Sign in
Microsoft.com
 
Microsoft
 
 
 

none
MGADiag results show damaged/tampered files after drive cloning RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Long story short, in November I installed a brand new 750Gb hard drive with Win7 Pro 64. Everything was great. It's a legit copy, via the Microsoft Developer Program my employer is part of.

    In December, the weeks-old hard drive began to fail, so I quickly overnighted a new one and cloned the old drive to it. Everything seemed to go ok and Windows works and all. Somewhere in December or January though, I noticed that Windows no longer felt it was genuine. If I go through the Activate Windows process, it says it is fine. I can no longer run Windows Update and DRM media (Netflix streaming) won't play. 

    Recently, reading this forum, I learned of MGADiag and ran it. It showed the following errors:

    http://pastebin.com/wfPNQWhe

     

    Now, the questions is, how can I repair this and put things right? I tried a Repair Install of Win7 (installing as an Upgrade) to try to sort things out, but most of the way through the install it borks. It appears to be having trouble with the Intel Matrix Storage driver, but I'm not using RAID, and this is a laptop where I can't seem to access and IDE legacy settings. And Win7 installed fine the first time (clean), so i don't know what to make of it.

     

    I could probably reformat and start over, but that would cost me weeks of downtime reinstalling all the apps and stuff on this, my main work machine, so I'd really like to fix things.

     

    I also tried sfc /scannow  but it was unable to repair some of the files. It produced a HUGE logfile, which I can provide if necessary.

     

    I don't seem to have any System Restore Points old enough to use.

     

    Any suggestions? Can I just get these files from another, similar machine and somehow drop them in safely? They all seems to be executable code and stock configuration data -- not something that is customized to my system.

    Tuesday, March 1, 2011 6:16 PM
    |

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    If you have a retail dvd try doing an upgrade in place (aka repair install).  At the desktop insert the dvd and choose Install Now at the splash screen.  Be sure to choose upgrade and not custom install of course.  If you have already installed SP1 and/or IE9 remove those first.  This is a long thread so if you have already done this, please ignore and consider a complete reinstall.
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    • Marked as answer by Darin Smith MS Thursday, September 22, 2011 8:10 PM
    Sunday, March 13, 2011 5:03 PM
    |
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote

    I have already tried that. It fails after most of the upgrade install, apparently due to the Intel Matrix Storage drivers (though this is a single, non-RAID drive). Win7 installed fine initially, but now cannot do an upgrade install.

     

    I'm considering a grade & pave, but I don't want to incur the downtime if I can avoid it. I was hoping this seemingly minor damage would be repairable. I guess I'll try replacing those tampered files with copies from a similar box, if nobody has any better suggestions (or reasons I shouldn't try that).

    • Marked as answer by Darin Smith MS Thursday, September 22, 2011 8:10 PM
    Monday, March 14, 2011 9:57 PM
    |

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    "XenonOfArcticus" wrote in message news:8b0e1f3e-be0a-4c79-85cc-e09e70e8206f...

    Long story short, in November I installed a brand new 750Gb hard drive with Win7 Pro 64. Everything was great. It's a legit copy, via the Microsoft Developer Program my employer is part of.

    In December, the weeks-old hard drive began to fail, so I quickly overnighted a new one and cloned the old drive to it. Everything seemed to go ok and Windows works and all. Somewhere in December or January though, I noticed that Windows no longer felt it was genuine. If I go through the Activate Windows process, it says it is fine. I can no longer run Windows Update and DRM media (Netflix streaming) won't play. 

     

     

    Any suggestions? Can I just get these files from another, similar machine and somehow drop them in safely? They all seems to be executable code and stock configuration data -- not something that is customized to my system.


    To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
    Once saved, run the tool.
    Click on the Continue button, which will produce the report.
    To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
     

    --

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, March 2, 2011 5:04 AM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    No reply from the Original Poster.

    issue is assumed to be resolved.

    Darin MS
    Friday, March 4, 2011 9:37 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Here's the full text of the report:

     

    http://pastebin.com/UrVdSuuf

     

    Sorry, I didn't get the reply notification and only checked back today.

    Monday, March 7, 2011 9:35 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    Use Edit/Paste or Cntl-V to paste it in your reply here.  That enables those browsing the thread to easily follow the conversation.
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Monday, March 7, 2011 9:45 PM
    |
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote

    Recently, reading this forum, I learned of MGADiag and ran it. It showed the following errors:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-V7BDW-4KB62-84BRJ
    Windows Product Key Hash: zWa997xJp33A53XOQuAR9UtKF+8=
    Windows Product ID: 00371-835-1779855-85469
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {7CF90B34-EC0E-4A9A-A5DD-989060FC8AA7}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\Xenon\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7CF90B34-EC0E-4A9A-A5DD-989060FC8AA7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-84BRJ</PKey><PID>00371-835-1779855-85469</PID><PIDType>5</PIDType><SID>S-1-5-21-2193035935-2868144568-2015422590</SID><SYSTEM><Manufacturer>COMPAL          </Manufacturer><Model>MIDERN</Model></SYSTEM><BIOS><Manufacturer>COMPAL          </Manufacturer><Version>1.13</Version><SMBIOSVersion major="2" minor="5"/><Date>20090403000000.000000+000</Date></BIOS><HWID>E0B83607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>MIDERN</OEMID><OEMTableID>MIDERN</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-835-177985-00-1033-7600.0000-2852010
    Installation ID: 015274216944541172757543055034134143814412846023641034
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 84BRJ
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 3/7/2011 2:32:23 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 3:3:2011 08:27
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: NAAAAAEAAQABAAEAAQADAAAAAwABAAEA6GEEk+x/cEg8OmyTXA8t4tabnB//gwaeoklGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   INTEL   CRESTLNE
      FACP   INTEL   CRESTLNE
      HPET   MIDERN  MIDERN
      BOOT   PTLTD   $SBFTBL$
      MCFG   INTEL   CRESTLNE
      SLIC   MIDERN  MIDERN
      APIC   INTEL   CRESTLNE
      SSDT   PmRef  CpuPm
      SSDT   PmRef  CpuPm
      SSDT   PmRef  CpuPm

    I have copied and pasted a copy of the OP's report.  He posted it as a file on a file sharing site.
    Tuesday, March 8, 2011 3:02 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Colin, is that really you?

     

    Chris Hanson, formerly of The Computer Room in Aurora in the early 90s.

    Tuesday, March 8, 2011 9:00 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi, Chris.  Yeah, its me.  Are you still doing preproduction work?  Twenty years is a long time.  I went on to work for the Colo. Dept. of Labor and Employment.  Retired now.  John Sr. passed away ten years or so ago and the CR is now long gone. 
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Tuesday, March 8, 2011 9:24 PM
    |
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote

    Well met, my friend.

     

    I do graphics work, but of a different nature. Since leaving TCR in 94 I have written 3D graphics software, mostly highly realistic terrain-related, and now specializing in realtime graphics. Here are some of my companies I've founded:

    http://alphapixel.com/

    http://3dnature.com/

     

    Some of my more interesting work I can't show, but I've recently been working on this project:

    http://www.youtube.com/user/earthscapedotcom

     

    I know you know Bob Rakowski is gone many years, you may not know Frank Weed, a good friend of mine from the same era, passed away last November.

     

    It's amazing how many old Amiga people are still out there doing cool stuff.

    Tuesday, March 8, 2011 9:36 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    I still keep up with Amiga Forever out of Italy.  The Amiga fanbase from the 80s are by today's standards truly geeks.  A disproportionate percentage of them went into IT and programming.  My last Amiga, a 1200, is still going, though at my sister's place in Texas.  She runs it for nostalgia. 
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Tuesday, March 8, 2011 10:11 PM
    |
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote

    Anyway, trying to get on-topic now that I've met an old colleague, what should I do to get the ship back on course?

    Is it sufficient to simply replaces these damaged/tampered files? Is the version quoted in the "File Scan Data" the version it's EXPECTING to see, or the version it found? If that's the version it's expecting, I could just go to another, similar Win7/64 box (like one of my fellow coders') and snag those files over, if they're the exact same version. I imagine they're protected at runtime, but I could probably use the Linux System Rescue CD to boot from a USB key, mount the NTFS and replace those files. I've had to do that to other folks' systems to remove particularly viciously-embedded malware.

    Any advice?

    Wednesday, March 9, 2011 3:15 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    I'm deferring to Darin Smith on the cause on this one.  It might only be a corrupt license store but I'm not adept at that kind of issue.

    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Wednesday, March 9, 2011 3:19 AM
    |
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Xenon,

    Based on the number of corrupted/tampered files and SFC not being able to fix, I would first vet the hardware setup.  Does the laptop manufacturer have a hardware diagnostic that you can run (I know HP and Dell have them on disk [but since the oem disk was replaced it's likely not been transfered to the new disk] and on disc)?  And it couldn't hurt to run the disk manufacturer's diagnostic as well.

    Thursday, March 10, 2011 4:11 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    I'm not clear on what you're suggesting to "vet the hardware".

     

    The machine seems to be otherwise stable. Hard disk SMART monitoring shows the current disk to be healthy.

     

    This laptop (A Sager Midern NP2096) was originally shipped with Vista-64, which was an exercise in horror. It has run much better under Win7/64 since I installed it last fall.

     

    I do not have any manufacturer-specific diagnostics, and they probably wouldn't know what to do with the current config, since when I went to Win7 I started over with a fresh new hard disk and installed a new OS to eliminate any remnants of the previous configuration.

     

    I confess, I'm not a Win7 guru, and a "corrupt license store" is outside my ken.  If anyone wants to point me in the direction of a meaningful reference on this, I can go educate myself perhaps.

    Friday, March 11, 2011 12:19 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Chris,

    This is Darin Smith's (MSFT) standard recipe for fixing a corrupt license store.  It is from (shortened)

    http://bit.ly/i2nUwb 

    2) Recreate Licensing Store

    I also see indications that Windows 7 Licensing Store may be corrupt or unreadable for some reason.  Follow the below steps to Recreate the Store.

    1) Click Start button.
    2) Type: CMD.exe into the 'Search programs and files' field
    3) Right-Click on CMD.exe and select 'Run as Administrator'
    4) Type: net stop sppsvc   (It may ask you if you are sure, select yes)
    Note: the Software Protection servive may not be running, this is ok.
    5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
    6) Type: rename tokens.dat tokens.bar
    7) Type: cd %windir%\system32
    8) Type: net start sppsvc
    9) Type: slui.exe
    10) After a couple of seconds Windows Activation dialog will appear. You may be asked to re-activate and/or re-enter your product key or Activation may occur automatically.


    Thank you,
    Darin MS"

    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Friday, March 11, 2011 12:36 AM
    |
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks. I'm on it. Will followup with the result.
    Saturday, March 12, 2011 3:20 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Initial results are mixed. No WGA errors, but Windows Update still won't launch.

     

    MGADiag still shows "tampered" files:

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE21

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-V7BDW-4KB62-84BRJ

    Windows Product Key Hash: zWa997xJp33A53XOQuAR9UtKF+8=

    Windows Product ID: 00371-835-1779855-85469

    Windows Product ID Type: 5

    Windows License Type: Retail

    Windows OS version: 6.1.7600.2.00010100.0.0.048

    ID: {7CF90B34-EC0E-4A9A-A5DD-989060FC8AA7}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Professional

    Architecture: 0x00000009

    Build lab: 7600.win7_gdr.100618-1621

    TTS Error: 

    Validation Diagnostic: 

    Resolution Status: N/A

     

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

     

    OGA Data-->

    Office Status: 109 N/A

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Users\Xenon\AppData\Local\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003

    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100

    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{7CF90B34-EC0E-4A9A-A5DD-989060FC8AA7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-84BRJ</PKey><PID>00371-835-1779855-85469</PID><PIDType>5</PIDType><SID>S-1-5-21-2193035935-2868144568-2015422590</SID><SYSTEM><Manufacturer>COMPAL          </Manufacturer><Model>MIDERN</Model></SYSTEM><BIOS><Manufacturer>COMPAL          </Manufacturer><Version>1.13</Version><SMBIOSVersion major="2" minor="5"/><Date>20090403000000.000000+000</Date></BIOS><HWID>E0B83607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>MIDERN</OEMID><OEMTableID>MIDERN</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

     

    Spsys.log Content: 0x80070002

     

    Licensing Data-->

    Software licensing service version: 6.1.7600.16385

     

    Name: Windows(R) 7, Professional edition

    Description: Windows Operating System - Windows(R) 7, RETAIL channel

    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 00371-00170-835-177985-00-1033-7600.0000-0712011

    Installation ID: 015274216944541172757543055034134143814412846023641034

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

    Partial Product Key: 84BRJ

    License Status: Licensed

    Remaining Windows rearm count: 3

    Trusted time: 3/12/2011 10:29:28 PM

     

    Windows Activation Technologies-->

    HrOffline: 0x8004FE21

    HrOnline: N/A

    HealthStatus: 0x000000000001EFF0

    Event Time Stamp: 3:10:2011 08:32

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered File: %systemroot%\system32\sppobjs.dll

    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui

    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui

    Tampered File: %systemroot%\system32\sppwinob.dll

    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui

    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui

    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui

    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui

    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui

    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui

    Tampered File: %systemroot%\system32\drivers\spsys.sys

     

     

    HWID Data-->

    HWID Hash Current: NAAAAAEAAQABAAEAAQADAAAAAwABAAEA6GEEk+x/cEg8OmyTXA8t4tabnB//gwaeoklGyg==

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information: 

      ACPI Table Name OEMID Value OEMTableID Value

      APIC INTEL CRESTLNE

      FACP INTEL CRESTLNE

      HPET MIDERN MIDERN

      BOOT PTLTD $SBFTBL$

      MCFG INTEL CRESTLNE

      SLIC MIDERN MIDERN

      APIC INTEL CRESTLNE

      SSDT PmRef CpuPm

      SSDT PmRef CpuPm

      SSDT PmRef CpuPm

     

     

    Sunday, March 13, 2011 4:29 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    This morning, I got the "not genuine" error again. Windows Update had finally launched, and was refusing to operate because the "service wasn't running".

     

    So I think I need to investigate repairing the tampered file next. Any advice on this, or is there a different angle I should pursue?

    Sunday, March 13, 2011 4:52 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    If you have a retail dvd try doing an upgrade in place (aka repair install).  At the desktop insert the dvd and choose Install Now at the splash screen.  Be sure to choose upgrade and not custom install of course.  If you have already installed SP1 and/or IE9 remove those first.  This is a long thread so if you have already done this, please ignore and consider a complete reinstall.
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    • Marked as answer by Darin Smith MS Thursday, September 22, 2011 8:10 PM
    Sunday, March 13, 2011 5:03 PM
    |
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote

    I have already tried that. It fails after most of the upgrade install, apparently due to the Intel Matrix Storage drivers (though this is a single, non-RAID drive). Win7 installed fine initially, but now cannot do an upgrade install.

     

    I'm considering a grade & pave, but I don't want to incur the downtime if I can avoid it. I was hoping this seemingly minor damage would be repairable. I guess I'll try replacing those tampered files with copies from a similar box, if nobody has any better suggestions (or reasons I shouldn't try that).

    • Marked as answer by Darin Smith MS Thursday, September 22, 2011 8:10 PM
    Monday, March 14, 2011 9:57 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    I've experienced this same sequence of events.  I purchased a Sony Vaio with Windows 7 64 bit Home Premium about a year and a half ago.  About a month ago I got a warning that the drive was failing and I backed up the drive with Acronis, swapped the drive out and restored.  A few days later I got the first Windows not Genuine message.  Windows Update fails to run and Indexing is shut down.  I ran through all the same reporting and troubleshooting and nothing helped the issue.  MGADiag, SFC, damaged license store fix, boot repair and an inplace upgrade.  The inplace upgrade fails reporting that Windows 7 is incompatible with the hardware.   

    Did anyone find a fix for this?  I'm about to bite the bullet and do a fresh load - wasting weeks of time.  Help!

    Steve I

    Thursday, September 22, 2011 3:35 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    Please create your own post and paste in the results of your own MGA Report using the  Microsoft Genuine Advantage Diagnostics Tool.  Thank you!
    Carey Frisch
    Thursday, September 22, 2011 3:38 AM
    |
    Moderator