locked
Geting the not genuine windows message RRS feed

  • Question

  • Am following the instructions at top of this post.  Any help will be greatly appreciated.   Here is the MGA diag:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-BYTQX-RQ74P-TCVH2
    Windows Product Key Hash: JiBoR16qP/D8JwoDqoVHtL4aOWg=
    Windows Product ID: 00371-154-7926632-85154
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {9D77CCB2-4F7F-4800-A675-FFA546E59DA9}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{9D77CCB2-4F7F-4800-A675-FFA546E59DA9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-TCVH2</PKey><PID>00371-154-7926632-85154</PID><PIDType>5</PIDType><SID>S-1-5-21-1571062330-2963691822-985478539</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>6459CTO</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7LETC6WW (2.26 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20090511000000.000000+000</Date></BIOS><HWID>FDF43B07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7L   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-792663-01-1033-7601.0000-1562012
    Installation ID: 006422051165083983557103322553824633374930727694646342
    Processor Certificate URL:
    Machine Certificate URL:
    Use License URL:
    Product Key Certificate URL:
    Partial Product Key: TCVH2
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 12/21/2012 8:52:54 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: NgAAAAEABgABAAEAAAABAAAAAgABAAEAeqiGTi3FGp+wVEaDLgiAhQAtTqdY0EYGOB0krEbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   LENOVO  TP-7L  
      FACP   LENOVO  TP-7L  
      HPET   LENOVO  TP-7L  
      BOOT   LENOVO  TP-7L  
      MCFG   LENOVO  TP-7L  
      SSDT   LENOVO  TP-7L  
      ECDT   LENOVO  TP-7L  
      TCPA   LENOVO  TP-7L  
      SLIC   LENOVO  TP-7L  
      ASF!   LENOVO  TP-7L  
      SSDT   LENOVO  TP-7L  
      SSDT   LENOVO  TP-7L  
      SSDT   LENOVO  TP-7L  
      SSDT   LENOVO  TP-7L  

    Saturday, December 22, 2012 2:59 AM

Answers

All replies

  • The common cause for these mismatches is a faulty Intel Rapid Storage Tech driver

    Download and install the latest version from...

    http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=2101&DwnldID=21730

    then run another MGADiag report and post the results.

    Saturday, December 22, 2012 3:18 AM
    Answerer
  • Here is the MGADiag.   The latest driver did not install.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-BYTQX-RQ74P-TCVH2
    Windows Product Key Hash: JiBoR16qP/D8JwoDqoVHtL4aOWg=
    Windows Product ID: 00371-154-7926632-85154
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {9D77CCB2-4F7F-4800-A675-FFA546E59DA9}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{9D77CCB2-4F7F-4800-A675-FFA546E59DA9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-TCVH2</PKey><PID>00371-154-7926632-85154</PID><PIDType>5</PIDType><SID>S-1-5-21-1571062330-2963691822-985478539</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>6459CTO</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7LETC6WW (2.26 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20090511000000.000000+000</Date></BIOS><HWID>FDF43B07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7L   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-792663-01-1033-7601.0000-1562012
    Installation ID: 006422051165083983557103322553824633374930727694646342
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: TCVH2
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 12/21/2012 9:39:19 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: NgAAAAEABgABAAEAAAABAAAAAgABAAEAeqiGTi3FGp+wVEaDLgiAhQAtTqdY0EYGOB0krEbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TP-7L   
      FACP            LENOVO        TP-7L   
      HPET            LENOVO        TP-7L   
      BOOT            LENOVO        TP-7L   
      MCFG            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      ECDT            LENOVO        TP-7L   
      TCPA            LENOVO        TP-7L   
      SLIC            LENOVO        TP-7L   
      ASF!            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   

    Saturday, December 22, 2012 3:42 AM
  • well that fixes 80% of these. this one usually fixes the others:

    Please run the
    following commands in an Elevated Command Prompt

    NET STOP CRYPTSVC

    REN C:\WINDOWS\SYSTEM32\CATROOT2 CAT2OLD

    NET START CRYPTSVC

    once complete, leave the system alone for at least an hour to rebuild
    the database, then reboot, and run another MGADiag report.

    Note that this will delete your Update History - but all updates will remain
    installed, and can be viewed in the Installed Updates listing.

    Saturday, December 22, 2012 4:02 AM
    Answerer
  • Ok tried that here is what I get:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>NET STOP CRYPTSVC
    The Cryptographic Services service is stopping..
    The Cryptographic Services service was stopped successfully.


    C:\Windows\system32>REN C:\WINDOWS\SYSTEM32\CATROOT2 CAT2OLD
    A duplicate file name exists, or the file
    cannot be found.

    C:\Windows\system32>NET START CRYPTSVC
    The Cryptographic Services service is starting.
    The Cryptographic Services service was started successfully.


    C:\Windows\system32>

    I am not trying to be difficult... honestly

    Saturday, December 22, 2012 4:03 PM
  • Not a problem - someone has obviously tried the fix before.

    Please run the following commands in an Elevated Command Prompt, which will either point up the error, or work around it.

    DIR C:\Windows\System32\catroot2
    NET STOP CRYPTSVC
    RD C:\Windows\System32\CAT2OLD
    REN C:\WINDOWS\SYSTEM32\CATROOT2 CAT2OLD
    NET START CRYPTSVC

    Post the results, and wait at least an hour, before rebooting and running an MGADiag report and posting that.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 22, 2012 7:17 PM
    Moderator
  • Here are the results:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>DIR C:\Windows\System32\catroot2
     Volume in drive C is SW_Preload
     Volume Serial Number is 3D68-20D0

     Directory of C:\Windows\System32\catroot2

    12/21/2012  11:34 PM    <DIR>          .
    12/21/2012  11:34 PM    <DIR>          ..
    12/22/2012  01:28 PM            94,391 dberr.txt
    12/21/2012  11:28 PM    <DIR>          {127D0A1D-4EF2-11D1-8608-00C04FC295EE}
    12/21/2012  11:34 PM    <DIR>          {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
                   1 File(s)         94,391 bytes
                   4 Dir(s)  340,915,494,912 bytes free

    C:\Windows\system32>NET STOP CRYPTSVC
    The Cryptographic Services service is stopping..
    The Cryptographic Services service was stopped successfully.


    C:\Windows\system32>RD C:\Windows\System32\CAT2OLD
    The directory is not empty.

    C:\Windows\system32>REN C:\WINDOWS\SYSTEM32\CATROOT2 CAT2OLD
    A duplicate file name exists, or the file
    cannot be found.

    C:\Windows\system32>NET START CRYPTSVC
    The Cryptographic Services service is starting.
    The Cryptographic Services service was started successfully.


    C:\Windows\system32>

    Saturday, December 22, 2012 7:36 PM
  • My fault! I for the recursion switch :(

    Please run the following commands in an Elevated Command Prompt, which will either point up the error, or work around it.

    DIR C:\Windows\System32\catroot2
    NET STOP CRYPTSVC
    RD C:\Windows\System32\CAT2OLD /S
    REN C:\WINDOWS\SYSTEM32\CATROOT2 CAT2OLD
    NET START CRYPTSVC

    Post the results, and wait at least an hour, before rebooting and running an MGADiag report and posting that.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 22, 2012 8:17 PM
    Moderator
  • OK ran the commands

     Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>DIR C:\Windows\System32\catroot2
     Volume in drive C is SW_Preload
     Volume Serial Number is 3D68-20D0

     Directory of C:\Windows\System32\catroot2

    12/21/2012  11:34 PM    <DIR>          .
    12/21/2012  11:34 PM    <DIR>          ..
    12/22/2012  02:21 PM            95,385 dberr.txt
    12/21/2012  11:28 PM    <DIR>          {127D0A1D-4EF2-11D1-8608-00C04FC295EE}
    12/21/2012  11:34 PM    <DIR>          {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
                   1 File(s)         95,385 bytes
                   4 Dir(s)  340,908,666,880 bytes free

    C:\Windows\system32>NET STOP CRYPTSVC
    The Cryptographic Services service is stopping..
    The Cryptographic Services service was stopped successfully.


    C:\Windows\system32>RD C:\Windows\System32\CAT2OLD /S
    C:\Windows\System32\CAT2OLD, Are you sure (Y/N)? y

    C:\Windows\system32>REN C:\WINDOWS\SYSTEM32\CATROOT2 CAT2OLD

    C:\Windows\system32>NET START CRYPTSVC
    The Cryptographic Services service is starting.
    The Cryptographic Services service was started successfully.


    C:\Windows\system32>

    Will wait an hour and post the MGADiag

    Saturday, December 22, 2012 8:28 PM
  • Ok here is the latest MGADiag:  hope this solves the problem

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-BYTQX-RQ74P-TCVH2
    Windows Product Key Hash: JiBoR16qP/D8JwoDqoVHtL4aOWg=
    Windows Product ID: 00371-154-7926632-85154
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {9D77CCB2-4F7F-4800-A675-FFA546E59DA9}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{9D77CCB2-4F7F-4800-A675-FFA546E59DA9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-TCVH2</PKey><PID>00371-154-7926632-85154</PID><PIDType>5</PIDType><SID>S-1-5-21-1571062330-2963691822-985478539</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>6459CTO</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7LETC6WW (2.26 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20090511000000.000000+000</Date></BIOS><HWID>FDF43B07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7L   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-792663-01-1033-7601.0000-1562012
    Installation ID: 006422051165083983557103322553824633374930727694646342
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: TCVH2
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 12/22/2012 3:36:19 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: NgAAAAEABgABAAEAAAABAAAAAgABAAEAeqiGTi3FGp+wVEaDLgiAhQAtTqdY0EYGOB0krEbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TP-7L   
      FACP            LENOVO        TP-7L   
      HPET            LENOVO        TP-7L   
      BOOT            LENOVO        TP-7L   
      MCFG            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      ECDT            LENOVO        TP-7L   
      TCPA            LENOVO        TP-7L   
      SLIC            LENOVO        TP-7L   
      ASF!            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   

    Saturday, December 22, 2012 9:39 PM
  • So far since reboot no messages have popped up.  Thanks so much for your help.
    Saturday, December 22, 2012 10:42 PM
  • They will, I'm afraid - no change.

    We'll have to try some other variants on the IRST drivers and see if they work magic.

    Try this one first, and we'll see what happens.

    http://support.lenovo.com/en_US/downloads/detail.page?DocID=DS003127


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 22, 2012 10:47 PM
    Moderator
  • OK downloaded and installed new driver.  Rebooted  Pop up has not come back...yet  Here is the new MGADiag.:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-BYTQX-RQ74P-TCVH2
    Windows Product Key Hash: JiBoR16qP/D8JwoDqoVHtL4aOWg=
    Windows Product ID: 00371-154-7926632-85154
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {9D77CCB2-4F7F-4800-A675-FFA546E59DA9}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{9D77CCB2-4F7F-4800-A675-FFA546E59DA9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-TCVH2</PKey><PID>00371-154-7926632-85154</PID><PIDType>5</PIDType><SID>S-1-5-21-1571062330-2963691822-985478539</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>6459CTO</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7LETC6WW (2.26 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20090511000000.000000+000</Date></BIOS><HWID>FDF43B07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7L   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-792663-01-1033-7601.0000-1562012
    Installation ID: 006422051165083983557103322553824633374930727694646342
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: TCVH2
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 12/22/2012 6:39:57 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: NgAAAAEABgABAAEAAAABAAAAAgABAAEAeqiGTi3FGp+wVEaDLgiAhQAtTqdY0EYGOB0krEbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TP-7L   
      FACP            LENOVO        TP-7L   
      HPET            LENOVO        TP-7L   
      BOOT            LENOVO        TP-7L   
      MCFG            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      ECDT            LENOVO        TP-7L   
      TCPA            LENOVO        TP-7L   
      SLIC            LENOVO        TP-7L   
      ASF!            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   

    Sunday, December 23, 2012 12:44 AM
  • The pop up message is back.   What's next?
    Monday, December 24, 2012 12:41 AM
  • To be honest - I don't know :(

    You've tried the two most common solutions to the problem, with no effect - so the problem has to be somewhere else.

    Since the problem relates to trust, it may be the results of broken system certificates, or of dll files becoming unregistered for some reason.

    Please download and save  the CheckSUR tool from http://support.microsoft.com/kb/947821

    (you'll need to look in the details for Method 2)

     

    Run it - The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on how much it has to do, and may exit silently - it may appear to freeze for most of that time, but be patient.

    The result is logged in the C:\Windows\Logs\CBS\CheckSUR.log file  - and an archive …\checksur.persist.log file

     

    Then zip the CheckSUR.log and upload it to your public SkyDrive so I can take a look - post a link in your reply.

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, December 24, 2012 9:55 AM
    Moderator
  • No good.  windows update standalone installer encountered an error:  0xc8000247
    Monday, December 24, 2012 10:38 PM
  • There seems to be a lot of these around this week - I'm beginning to suspect malware. :(

    Please download the Farbar Service Scanner from

     

    http://www.bleepingcomputer.com/download/farbar-service-scanner/

     

    Run it, and tick all the options, then click on the Scan button - copy and paste the report to your response.

     

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, December 24, 2012 10:55 PM
    Moderator
  • Ok here are the results:

    Farbar Service Scanner Version: 23-12-2012
    Ran by Danny (administrator) on 24-12-2012 at 18:04:08
    Running from "C:\Users\Danny\Downloads"
    Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    Tuesday, December 25, 2012 12:05 AM
  • Nothing too far amiss there - the Defender setting is probably from your AV

    What Anti-Virus and other Security software are you running?

    (Merry Chrstmas BTW - it's just gone Midnight here)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, December 25, 2012 12:10 AM
    Moderator
  • Merry Christmas      not midnight here yet

    I just run Microsoft security essentials  I just use my laptop mostly for storing pictures while out.  Use a little photoshop.  been online with it more trying to get this fixed. Mostly us my desk top unit fro web surfing and e-mail.   Not sure where this problem came from. 

    Tuesday, December 25, 2012 1:09 AM
  • Please run a full CHKDSK and SFC scan....

     

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    CHKDSK C: /R

     

    and hit the Enter key.

    You will be told that the drive is locked,

    and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

     

    The CHKDSK will take a few hours depending on the size of the drive, so be patient!

     

    After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) -

    then run the SFC.

     

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    SFC /SCANNOW

     

    and hit the Enter key

     

    Wait for the scan to finish - make a note of any error messages - and then reboot.

     

     

    Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive (http://skydrive.live.com ) and post a link to it so that I can take a look.

     

    Post a new MGADiag report with details of any error messages encountered.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, December 25, 2012 1:22 AM
    Moderator
  • Oh - and have you EVER had another AV installed on this machine? (including one pre-installed by the manufacturer but never activated) - - which ones?

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, December 25, 2012 1:23 AM
    Moderator
  • Sorry it took so long to get back to you.    I think the system came with Mcaffe never activated.  Original system purchased new from lenovo  had windows Vista Business 32 bit installed.  Upgraded the hard drive  got windows 7 Pro upgrade decided to install the 64 bit version after checking the windows upgrade adviser.  That was several months ago (6+)  No problems till this...  Oh by the way it will be midnight here in about a half hour Merry Christmas

    Tuesday, December 25, 2012 5:36 AM
  • Reformatting to install 64-bit would have removed all traces of the McAfee, which is what I was worried about - AV residuals can do funny things to a system!

    Post the results of the scans when you can - no hurry :)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, December 25, 2012 9:59 AM
    Moderator
  • I have ran the scan.  When it finished this is the message "Windows Resource Protection found corrupt files but was unable to fix some of them.  Details are included in the CBS.Log

    Here is the link https://skydrive.live.com/redir?resid=8FC848FFDC06246!105

    and here is the MGADiag:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-BYTQX-RQ74P-TCVH2
    Windows Product Key Hash: JiBoR16qP/D8JwoDqoVHtL4aOWg=
    Windows Product ID: 00371-154-7926632-85154
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {9D77CCB2-4F7F-4800-A675-FFA546E59DA9}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{9D77CCB2-4F7F-4800-A675-FFA546E59DA9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-TCVH2</PKey><PID>00371-154-7926632-85154</PID><PIDType>5</PIDType><SID>S-1-5-21-1571062330-2963691822-985478539</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>6459CTO</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7LETC6WW (2.26 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20090511000000.000000+000</Date></BIOS><HWID>FDF43B07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7L   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-792663-01-1033-7601.0000-1562012
    Installation ID: 006422051165083983557103322553824633374930727694646342
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: TCVH2
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 12/26/2012 7:30:44 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 12:25:2012 00:40
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: NgAAAAEABgABAAEAAAABAAAAAgABAAEAeqiGTi3FGp+wVEaDLgiAhQAtTqdY0EYGOB0krEbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TP-7L   
      FACP            LENOVO        TP-7L   
      HPET            LENOVO        TP-7L   
      BOOT            LENOVO        TP-7L   
      MCFG            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      ECDT            LENOVO        TP-7L   
      TCPA            LENOVO        TP-7L   
      SLIC            LENOVO        TP-7L   
      ASF!            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   

    Also I hope you had a good Christmas.

    Thursday, December 27, 2012 1:31 AM
  • Christmas was 'quiet' :)

    That log is clear -

    Please download and save  the CheckSUR tool from http://support.microsoft.com/kb/947821

    (you'll need to look in the details for Method 2)

     

    Run it - The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on how much it has to do, and may exit silently - it may appear to freeze for most of that time, but be patient.

    The result is logged in the C:\Windows\Logs\CBS\CheckSUR.log file  - and an archive …\checksur.persist.log file

     

    Then zip the CheckSUR.log and upload it to your public SkyDrive so I can take a look - post a link in your reply.

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, December 27, 2012 10:11 AM
    Moderator
  • Downloaded th CheckSUR tool.  Will not install.  Get this message:  Installer encountered an error:  0xc8000247.      Now what?

    Friday, December 28, 2012 2:16 AM
  • Aww, Heck!

    That probably means that the TrustedInstaller service is out of whack.

    Please run the following commands in an Elevated Command Prompt....

    NET START TRUSTEDINSTALLER

    SC QC TRUSTEDINSTALLER

    SC QUERYEX TRUSTEDINSTALLER

    post the results....

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, December 28, 2012 7:23 AM
    Moderator
  •  Sorry it took so long been gone all day.  Ok here are the results:  

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>NET START TRUSTEDINSTALLER
    The Windows Modules Installer service is starting.
    The Windows Modules Installer service was started successfully.


    C:\Windows\system32>
    C:\Windows\system32>SC QC TRUSTEDINSTALLER
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: TRUSTEDINSTALLER
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 3   DEMAND_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\servicing\TrustedInstaller.exe
            LOAD_ORDER_GROUP   : ProfSvc_Group
            TAG                : 0
            DISPLAY_NAME       : Windows Modules Installer
            DEPENDENCIES       :
            SERVICE_START_NAME : localSystem

    C:\Windows\system32>
    C:\Windows\system32>SC QUERYEX TRUSTEDINSTALLER

    SERVICE_NAME: TRUSTEDINSTALLER
            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 4  RUNNING
                                    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 4960
            FLAGS              :

    C:\Windows\system32>

    Friday, December 28, 2012 11:43 PM
  • That looks normal enough...

    The SoftwareDistribution folder may be the culprit, in that case...

    Open an Elevated Command Prompt, and run the following commands...

    net stop wuauserv
    ren %windir%\SoftwareDistribution\WuRedir WRold
    ren %windir%\SoftwareDistribution\DataStore DSold
    ren %windir%\SoftwareDistribution\Download Dold
    ren %windir%\SoftwareDistribution\SelfUpdate SUold
    net start wuauserv

    Wait 10 minutes and reboot, then try running the CheckSUR tool again.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 29, 2012 12:37 AM
    Moderator
  • Ran those commands waited 10 minutes rebooted ran the CheckSUR tool again same message:  Installer encountered an error: 0xc8000247

    However after the reboot the not genuine Windows message hasn't popped back up....yet

    Saturday, December 29, 2012 3:02 AM
  • Please post a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 29, 2012 9:01 AM
    Moderator
  • Yes it is back for another round of treatment.  Here is the  MGADiag:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-BYTQX-RQ74P-TCVH2
    Windows Product Key Hash: JiBoR16qP/D8JwoDqoVHtL4aOWg=
    Windows Product ID: 00371-154-7926632-85154
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {9D77CCB2-4F7F-4800-A675-FFA546E59DA9}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{9D77CCB2-4F7F-4800-A675-FFA546E59DA9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-TCVH2</PKey><PID>00371-154-7926632-85154</PID><PIDType>5</PIDType><SID>S-1-5-21-1571062330-2963691822-985478539</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>6459CTO</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7LETC6WW (2.26 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20090511000000.000000+000</Date></BIOS><HWID>FDF43B07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7L   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-154-792663-01-1033-7601.0000-1562012
    Installation ID: 006422051165083983557103322553824633374930727694646342
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: TCVH2
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 12/29/2012 8:32:45 AM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 12:25:2012 00:40
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: NgAAAAEABgABAAEAAAABAAAAAgABAAEAeqiGTi3FGp+wVEaDLgiAhQAtTqdY0EYGOB0krEbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TP-7L   
      FACP            LENOVO        TP-7L   
      HPET            LENOVO        TP-7L   
      BOOT            LENOVO        TP-7L   
      MCFG            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      ECDT            LENOVO        TP-7L   
      TCPA            LENOVO        TP-7L   
      SLIC            LENOVO        TP-7L   
      ASF!            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   
      SSDT            LENOVO        TP-7L   

    Saturday, December 29, 2012 2:33 PM
  • Please open an ELevated Command Prompt, and run the following command

    winmgmt /verifyrepository

    what happens? what response do you get?


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 29, 2012 5:01 PM
    Moderator
  • Here is what I got

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>winmgmt /verifyrepository
    WMI repository is consistent

    C:\Windows\system32>

    Saturday, December 29, 2012 5:19 PM
  • Heh! - unfortunately, that is one of those messages that begs the question - 'consistent with what?'  :)
    I really don't have the skills to analyse deeper than that.

    I can really only recommend at this point, either a repair install, or contacting WGA support direct for assistance.

    WGA Support can be found here

     

    North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4

     

    Outside North America: http://support.microsoft.com/contactus/?ws=support#tab0

     

    Please let us know if (and how) MS manage to repair the problem without a repair install of the OS - it would be useful for future reference!    


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 29, 2012 6:20 PM
    Moderator
  • Ok chatted with support online.  Will need to call phone support Monday.  The online agent said they should be able to take care of it no problem.   We'll see.  I will post again Monday to let you know the out come.  Have a good weekend
    Sunday, December 30, 2012 12:59 AM
  • Spent two hours with tech on phone support..  He is passing me on to advanced support  thinks it is a problem in the registry.  Will get back to me within 24hrs.  Keep you posted.
    Tuesday, January 1, 2013 3:14 AM
  • At least I didn't miss anything simple!

    Good luck.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, January 1, 2013 9:53 AM
    Moderator
  • No you didn't miss anything simple.  Was on with Microsoft tech support for 3 hours yesterday.  Tried several registry patches no success.  Tried a repair using the Windows CD...almost so close ran for 45 min. before it failed.   Got back on this evening with tech support did a clean install things seem ok.  Now starting the long process downloading updates will be reinstalling software tomorrow.  Not sure what caused the problem, wasn't a virus

    Thank you for your help.  Hope you have a good New Year.

    Thursday, January 3, 2013 3:44 AM
  • Ouch !! :(

    That's gotta hurt.

    Hope your year improves!

    Good luck.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, January 3, 2013 9:22 AM
    Moderator