Answered by:
MGADiag results show damaged/tampered files after drive cloning

Question
-
Long story short, in November I installed a brand new 750Gb hard drive with Win7 Pro 64. Everything was great. It's a legit copy, via the Microsoft Developer Program my employer is part of.
In December, the weeks-old hard drive began to fail, so I quickly overnighted a new one and cloned the old drive to it. Everything seemed to go ok and Windows works and all. Somewhere in December or January though, I noticed that Windows no longer felt it was genuine. If I go through the Activate Windows process, it says it is fine. I can no longer run Windows Update and DRM media (Netflix streaming) won't play.
Recently, reading this forum, I learned of MGADiag and ran it. It showed the following errors:
Now, the questions is, how can I repair this and put things right? I tried a Repair Install of Win7 (installing as an Upgrade) to try to sort things out, but most of the way through the install it borks. It appears to be having trouble with the Intel Matrix Storage driver, but I'm not using RAID, and this is a laptop where I can't seem to access and IDE legacy settings. And Win7 installed fine the first time (clean), so i don't know what to make of it.
I could probably reformat and start over, but that would cost me weeks of downtime reinstalling all the apps and stuff on this, my main work machine, so I'd really like to fix things.
I also tried sfc /scannow but it was unable to repair some of the files. It produced a HUGE logfile, which I can provide if necessary.
I don't seem to have any System Restore Points old enough to use.
Any suggestions? Can I just get these files from another, similar machine and somehow drop them in safely? They all seems to be executable code and stock configuration data -- not something that is customized to my system.
Tuesday, March 1, 2011 6:16 PM
Answers
-
If you have a retail dvd try doing an upgrade in place (aka repair install). At the desktop insert the dvd and choose Install Now at the splash screen. Be sure to choose upgrade and not custom install of course. If you have already installed SP1 and/or IE9 remove those first. This is a long thread so if you have already done this, please ignore and consider a complete reinstall.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.- Marked as answer by Darin Smith MS Thursday, September 22, 2011 8:10 PM
Sunday, March 13, 2011 5:03 PMAnswerer -
I have already tried that. It fails after most of the upgrade install, apparently due to the Intel Matrix Storage drivers (though this is a single, non-RAID drive). Win7 installed fine initially, but now cannot do an upgrade install.
I'm considering a grade & pave, but I don't want to incur the downtime if I can avoid it. I was hoping this seemingly minor damage would be repairable. I guess I'll try replacing those tampered files with copies from a similar box, if nobody has any better suggestions (or reasons I shouldn't try that).
- Marked as answer by Darin Smith MS Thursday, September 22, 2011 8:10 PM
Monday, March 14, 2011 9:57 PM
All replies
-
"XenonOfArcticus" wrote in message news:8b0e1f3e-be0a-4c79-85cc-e09e70e8206f...
Long story short, in November I installed a brand new 750Gb hard drive with Win7 Pro 64. Everything was great. It's a legit copy, via the Microsoft Developer Program my employer is part of.
In December, the weeks-old hard drive began to fail, so I quickly overnighted a new one and cloned the old drive to it. Everything seemed to go ok and Windows works and all. Somewhere in December or January though, I noticed that Windows no longer felt it was genuine. If I go through the Activate Windows process, it says it is fine. I can no longer run Windows Update and DRM media (Netflix streaming) won't play.
Any suggestions? Can I just get these files from another, similar machine and somehow drop them in safely? They all seems to be executable code and stock configuration data -- not something that is customized to my system.
To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
Once saved, run the tool.
Click on the Continue button, which will produce the report.
To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked as answer by Darin Smith MS Friday, March 4, 2011 9:37 PM
- Unmarked as answer by Carey FrischMVP, Moderator Thursday, September 22, 2011 5:56 AM
Wednesday, March 2, 2011 5:04 AMModerator -
No reply from the Original Poster.
issue is assumed to be resolved.
Darin MSFriday, March 4, 2011 9:37 PM -
Here's the full text of the report:
Sorry, I didn't get the reply notification and only checked back today.
Monday, March 7, 2011 9:35 PM -
Use Edit/Paste or Cntl-V to paste it in your reply here. That enables those browsing the thread to easily follow the conversation.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.Monday, March 7, 2011 9:45 PMAnswerer -
Recently, reading this forum, I learned of MGADiag and ran it. It showed the following errors:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-V7BDW-4KB62-84BRJ
Windows Product Key Hash: zWa997xJp33A53XOQuAR9UtKF+8=
Windows Product ID: 00371-835-1779855-85469
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {7CF90B34-EC0E-4A9A-A5DD-989060FC8AA7}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Xenon\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7CF90B34-EC0E-4A9A-A5DD-989060FC8AA7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-84BRJ</PKey><PID>00371-835-1779855-85469</PID><PIDType>5</PIDType><SID>S-1-5-21-2193035935-2868144568-2015422590</SID><SYSTEM><Manufacturer>COMPAL </Manufacturer><Model>MIDERN</Model></SYSTEM><BIOS><Manufacturer>COMPAL </Manufacturer><Version>1.13</Version><SMBIOSVersion major="2" minor="5"/><Date>20090403000000.000000+000</Date></BIOS><HWID>E0B83607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>MIDERN</OEMID><OEMTableID>MIDERN</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-835-177985-00-1033-7600.0000-2852010
Installation ID: 015274216944541172757543055034134143814412846023641034
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 84BRJ
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 3/7/2011 2:32:23 PMWindows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 3:3:2011 08:27
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: NAAAAAEAAQABAAEAAQADAAAAAwABAAEA6GEEk+x/cEg8OmyTXA8t4tabnB//gwaeoklGyg==OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL CRESTLNE
FACP INTEL CRESTLNE
HPET MIDERN MIDERN
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC MIDERN MIDERN
APIC INTEL CRESTLNE
SSDT PmRef CpuPm
SSDT PmRef CpuPm
SSDT PmRef CpuPmTuesday, March 8, 2011 3:02 AM -
Colin, is that really you?
Chris Hanson, formerly of The Computer Room in Aurora in the early 90s.
Tuesday, March 8, 2011 9:00 PM -
Hi, Chris. Yeah, its me. Are you still doing preproduction work? Twenty years is a long time. I went on to work for the Colo. Dept. of Labor and Employment. Retired now. John Sr. passed away ten years or so ago and the CR is now long gone.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.Tuesday, March 8, 2011 9:24 PMAnswerer -
Well met, my friend.
I do graphics work, but of a different nature. Since leaving TCR in 94 I have written 3D graphics software, mostly highly realistic terrain-related, and now specializing in realtime graphics. Here are some of my companies I've founded:
Some of my more interesting work I can't show, but I've recently been working on this project:
http://www.youtube.com/user/earthscapedotcom
I know you know Bob Rakowski is gone many years, you may not know Frank Weed, a good friend of mine from the same era, passed away last November.
It's amazing how many old Amiga people are still out there doing cool stuff.
Tuesday, March 8, 2011 9:36 PM -
I still keep up with Amiga Forever out of Italy. The Amiga fanbase from the 80s are by today's standards truly geeks. A disproportionate percentage of them went into IT and programming. My last Amiga, a 1200, is still going, though at my sister's place in Texas. She runs it for nostalgia.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.Tuesday, March 8, 2011 10:11 PMAnswerer -
Anyway, trying to get on-topic now that I've met an old colleague, what should I do to get the ship back on course?
Is it sufficient to simply replaces these damaged/tampered files? Is the version quoted in the "File Scan Data" the version it's EXPECTING to see, or the version it found? If that's the version it's expecting, I could just go to another, similar Win7/64 box (like one of my fellow coders') and snag those files over, if they're the exact same version. I imagine they're protected at runtime, but I could probably use the Linux System Rescue CD to boot from a USB key, mount the NTFS and replace those files. I've had to do that to other folks' systems to remove particularly viciously-embedded malware.
Any advice?
Wednesday, March 9, 2011 3:15 AM -
I'm deferring to Darin Smith on the cause on this one. It might only be a corrupt license store but I'm not adept at that kind of issue.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.Wednesday, March 9, 2011 3:19 AMAnswerer -
Hello Xenon,
Based on the number of corrupted/tampered files and SFC not being able to fix, I would first vet the hardware setup. Does the laptop manufacturer have a hardware diagnostic that you can run (I know HP and Dell have them on disk [but since the oem disk was replaced it's likely not been transfered to the new disk] and on disc)? And it couldn't hurt to run the disk manufacturer's diagnostic as well.
Thursday, March 10, 2011 4:11 PM -
I'm not clear on what you're suggesting to "vet the hardware".
The machine seems to be otherwise stable. Hard disk SMART monitoring shows the current disk to be healthy.
This laptop (A Sager Midern NP2096) was originally shipped with Vista-64, which was an exercise in horror. It has run much better under Win7/64 since I installed it last fall.
I do not have any manufacturer-specific diagnostics, and they probably wouldn't know what to do with the current config, since when I went to Win7 I started over with a fresh new hard disk and installed a new OS to eliminate any remnants of the previous configuration.
I confess, I'm not a Win7 guru, and a "corrupt license store" is outside my ken. If anyone wants to point me in the direction of a meaningful reference on this, I can go educate myself perhaps.
Friday, March 11, 2011 12:19 AM -
Chris,
This is Darin Smith's (MSFT) standard recipe for fixing a corrupt license store. It is from (shortened)
" 2) Recreate Licensing Store
I also see indications that Windows 7 Licensing Store may be corrupt or unreadable for some reason. Follow the below steps to Recreate the Store.
1) Click Start button.
2) Type: CMD.exe into the 'Search programs and files' field
3) Right-Click on CMD.exe and select 'Run as Administrator'
4) Type: net stop sppsvc (It may ask you if you are sure, select yes)
Note: the Software Protection servive may not be running, this is ok.
5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
6) Type: rename tokens.dat tokens.bar
7) Type: cd %windir%\system32
8) Type: net start sppsvc
9) Type: slui.exe
10) After a couple of seconds Windows Activation dialog will appear. You may be asked to re-activate and/or re-enter your product key or Activation may occur automatically.
Thank you,
Darin MS"
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.Friday, March 11, 2011 12:36 AMAnswerer -
Thanks. I'm on it. Will followup with the result.Saturday, March 12, 2011 3:20 PM
-
Initial results are mixed. No WGA errors, but Windows Update still won't launch.
MGADiag still shows "tampered" files:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-V7BDW-4KB62-84BRJ
Windows Product Key Hash: zWa997xJp33A53XOQuAR9UtKF+8=
Windows Product ID: 00371-835-1779855-85469
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {7CF90B34-EC0E-4A9A-A5DD-989060FC8AA7}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Xenon\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7CF90B34-EC0E-4A9A-A5DD-989060FC8AA7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-84BRJ</PKey><PID>00371-835-1779855-85469</PID><PIDType>5</PIDType><SID>S-1-5-21-2193035935-2868144568-2015422590</SID><SYSTEM><Manufacturer>COMPAL </Manufacturer><Model>MIDERN</Model></SYSTEM><BIOS><Manufacturer>COMPAL </Manufacturer><Version>1.13</Version><SMBIOSVersion major="2" minor="5"/><Date>20090403000000.000000+000</Date></BIOS><HWID>E0B83607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>MIDERN</OEMID><OEMTableID>MIDERN</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-835-177985-00-1033-7600.0000-0712011
Installation ID: 015274216944541172757543055034134143814412846023641034
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 84BRJ
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 3/12/2011 10:29:28 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 3:10:2011 08:32
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: NAAAAAEAAQABAAEAAQADAAAAAwABAAEA6GEEk+x/cEg8OmyTXA8t4tabnB//gwaeoklGyg==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL CRESTLNE
FACP INTEL CRESTLNE
HPET MIDERN MIDERN
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC MIDERN MIDERN
APIC INTEL CRESTLNE
SSDT PmRef CpuPm
SSDT PmRef CpuPm
SSDT PmRef CpuPm
Sunday, March 13, 2011 4:29 AM -
This morning, I got the "not genuine" error again. Windows Update had finally launched, and was refusing to operate because the "service wasn't running".
So I think I need to investigate repairing the tampered file next. Any advice on this, or is there a different angle I should pursue?
Sunday, March 13, 2011 4:52 PM -
If you have a retail dvd try doing an upgrade in place (aka repair install). At the desktop insert the dvd and choose Install Now at the splash screen. Be sure to choose upgrade and not custom install of course. If you have already installed SP1 and/or IE9 remove those first. This is a long thread so if you have already done this, please ignore and consider a complete reinstall.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.- Marked as answer by Darin Smith MS Thursday, September 22, 2011 8:10 PM
Sunday, March 13, 2011 5:03 PMAnswerer -
I have already tried that. It fails after most of the upgrade install, apparently due to the Intel Matrix Storage drivers (though this is a single, non-RAID drive). Win7 installed fine initially, but now cannot do an upgrade install.
I'm considering a grade & pave, but I don't want to incur the downtime if I can avoid it. I was hoping this seemingly minor damage would be repairable. I guess I'll try replacing those tampered files with copies from a similar box, if nobody has any better suggestions (or reasons I shouldn't try that).
- Marked as answer by Darin Smith MS Thursday, September 22, 2011 8:10 PM
Monday, March 14, 2011 9:57 PM -
I've experienced this same sequence of events. I purchased a Sony Vaio with Windows 7 64 bit Home Premium about a year and a half ago. About a month ago I got a warning that the drive was failing and I backed up the drive with Acronis, swapped the drive out and restored. A few days later I got the first Windows not Genuine message. Windows Update fails to run and Indexing is shut down. I ran through all the same reporting and troubleshooting and nothing helped the issue. MGADiag, SFC, damaged license store fix, boot repair and an inplace upgrade. The inplace upgrade fails reporting that Windows 7 is incompatible with the hardware.
Did anyone find a fix for this? I'm about to bite the bullet and do a fresh load - wasting weeks of time. Help!
Steve I
Thursday, September 22, 2011 3:35 AM -
Please create your own post and paste in the results of your own MGA Report using the Microsoft Genuine Advantage Diagnostics Tool. Thank you!
Carey FrischThursday, September 22, 2011 3:38 AMModerator