Answered by:
Windows Update cannot download updates or its own update

Question
-
When I try to run Windows Update on my Windows 7 x64 sytem it always tries to download an update for Windows Update and gets an error 8E5E0408.
I've repaired the catdb - esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
C:\Windows\SoftwareDistribution\DataStore\Logs>esentutl /p %systemroot%\System32
\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.1
Copyright (C) Microsoft Corporation. All Rights Reserved.
Initiating REPAIR mode...
Database: C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC2
95EE}\catdb
Temp. Database: TEMPREPAIR10036.EDB
Checking database integrity.
Scanning Status (% complete)
0 10 20 30 40 50 60 70 80 90 100
|----|----|----|----|----|----|----|----|----|----|
...................................................
Integrity check successful.
Note:
It is recommended that you immediately perform a full backup
of this database. If you restore a backup made before the
repair, the database will be rolled back to the state
it was in at the time of that backup.
Operation completed successfully in 8.955 seconds.
C:\Windows\SoftwareDistribution\DataStore\Logs>I've upgraded the Intel Matrix drivers to the newest Rapid Storage ones - 11.0.0.1032 dated 11/29/2011
I've backout the current Nvidia drivers then installed the newest ones - 8.17.13.142 dated 5/15/2012
I ran MGADiag:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-FW96H-4MCY6-GCR9X
Windows Product Key Hash: 9ojg615B47gwSV/6TocnREVRbpo=
Windows Product ID: 00359-OEM-8882315-74886
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {B4442742-094B-4429-8BE3-FA701F21406F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.120401-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Visio Professional 2003 - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B4442742-094B-4429-8BE3-FA701F21406F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-GCR9X</PKey><PID>00359-OEM-8882315-74886</PID><PIDType>3</PIDType><SID>S-1-5-21-3374648259-2182146028-1755583090</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>FX6801</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>R01-B0</Version><SMBIOSVersion major="2" minor="5"/><Date>20090519000000.000000+000</Date></BIOS><HWID>E5B80600018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91510409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2003</Name><Ver>11</Ver><Val>9F9A3FA9B774DA2</Val><Hash>UEkPEG69EfrohK7ExiJ/0LwlKjo=</Hash><Pid>72085-721-0281514-55458</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>9BFC1D6CD5A9EAC</Val><Hash>2bFZ8nvsqURL58SBwus6vAtjsYk=</Hash><Pid>81599-854-6528304-65835</Pid><PidType>1</PidType></Product></Products><Applications><App Id="51" Version="11" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 9f83d90f-a151-4665-ae69-30b3f63ec659
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00176-823-174886-02-1033-7600.0000-3292009
Installation ID: 011506139232771895570250840750262046832804198696858790
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: GCR9X
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 8/18/2012 9:58:07 AM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 8:15:2012 17:46
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MAAAAAIAAgABAAEAAQABAAAAAQABAAEAvOn6G9b/3o0IhYD9RpSofBCRKrT+ceqC
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1522
FACP ACRSYS FACP1522
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1522
SSDT DpgPmm CpuPm
I also backed out SP 1 per instructions in another post on this problem and when I try to reinstall it (I have two different downloads for the installation) one always tries to run Windows Update and always fails, the other gets to the last steps of the installation (after 2+ hours) and says it is not compatible with my hardware. One installation is X15-65733.iso the other is X17-58997.iso.Any suggestions on what to try next?
Sunday, August 19, 2012 1:59 AM
Answers
-
It went downhill last night so I reinstalled Windows 7 SP 1 from scratch. I did run a number of malware scans and none found anything. Tonight I'll start reinstalling all my apps. That should keep me busy for the next 3-4 nights.
- Proposed as answer by Noel D PatonModerator Sunday, September 9, 2012 2:40 PM
- Marked as answer by Noel D PatonModerator Sunday, September 16, 2012 9:50 AM
Wednesday, August 22, 2012 8:35 PM
All replies
-
The latest IRST drivers are actually dated June 2012 - try them instead...
http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=2101&DwnldID=21730
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, August 19, 2012 5:23 AMModerator -
no luck...same error after installing these drivers.Sunday, August 19, 2012 1:45 PM
-
OK -
try this.
Open Windows Explorer and navigate to the C:\Windows\System32 folder. find the Catroot2 folder there, and right-click on it - select Properties.
In the General tab, clear the box beside 'Read-only (Only.....' by clicking in it until it's empty (it cycles around three values)
Click Apply.
Accept any warnings that come up - if you get a 'Ignore/Ignore All/Try again' option, pick 'Ignore all'
Once complete (may be almost instantaneous),
reboot, and run another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, August 19, 2012 1:46 PMModerator -
Still same error running windows update.
MGADiag after reboot:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-FW96H-4MCY6-GCR9X
Windows Product Key Hash: 9ojg615B47gwSV/6TocnREVRbpo=
Windows Product ID: 00359-OEM-8882315-74886
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {B4442742-094B-4429-8BE3-FA701F21406F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.120401-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Visio Professional 2003 - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B4442742-094B-4429-8BE3-FA701F21406F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-GCR9X</PKey><PID>00359-OEM-8882315-74886</PID><PIDType>3</PIDType><SID>S-1-5-21-3374648259-2182146028-1755583090</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>FX6801</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>R01-B0</Version><SMBIOSVersion major="2" minor="5"/><Date>20090519000000.000000+000</Date></BIOS><HWID>E5B80600018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91510409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2003</Name><Ver>11</Ver><Val>9F9A3FA9B774DA2</Val><Hash>UEkPEG69EfrohK7ExiJ/0LwlKjo=</Hash><Pid>72085-721-0281514-55458</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>9BFC1D6CD5A9EAC</Val><Hash>2bFZ8nvsqURL58SBwus6vAtjsYk=</Hash><Pid>81599-854-6528304-65835</Pid><PidType>1</PidType></Product></Products><Applications><App Id="51" Version="11" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 9f83d90f-a151-4665-ae69-30b3f63ec659
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00176-823-174886-02-1033-7600.0000-3292009
Installation ID: 011506139232771895570250840750262046832804198696858790
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: GCR9X
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 8/19/2012 11:05:33 AM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 8:18:2012 23:02
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MAAAAAIAAgABAAEAAQABAAAAAQABAAEAvOn6G9b/3o0IhYD9RpSofBCRKrT+ceqC
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1522
FACP ACRSYS FACP1522
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1522
SSDT DpgPmm CpuPm
Sunday, August 19, 2012 4:15 PM -
Now for the sledgehammer approach :)
please open an Elevated Command Prompt Window, and run the following commands....
NET STOP CRYPTSVC
REN C:\Windows\System32\Catroot2 Catroot2old
NET START CRYPTSVC
copy and paste the results to your reply, and then reboot and post a new MGADiag report.
Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Windows, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, August 19, 2012 5:05 PMModerator -
Here is the output. One thing I did try - I compared a couple of the files that it thinks have been tampered with and they exactly match what is on one of the installation CDs. Does that mean Windows thinks they have been tampered with when, in fact, they have not been tampered with?
C:\Windows\system32>NET STOP CRYPTSVC
The Cryptographic Services service is stopping.....
The Cryptographic Services service was stopped successfully.
C:\Windows\system32>REN C:\Windows\System32\Catroot2 Catroot2old
C:\Windows\system32>NET START CRYPTSVC
The Cryptographic Services service is starting.
The Cryptographic Services service was started successfully.
C:\Windows\system32>MGADiag:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-FW96H-4MCY6-GCR9X
Windows Product Key Hash: 9ojg615B47gwSV/6TocnREVRbpo=
Windows Product ID: 00359-OEM-8882315-74886
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {B4442742-094B-4429-8BE3-FA701F21406F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.120401-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Visio Professional 2003 - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B4442742-094B-4429-8BE3-FA701F21406F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-GCR9X</PKey><PID>00359-OEM-8882315-74886</PID><PIDType>3</PIDType><SID>S-1-5-21-3374648259-2182146028-1755583090</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>FX6801</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>R01-B0</Version><SMBIOSVersion major="2" minor="5"/><Date>20090519000000.000000+000</Date></BIOS><HWID>E5B80600018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91510409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2003</Name><Ver>11</Ver><Val>9F9A3FA9B774DA2</Val><Hash>UEkPEG69EfrohK7ExiJ/0LwlKjo=</Hash><Pid>72085-721-0281514-55458</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>9BFC1D6CD5A9EAC</Val><Hash>2bFZ8nvsqURL58SBwus6vAtjsYk=</Hash><Pid>81599-854-6528304-65835</Pid><PidType>1</PidType></Product></Products><Applications><App Id="51" Version="11" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 9f83d90f-a151-4665-ae69-30b3f63ec659
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00176-823-174886-02-1033-7600.0000-3292009
Installation ID: 011506139232771895570250840750262046832804198696858790
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: GCR9X
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 8/19/2012 1:35:01 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 8:18:2012 23:02
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MAAAAAIAAgABAAEAAQABAAAAAQABAAEAvOn6G9b/3o0IhYD9RpSofBCRKrT+ceqC
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1522
FACP ACRSYS FACP1522
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1522
SSDT DpgPmm CpuPm
- Edited by Rick Poole Sunday, August 19, 2012 6:36 PM
Sunday, August 19, 2012 6:35 PM -
The problem isn't actually with the files - I suspect that it's with one of the certificates that 'proves' the files genuine. (This set of files is a common one, but there are a number of possible causes for it, and none of them involve the files themselves)
The problem is to work out which one - and it's not easy to work out without actually sitting at the machine (if then!). :(
Let's go back a step and run SFC and see if that can tell us anything...
SFC -System File Checker - Instructions
Click on Start > All Programs > Accessories
Right-click on the Command Prompt entry
Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.
At the Command prompt, type
SFC /SCANNOW
and hit the Enter key
Wait for the scan to finish - make a note of any error messages - and then reboot.
Post an MGADiag report with details of any error messages encountered.
Please upload a copy of the CBS.log file to your Skydrive and post a link to it.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, August 19, 2012 6:49 PMModerator -
Link to cbs.log: https://skydrive.live.com/redir?resid=E058881129294E9B!107&authkey=!AKWbstenM8z1FNc
MGADiag:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-FW96H-4MCY6-GCR9X
Windows Product Key Hash: 9ojg615B47gwSV/6TocnREVRbpo=
Windows Product ID: 00359-OEM-8882315-74886
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {B4442742-094B-4429-8BE3-FA701F21406F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.120401-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Visio Professional 2003 - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B4442742-094B-4429-8BE3-FA701F21406F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-GCR9X</PKey><PID>00359-OEM-8882315-74886</PID><PIDType>3</PIDType><SID>S-1-5-21-3374648259-2182146028-1755583090</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>FX6801</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>R01-B0</Version><SMBIOSVersion major="2" minor="5"/><Date>20090519000000.000000+000</Date></BIOS><HWID>E5B80600018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91510409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2003</Name><Ver>11</Ver><Val>9F9A3FA9B774DA2</Val><Hash>UEkPEG69EfrohK7ExiJ/0LwlKjo=</Hash><Pid>72085-721-0281514-55458</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>9BFC1D6CD5A9EAC</Val><Hash>2bFZ8nvsqURL58SBwus6vAtjsYk=</Hash><Pid>81599-854-6528304-65835</Pid><PidType>1</PidType></Product></Products><Applications><App Id="51" Version="11" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 9f83d90f-a151-4665-ae69-30b3f63ec659
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00176-823-174886-02-1033-7600.0000-3292009
Installation ID: 011506139232771895570250840750262046832804198696858790
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: GCR9X
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 8/19/2012 2:15:28 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 8:18:2012 23:02
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MAAAAAIAAgABAAEAAQABAAAAAQABAAEAvOn6G9b/3o0IhYD9RpSofBCRKrT+ceqC
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1522
FACP ACRSYS FACP1522
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1522
SSDT DpgPmm CpuPm
Sunday, August 19, 2012 7:18 PM -
No change :(
Run the Fixit from here http://support.microsoft.com/kb/971058 - the system is trying and failing to install the latest Update for WU itself
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, August 19, 2012 8:17 PMModerator -
Keep your fingers crossed! It updated Windows update, downloaded 42 updates and is installing them. Once if finishes I'll run MGADiag again and see if it thinks everything is OK and post the results.Sunday, August 19, 2012 9:13 PM
-
It applied 41 of the updates, got code 643 - can't update important files/services while in use. Restarting to see if that allows it to apply the last update.Sunday, August 19, 2012 9:43 PM
-
Almost a total disaster - system wouldn't reboot, said it couldn't apply all the updates, the BSOD process failed init, then restore to prior restore point failed, then system repair failed. Finally tried restore to prior point again and got system running. But, don't know exactly what state it is in...
Windows update has 26 important and 1 optional updates to install. Not sure I want to try it again until after full backups are finished. One of the updates is Windows 7 Service Pack 1 for x64-based Systems (KB976932). Not sure if that is what caused the system to BSOD.
Doesn't seem to be any improvement in MGSDiag:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-FW96H-4MCY6-GCR9X
Windows Product Key Hash: 9ojg615B47gwSV/6TocnREVRbpo=
Windows Product ID: 00359-OEM-8882315-74886
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {B4442742-094B-4429-8BE3-FA701F21406F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.120401-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Visio Professional 2003 - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B4442742-094B-4429-8BE3-FA701F21406F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-GCR9X</PKey><PID>00359-OEM-8882315-74886</PID><PIDType>3</PIDType><SID>S-1-5-21-3374648259-2182146028-1755583090</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>FX6801</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>R01-B0</Version><SMBIOSVersion major="2" minor="5"/><Date>20090519000000.000000+000</Date></BIOS><HWID>E5B80600018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91510409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2003</Name><Ver>11</Ver><Val>9F9A3FA9B774DA2</Val><Hash>UEkPEG69EfrohK7ExiJ/0LwlKjo=</Hash><Pid>72085-721-0281514-55458</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>9BFC1D6CD5A9EAC</Val><Hash>2bFZ8nvsqURL58SBwus6vAtjsYk=</Hash><Pid>81599-854-6528304-65835</Pid><PidType>1</PidType></Product></Products><Applications><App Id="51" Version="11" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 9f83d90f-a151-4665-ae69-30b3f63ec659
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00176-823-174886-02-1033-7600.0000-3292009
Installation ID: 011506139232771895570250840750262046832804198696858790
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: GCR9X
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 8/19/2012 6:45:52 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001AAF0
Event Time Stamp: 8:18:2012 23:02
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MAAAAAIAAgABAAEAAQABAAAAAQABAAEAvOn6G9b/3o0IhYD9RpSofBCRKrT+ceqC
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1522
FACP ACRSYS FACP1522
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1522
SSDT DpgPmm CpuPm
Sunday, August 19, 2012 11:48 PM -
Do the updates in batches of no more than 5 at a time - leave the Service Pack until the end and install it on its own (it may be the one that actually cures the problem <g>)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, August 19, 2012 11:55 PMModerator -
Will do...keep your fingers crossed again.Monday, August 20, 2012 12:02 AM
-
I'm off to bed (it's 01:20) - I'll catch the results in the morning :)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 20, 2012 12:20 AMModerator -
Bad news! Applied the first 5 updates, now system won't boot - BSOD - process1 init failed, repair fails - required device not present, rollback doesn't find any prior system images even though I created one just before applying the updates. Any suggestions?Monday, August 20, 2012 1:36 PM
-
OUCH!
http://support.microsoft.com/kb/981833 applies here, I think.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 20, 2012 2:03 PMModerator -
I'll try that when I get home tonight.Monday, August 20, 2012 4:44 PM
-
I deleted the boot cache file and restarted and got the same error - process1 init failed. What next?
Monday, August 20, 2012 11:12 PM -
I assume you can still get into the Repair menu? (or are you using a boot disk?)
Run a CHKDSK on the Windows parition.
According to MSDN..
<quote>
Cause
Any part of the disk subsystem can cause the PROCESS1_INITIALIZATION_FAILED bug check, including bad disks, bad or incorrect cables, mixing different ATA-type devices on the same chain, or drives that are not available becuase of hardware regeneration.
This bug check can also be caused by a missing file from the boot partition or by a driver file that a user accidentally disabled in the Drivers tab.
</quote>
This doesn't sound good :(
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 20, 2012 11:29 PMModerator -
chkdsk didn't find any problems. is there a way to check the drivers from the drivers tab via command line? Is there a way to rollback to a prior point via command line?Tuesday, August 21, 2012 12:54 AM
-
Was finally able to rollback to the point prior to applying the last set of updates but it got another BSOD and the same error as before. Now I'm rolling back to before the SP_1 upgrade.Tuesday, August 21, 2012 2:08 AM
-
That failed with an error 0x80070002 so I booted to the last known good config. It booted, applied a number of updates, booted again and is currently working. Who knows what will happen on the next reboot.Tuesday, August 21, 2012 2:17 AM
-
Phew - back up now!
It sounds like you may have some fairly major driver problems - or something that SFC/CHKDSK is not seeing (probably in the registry).
I'm reluctant to continue attempting to solve the non-genuine issue with the system in an apparently unstable state - but it's up to you.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Tuesday, August 21, 2012 2:32 PMModerator -
I tried doing a boot to last known good config and it worked. After running for 20-30 minutes I realized the warning that it was not genuine never appeared. I'll run MGADiag again tonight and see what it says.Tuesday, August 21, 2012 2:51 PM
-
The Last Known Good Config is essentially a registry backup - you should check for problems as it's likely that it will break some of the updates installed.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Tuesday, August 21, 2012 4:53 PMModerator -
Rebooted to make sure it was OK and it BSOD'd again with the same error. Now last know good config doesn't work so system won't boot and repair doesn't work. Needless to say this sucks that Windows is not able to repair itself. Any ideas before I reinstall Windows from scratch?Wednesday, August 22, 2012 2:25 AM
-
Not really - my first thought is malware (possibly a rootkit virus) in which case the nuke-and-pave is probably a good idea. :(
If you want to check that, try downloading Windows Defender Offline on a known-clean machine and creating the boot media http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline - see what it has to say.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Wednesday, August 22, 2012 7:42 AMModerator -
It went downhill last night so I reinstalled Windows 7 SP 1 from scratch. I did run a number of malware scans and none found anything. Tonight I'll start reinstalling all my apps. That should keep me busy for the next 3-4 nights.
- Proposed as answer by Noel D PatonModerator Sunday, September 9, 2012 2:40 PM
- Marked as answer by Noel D PatonModerator Sunday, September 16, 2012 9:50 AM
Wednesday, August 22, 2012 8:35 PM -
Good luck with it - I keep putting off a reformat on my other laptop for that reason :)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Wednesday, August 22, 2012 9:12 PMModerator -
I ran MGADiag after installing windows again. It still shows some file mismatches, is that normal?
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-FW96H-4MCY6-GCR9X
Windows Product Key Hash: 9ojg615B47gwSV/6TocnREVRbpo=
Windows Product ID: 00359-OEM-8882315-74886
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {988B3B45-B924-4A57-9A7D-C6052DE5EB46}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{988B3B45-B924-4A57-9A7D-C6052DE5EB46}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-GCR9X</PKey><PID>00359-OEM-8882315-74886</PID><PIDType>3</PIDType><SID>S-1-5-21-2512149153-423386792-3697468498</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>FX6801</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>R01-B0</Version><SMBIOSVersion major="2" minor="5"/><Date>20090519000000.000000+000</Date></BIOS><HWID>E5C83E07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 9f83d90f-a151-4665-ae69-30b3f63ec659
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00176-823-174886-02-1033-7601.0000-2352012
Installation ID: 011506139232771895570250840750262046832804198696858790
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: GCR9X
License Status: Initial grace period
Time remaining: 42180 minute(s) (29 day(s))
Remaining Windows rearm count: 3
Trusted time: 8/22/2012 6:54:45 PMWindows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: MAAAAAIAAgABAAEAAQABAAAAAQABAAEAvOn6G9b/3o0IhYD9RtaofBCRKrT+ceqCOEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1522
FACP ACRSYS FACP1522
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1522
SSDT DpgPmm CpuPmWednesday, August 22, 2012 11:58 PM -
The error messages are all normal - the file mismatches merely indicate that you haven't yet installed the WAT Update (KB971033).
That looks fine to me.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Thursday, August 23, 2012 8:39 AMModerator