C:\Windows\system32\qmgr.dll => MD5 is legit
  C:\Windows\system32\es.dll => MD5 is legit
  C:\Windows\system32\cryptsvc.dll => MD5 is legit
  C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
  C:\Windows\system32\ipnathlp.dll => MD5 is legit
  C:\Windows\system32\iphlpsvc.dll => MD5 is legit
  C:\Windows\system32\svchost.exe => MD5 is legit
  C:\Windows\system32\rpcss.dll => MD5 is legit

  
  **** End of log ****

  Tuesday, December 17, 2013 8:12 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  OUCH!

  You've obviously had some severe malware infection (ZeroAccess, probably)

  Download the removal tool from here... http://kb.eset.com/esetkb/index?page=content&id=SOLN2895 and follow the instructions.

  When complete, run the Farbar scanner again, and post the new results.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Tuesday, December 17, 2013 8:21 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  Yes I did a while back no idea where it came from but thought it had been resolved..

  will run and post, thanks

  Tuesday, December 17, 2013 8:24 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  
      ....................................
    ..::::::::::::::::::....................
    .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Sirefef
   .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.1.0.15
   .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Nov 14 2013
   .::EE:::::::::::::SS:.EE..........TT......
    .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright (c) ESET, spol. s r.o.
    ..::::::::::::::::::....................    1992-2013. All rights reserved.
      ....................................

  -------------------------------------------------------------------------------

  OS: 6.0.6002 SP2
  Product Type: Workstation
  WoW64: False
  Machine guid: 83150B16-E79F-4F37-973D-72866ADF8BA6

  -------------------------------------------------------------------------------
  Scanning for system infection...
  -------------------------------------------------------------------------------

  Threat Not Found
  You don't have Win32/Sirefef in your system.___________________ [Press Any Key]

  Tuesday, December 17, 2013 8:31 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Oh heck - we'll have to try and fix the service problems another way, then.

  Back later - I'm at work at the moment.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Tuesday, December 17, 2013 9:21 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  Ok thankyou,

  Tuesday, December 17, 2013 9:27 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Download the Windows Repair All-in-one tool from here http://www.tweaking.com/content/page/windows_repair_all_in_one.html

  Run is - UNSELECT all options, then select ONLY the 'Restore Important Windows Services' option, and run the tool.

  Follow any instructions - then reboot again, and run the Farbar Service Scanner again - pot the new log

  Then run the MGADiag tool again, and post that result.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Tuesday, December 17, 2013 4:25 PM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  Farbar Service Scanner Version: 05-12-2013
  Ran by Belinda (administrator) on 18-12-2013 at 14:02:51
  Running from "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54XKFW7G"
  Windows Vista (TM) Home Premium Service Pack 2 (X86)
  Boot Mode: Normal
  ****************************************************************

  Internet Services:
  ============

  Connection Status:
  ==============
  Localhost is accessible.
  LAN connected.
  Google IP is accessible.
  Google.com is accessible.
  Yahoo.com is accessible.
  IE proxy is enabled.
  ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110

  
  Windows Firewall:
  =============

  Firewall Disabled Policy:
  ==================

  
  System Restore:
  ============

  System Restore Disabled Policy:
  ========================

  
  Security Center:
  ============

  Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

  
  Windows Update:
  ============

  Windows Autoupdate Disabled Policy:
  ============================

  
  Windows Defender:
  ==============
  WinDefend Service is not running. Checking service configuration:
  The start type of WinDefend service is OK.
  The ImagePath of WinDefend service is OK.
  The ServiceDll of WinDefend service is OK.

  
  Windows Defender Disabled Policy:
  ==========================
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
  "DisableAntiSpyware"=DWORD:1

  
  Other Services:
  ==============

  
  File Check:
  ========
  C:\Windows\system32\nsisvc.dll => MD5 is legit
  C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
  C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
  C:\Windows\system32\Drivers\afd.sys => MD5 is legit
  C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
  C:\Windows\system32\Drivers\tcpip.sys
  [2013-08-15 07:56] - [2013-07-05 11:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

  C:\Windows\system32\dnsrslvr.dll => MD5 is legit
  C:\Windows\system32\mpssvc.dll => MD5 is legit
  C:\Windows\system32\bfe.dll => MD5 is legit
  C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
  C:\Windows\system32\SDRSVC.dll => MD5 is legit
  C:\Windows\system32\vssvc.exe => MD5 is legit
  C:\Windows\system32\wscsvc.dll => MD5 is legit
  C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
  C:\Windows\system32\wuaueng.dll => MD5 is legit
  C:\Windows\system32\qmgr.dll => MD5 is legit
  C:\Windows\system32\es.dll => MD5 is legit
  C:\Windows\system32\cryptsvc.dll => MD5 is legit
  C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
  C:\Windows\system32\ipnathlp.dll => MD5 is legit
  C:\Windows\system32\iphlpsvc.dll => MD5 is legit
  C:\Windows\system32\svchost.exe => MD5 is legit
  C:\Windows\system32\rpcss.dll => MD5 is legit

  
  **** End of log ****

  Wednesday, December 18, 2013 6:03 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  Validation Status: Invalid License
  Validation Code: 50
  Cached Online Validation Code: N/A, hr = 0xc004f012
  Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
  Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
  Windows Product ID: 89578-OEM-7332157-00237
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.0.6002.2.00010300.2.0.003
  ID: {7509D39D-C287-4E95-AAFC-C2D8CB901A3C}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows Vista (TM) Home Premium
  Architecture: 0x00000000
  Build lab: 6002.vistasp2_gdr.130707-1535
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A

  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: 6.0.6002.16398

  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002

  OGA Notifications Data-->
  Cached Result: 100
  Version: 2.0.48.0
  OGAExec.exe Signed By: Microsoft
  OGAAddin.dll Signed By: Microsoft

  OGA Data-->
  Office Status: 100 Genuine
  Microsoft Office Professional Edition 2003 - 100 Genuine
  OGA Version: Registered, 2.0.48.0
  Signed By: Microsoft
  Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_FCEE394C-458-8007007e_025D1FF3-344-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

  Browser Data-->
  Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed

  File Scan Data-->

  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{7509D39D-C287-4E95-AAFC-C2D8CB901A3C}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-1261831544-69496413-3973043942</SID><SYSTEM/><BIOS/><HWID>0A313507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>1D91A574F08AD7A</Val><Hash>6/oA2me/ndVfKRsEwj8dP0Sk6LA=</Hash><Pid>70145-701-0352281-57907</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults> 

  Spsys.log Content: 0x80070002

  Licensing Data-->
  C:\Windows\system32\slmgr.vbs(2000, 5) Microsoft VBScript runtime error: Object required: 'g_objWMIService'

  Windows Activation Technologies-->
  N/A

  HWID Data-->
  HWID Hash Current: OgAAAAEABgABAAEAAQABAAAAAwABAAEAJJRy+kzWIEd8D16rTBNCEEaDxnVYt/L00DZW4QaHrFYqhQ==

  OEM Activation 1.0 Data-->
  N/A

  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20000
  OEMID and OEMTableID Consistent: yes
  BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC   TOSINV  TOSINV00
    FACP   TOSINV  TOSINV00
    HPET   TOSINV  TOSINV00
    BOOT   TOSINV  TOSINV00
    MCFG   TOSINV  TOSINV00
    ASF!   TOSINV  TOSINV00
    SLIC   TOSINV  TOSINV00
    SSDT   PmRef  CpuPm

  Wednesday, December 18, 2013 6:06 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Well, we got the Windows Update services running again, at least :)

  The problem with the MGADiag report still remains, though.

  Please post the results to these commands

  NET START TRUSTEDINSTALLER

  SC QC TRUSTEDINSTALLER

  Open Event Viewer

  click on the Windows logs entry in the left pane to expand it.

  Now click on the Application entry - wait while it loads.

  Click on 'File' in the menu bar and select Save...

  Save the file as
  Appevt.evtx

  Repeat for the
  System log

  then zip both,
  and upload them to your Skydrive or other favoured fileshare site, and post a link.

  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Wednesday, December 18, 2013 9:17 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  in the file on menu bar there is nothing that says Save just options and exit..nothing in options to say save..

  Wednesday, December 18, 2013 9:25 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  plus i dont have a file share site not sure what you mean.

  Told you Im not computer savvy so sorry...you have been awesome helping me appreciate it so much.

  Wednesday, December 18, 2013 9:28 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Try this set of instructins instead...

  Please open Event Viewer (eventvwr.msc)

  In the left pane, navigate to the Windows Logs

  right-click on Applications and select 'Save all events as...' save as Apps.evtx

  repeat
  for the System logs - save as Sys.evtx

  Compress both files,

  You almost certainly have a SkyDrive account - visit http://skydrive.live.com and see

  If you install the tool, you can use it like another folder on your hard drive, and just copy files into it - for our purposes you would need to add the files to the Public subfolder, and then post a link to that folder from the site.

  
  

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Wednesday, December 18, 2013 9:40 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  I have put files in sky drive how do I get them here. I highlighted the address bar and copied into here but it wont let me send.. :-(

  bangs head!!!

  Wednesday, December 18, 2013 10:06 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  :)

  That's possibly this forum's anti-spam protection getting in the way.

  Copy the link into your reply, then change the 'http' at the front to 'hxxp'

  That will 'break' the link and allow the reply to be posted.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Wednesday, December 18, 2013 10:34 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  When I put in the link it comes up as "body txt cannot contain images or links until we are able to verify your account

  Wednesday, December 18, 2013 10:59 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  In that case copy the link to  Notepad, edit it there, and then copy the edited link to the reply :)

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Wednesday, December 18, 2013 11:28 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  https://skydrive.live.com/?mkt=en-AU&v=FirstRunView#cid=2FCF936706473570&id=2FCF936706473570%21133

  
  

  • Edited by Noel D PatonEditor Wednesday, December 18, 2013 12:24 PM fix link

  Wednesday, December 18, 2013 11:57 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Got 'em - well done!

  Back later after I've had a chance to digest them.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Wednesday, December 18, 2013 12:26 PM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  There are a huge number of update-related errors  - which is not surprising with the errors we've seen in the relevant services.

  It's likely that as a result, there will be file problems, so...

   run the SFC.

  SFC -System File Checker - Instructions

  Click on Start > All Programs > Accessories

  Right-click on the Command Prompt entry

  Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

  At the Command prompt, type

  SFC /SCANNOW

  and hit the Enter key

  Wait for the scan to finish - make a note of any error messages - and then reboot.

  Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive Public folder  and post a link to it so that I can take a look.

  Please download and save  the CheckSUR tool from http://support.microsoft.com/kb/947821

  (you'll need to look in the details for Windows 7, downloading from the Microsoft Download Center)

  Run it - The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on how much it has to do, and may exit silently - it may appear to freeze for most of that time, but be patient.

  The result is logged in the C:\Windows\Logs\CBS\CheckSUR.log file  - and an archive …\checksur.persist.log file

  Then zip the CheckSUR.log and upload it to your SkyDrive Public folder so I can take a look - post a link in your reply.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Wednesday, December 18, 2013 12:48 PM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  I will do this in the morning,

  its 9.15pm here.

  thanks for the help today

  cheers

  Wednesday, December 18, 2013 1:14 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  https://skydrive.live.com/#cid=2FCF936706473570&id=2FCF936706473570%21133

  
  

  • Edited by Noel D PatonEditor Thursday, December 19, 2013 7:53 AM fix link

  Thursday, December 19, 2013 6:46 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Interesting - in the two SFC scans you ran, the first found the following problem, and fixed it...

  	Line 21366: 2013-12-18 13:02:33, Info                  CSI    000001e6 [SR] Repairing 1 components
  	Line 21367: 2013-12-18 13:02:33, Info                  CSI    000001e7 [SR] Beginning Verify and Repair transaction
  	Line 21368: 2013-12-18 13:02:33, Info                  CSI    000001e8 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
  	Line 21369: 2013-12-18 13:02:33, Info                  CSI    000001e9 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
  

  The second confirmed that the fix had worked

  These two files are involved with the WMI services and may be either cause or effect.

  VERY interesting - here's the summary from the CheckSUR report...

  Summary:
  Seconds executed: 2366
   Found 12 errors
   Fixed 12 errors
    CSI Payload File Missing Total count: 12
    Fixed: CSI Payload File Missing.  Total count: 12
  
  Checking CoreOS key for repairing corruptions.
  Winner version: 6.0.6002.18971.
  Processor architecture: x86.
  Check key to be repaired: wcm://Microsoft-Windows-CoreOS?version=6.0.6002.18971&language=neutral&processorArchitecture=x86&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\elements\ComputerName
  Recreated value: @_type.
  Recreated value: @dataOnly.
  Recreated value: @default.
  Recreated value: @description.
  Recreated value: @displayName.
  Recreated value: @handler.
  Recreated value: @legacyName.
  Recreated value: @legacyType.
  Recreated value: @migrate.
  Recreated value: @scope.
  Recreated value: @xsd:type.
  
  

  I have never seen the 'CoreOS' section before in the 1000 or so CheckSUR logs I've read!

  It may explain some of the problems we've been having.

  Please run another MGADiag report and post it, and we'll see if anything has changed.

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Thursday, December 19, 2013 8:01 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  hxxps://skydrive.live.com/#cid=2FCF936706473570&id=2FCF936706473570%21133

  Thursday, December 19, 2013 8:05 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  Validation Status: Invalid License
  Validation Code: 50
  Cached Online Validation Code: N/A, hr = 0xc004f012
  Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
  Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
  Windows Product ID: 89578-OEM-7332157-00237
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.0.6002.2.00010300.2.0.003
  ID: {7509D39D-C287-4E95-AAFC-C2D8CB901A3C}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows Vista (TM) Home Premium
  Architecture: 0x00000000
  Build lab: 6002.vistasp2_gdr.130707-1535
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A

  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: 6.0.6002.16398

  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002

  OGA Notifications Data-->
  Cached Result: 100
  Version: 2.0.48.0
  OGAExec.exe Signed By: Microsoft
  OGAAddin.dll Signed By: Microsoft

  OGA Data-->
  Office Status: 100 Genuine
  Microsoft Office Professional Edition 2003 - 100 Genuine
  OGA Version: Registered, 2.0.48.0
  Signed By: Microsoft
  Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_FCEE394C-458-8007007e_025D1FF3-344-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

  Browser Data-->
  Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed

  File Scan Data-->

  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{7509D39D-C287-4E95-AAFC-C2D8CB901A3C}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-1261831544-69496413-3973043942</SID><SYSTEM/><BIOS/><HWID>0A313507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>1D91A574F08AD7A</Val><Hash>6/oA2me/ndVfKRsEwj8dP0Sk6LA=</Hash><Pid>70145-701-0352281-57907</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults> 

  Spsys.log Content: 0x80070002

  Licensing Data-->
  C:\Windows\system32\slmgr.vbs(2000, 5) Microsoft VBScript runtime error: Object required: 'g_objWMIService'

  Windows Activation Technologies-->
  N/A

  HWID Data-->
  HWID Hash Current: OgAAAAEABgABAAEAAQABAAAAAwABAAEAJJRy+kzWIEd8D16rTBNCEEaDxnVYt/L00DZW4QaHrFYqhQ==

  OEM Activation 1.0 Data-->
  N/A

  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20000
  OEMID and OEMTableID Consistent: yes
  BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC   TOSINV  TOSINV00
    FACP   TOSINV  TOSINV00
    HPET   TOSINV  TOSINV00
    BOOT   TOSINV  TOSINV00
    MCFG   TOSINV  TOSINV00
    ASF!   TOSINV  TOSINV00
    SLIC   TOSINV  TOSINV00
    SSDT   PmRef  CpuPm

  Thursday, December 19, 2013 8:12 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  That's still the same - I was hoping that the corrections we'd made would have at least changed the error message.

  Unfortunately, There's not a lot more I can do.

  There is stuff that can be done, but it doesn't really lend itself to being done in a forum context. (there's a relevant article in TechNet for one of your event viewer errors - which basically says 'phone MS and pay us to fix it for you').

  Your best option may be a repair install, as there are a number of outstanding issues. Unfortunately, a repair install of Vista isn't necessarily a simple matter.

  See the instructions here, and whether you think you're up to following them...

  http://www.vistax64.com/tutorials/88236-repair-install-vista.html

  If you want to have a go, then back up all data to external media first, and ask questions in the Vistax64 forum - they are friendly folk (I know - I'm one of them) :)

  If not, then I can understand. Your best options would then be to get a techie to do the job, or to use the computer's Recovery media to clean install from scratch.

  Sorry - but I think that's your best options at this point. :(

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  • Proposed as answer by Noel D PatonEditor Tuesday, December 24, 2013 9:33 AM
  • Marked as answer by Noel D PatonEditor Tuesday, December 31, 2013 10:24 AM

  Thursday, December 19, 2013 2:28 PM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  Thanks so much for your help, dont think I want to do a reinstall might just leave things as they are and look at buying a new laptop next year sometime.

  Friday, December 20, 2013 1:11 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  The situation shouldn't get any worse than it already is - if it does, then come back, and we'll see what we can do.

  Have a good Xmas and New Year!

  ---

  Noel Paton | Nil Carborundum Illegitemi

  CrashFixPC | The Three-toed Sloth

  No - I do not work for Microsoft, or any of its contractors.

  Friday, December 20, 2013 3:59 PM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  Report Chẩn đoán (1.9.0027.0):
  ---------------------------------------- -
  Windows Mã sản phẩm Windows: ***** - ***** - JQMWD-2QJRJ-RJ34F Khóa sản phẩm Windows (Windows Product Key) - Kiểm tra tính
  hợp lệ của
  sản phẩm -> Xác nhận hợp lệ -> Xác nhận Tình trạng: Xác minh Giấy phép Không hợp lệ Số : 50 Cached Xác nhận
  trực tuyến Mã số: N / A, hr = 0xc004f012 Hash: R8gPTEFMoOygFoot0 / uOoWMpz68 = Windows Product ID: 89578-OEM-7332157-00237 Windows Loại sản phẩm : 2 Windows Loại giấy phép: OEM SLP Phiên bản Hệ điều hành Windows: 6.0.6002.2.00010300.2.0.003 ID:(7509D39D-C287-4E95-AAFC-C2D8CB901A3C) (3) Có phải quản trị viên: Có TestCab: 0x0 LegitcheckControl ActiveX: N / A, hr = 0x80070002 Đăng ký bởi: N / A, hr = 0x80070002 Tên sản phẩm: Windows Vista (TM) Home Premium Kiến trúc: 0x00000000 Xây dựng phòng thí nghiệm: 6002.vistasp2_gdr.130707-1535 TTS Lỗi: Xác nhận Chẩn đoán: Nghị quyết Tình trạng: N / AXác định Chẩn đoán: Nghị quyết Tình trạng: N / AXác định Chẩn đoán: Nghị quyết Tình trạng: N / A
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  

  Dữ liệu Wgaer của Vista ->
  ThreatID: N / A, hr = 0x80070002
  Phiên bản: 6.0.6002.16398

  Dữ liệu Thông báo của Windows XP ->
  Kết quả Cached: N / A, hr = 0x80070002
  Tồn tại tệp: Không
  Phiên bản: N / A, hr = 0x80070002
  WgaTray.exe Đăng ký: N / A, hr = 0x80070002
  WgaLogon.dll Đã ký: N / A, hr = 0x80070002

  OGA Thông báo Dữ liệu ->
  Cached Kết quả: 100
  Phiên bản: 2.0.48.0
  OGAExec.exe Ký bởi: Microsoft
  OGAAddin.dll Ký bởi: Microsoft

  OGA Data ->
  Office Tình trạng: 100 chính hãng
  Microsoft Office Professional 2003 - 100 chính hãng
  OGA Phiên bản: Registered, 2.0.48.0
  Đã ký bởi: Chẩn đoán
  Office của Microsoft: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_FCEE394C-458-8007007e_025D1FF3 -344-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

  Dữ liệu Trình duyệt ->
  Cài đặt Proxy: http = 127.0.0.1: 16110; https = 127.0.0.1: 16110
  User Agent: Mozilla / 4.0 (tương thích, MSIE 8.0; Win32)
  Trình duyệt mặc định: C: \ Program Files \ Internet Explorer \ iexplore .exe
  Tải về ký kết các điều khiển ActiveX: Prompt
  Tải unsigned ActiveX controls: Disabled
  Chạy điều khiển ActiveX và plug-ins: Được phép
  Initialize và kịch bản điều khiển ActiveX không được đánh dấu là an toàn: Disabled
  phép kịch bản kiểm soát Internet Explorer WebBrowser: Disabled
  Active scripting: Được phép
  điều khiển ActiveX script Được đánh dấu là an toàn cho việc viết kịch bản: Được cho phép

  File Scan Data ->

  Các dữ liệu khác ->
  Chi tiết văn phòng: <GenuineResults> <MachineData> <UGUID> {7509D39D-C287-4E95-AAFC-C2D8CB901A3C} </ UGUID> <Version> 1.9.0027.0 </ Version> <OS> 6.0.6002.2.00010300.2 .0.003 </ OS> <Kiến trúc> x32 </ Kiến trúc> <PKey> ***** - ***** - ***** - ***** - RJ34F </ PKey> <PID> 89578 -OEM-7332157-00237 </ PID> <PIDType> 2 </ PIDType> <SID> S-1-5-21-1261831544-69496413-3973043942 </ SID> <SYSTEM /> <BIOS /> <HWID> 0A313507018400FA </ HWID> <UserLCID> 0C09 </ UserLCID> <SystemLCID> 0409 </ SystemLCID> <TimeZone> W. Giờ chuẩn của Úc (GMT + 08: 00) </ TimeZone> <iJoin> 0 </ iJoin> <SBID> <stat> 3 </ stat> <msppid> </ msppid> <tên> </ name> <model> </ Mô hình> < 

  Spsys.log Nội dung: 0x80070002

  Giấy phép dữ liệu ->
  C: \ Windows \ system32 \ slmgr.vbs (2000, 5) Microsoft VBScript runtime lỗi: Object yêu cầu: 'g_objWMIService'

  Công nghệ Kích hoạt Windows ->
  Không áp dụng

  Dữ liệu HWID ->
  Hash hiện tại Hash: OgAAAAEABgABAAEAAQABAAAAAwABAAEAJJRy + kzWIEd8D16rTBNCEEaDxnVYt / L00DZW4QaHrFYqhQ ==

  Dữ liệu Kích hoạt OEM 1.0 ->
  Không áp dụng

  Kích hoạt dữ liệu OEM 2.0 ->
  BIOS có hiệu lực đối với OA 2.0: Có Đánh
  dấu Windows phiên bản: 0x20000
  OEMID và OEMTableID Tuân thủ: Có Thông tin
  BIOS:
    ACPI Tên bảng Giá trị OEMID Giá OEMTableID
    APOS TOSINV TOSINV00
    FACP TOSINV00 HPOS
    TOSINV00
    TOSINV00 TOSINV00
    MCFG TOSINV TOSINV00
    ASF! TOSINV TOSINV00
    SLIC TOSINV TOSINV00
    SSDT PmRef CpuPm

  
  

  Monday, May 15, 2017 6:30 PM

  Reply

  |

  Quote