locked
Problems with Windows not genuine messages - solved - thanks to Noel RRS feed

  • Question

  • Hi All,

    We are having problems with 3PC's we believed to be correctly activated by our dealer and which are showing Windows not genuine messages (Windows 7 Build 7601). The COA stickers are for Vista but were originally to have been supplied with W7Pro . Our dealer upgraded these to W7 and we have no reason to doubt his bona-fides.

    Attached is the WGADiag output for one of the PC's .We are anxious to sort the matter out - hopefully you can advise ?

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    
    Validation Code: 0x8004FE22
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-7H8D7-KWVYB-MYMTD
    Windows Product Key Hash: wx5ndMFQm0AcZ8nMxSw8aUrnxQM=
    Windows Product ID: 00371-OEM-9309167-93223
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {30CC2299-FCF3-4C23-B8CA-77390FD52CF5}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_ldr.160408-2045
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A
    
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    
    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Access Runtime (English) 2007 - 121
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005
    
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    
    File Scan Data-->
    
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{30CC2299-FCF3-4C23-B8CA-77390FD52CF5}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MYMTD</PKey><PID>00371-OEM-9309167-93223</PID><PIDType>8</PIDType><SID>S-1-5-21-4111501717-913575102-347679128</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7303WHR</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT43AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20090907000000.000000+000</Date></BIOS><HWID>55BB3C07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62972</Pid><PidType>2</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1765CA03E677D8A</Val><Hash>oP+DZrDE1T6e5vY3TRMZLHw3dBw=</Hash><Pid>89388-709-7325542-65158</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  
    
    Spsys.log Content: 0x80070002
    
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    
    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-091-693223-02-6153-7600.0000-1782013
    Installation ID: 004395621015640686693182471614756334889122783983946414
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: MYMTD
    License Status: Notification
    Notification Reason: 0xC004F009 (grace time expired).
    Remaining Windows rearm count: 4
    Trusted time: 27/05/2016 20:44:37
    
    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:25:2016 20:02
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    
    
    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJSsBQS9SOSqdspgmkUwZAKaYi/YHkbK
    
    OEM Activation 1.0 Data-->
    N/A
    
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name	OEMID Value	OEMTableID Value
      APIC			LENOVO		TC-5H   
      FACP			LENOVO		TC-5H   
      HPET			LENOVO		TC-5H   
      MCFG			LENOVO		TC-5H   
      SLIC			LENOVO		TC-5H   
      OEMB			LENOVO		TC-5H   
      SSDT			LENOVO		TC-5H   
    
    

    Thanks in advance


    • Edited by Padr78 Monday, June 6, 2016 11:34 AM
    Friday, May 27, 2016 8:53 PM

Answers

  • Update:

    I went ahead and removed the Everyone DENY ( I actually removed Everyone altogether) on slui.exe. Tried running slui 3 - yes asks for product key rather than previous no access)

    Didn't enter the key as I took it that my previous slmgr /ato success had already done so

    Tried an online genuine verification - come back as verified ( or at least offers MS Security Essentials because Windows is Genuine)

    Hopefully won't get any genuine popups but don't want to count my chickens .... just yet

    Here is latest WGADiag output:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-7H8D7-KWVYB-MYMTD
    Windows Product Key Hash: wx5ndMFQm0AcZ8nMxSw8aUrnxQM=
    Windows Product ID: 00371-OEM-9309167-93223
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {30CC2299-FCF3-4C23-B8CA-77390FD52CF5}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_ldr.160408-2045
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Access Runtime (English) 2007 - 121
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{30CC2299-FCF3-4C23-B8CA-77390FD52CF5}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MYMTD</PKey><PID>00371-OEM-9309167-93223</PID><PIDType>8</PIDType><SID>S-1-5-21-4111501717-913575102-347679128</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7303WHR</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT43AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20090907000000.000000+000</Date></BIOS><HWID>55133207018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62972</Pid><PidType>2</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1765CA03E677D8A</Val><Hash>oP+DZrDE1T6e5vY3TRMZLHw3dBw=</Hash><Pid>89388-709-7325542-65158</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-091-693223-02-6153-7600.0000-1782013
    Installation ID: 004395621015640686693182471614756334889122783983946414
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: MYMTD
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 04/06/2016 22:05:19

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:4:2016 22:04
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJSsBQS9SOSqdspgmkUwZAKaYi/YHkbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TC-5H   
      FACP            LENOVO        TC-5H   
      HPET            LENOVO        TC-5H   
      MCFG            LENOVO        TC-5H   
      SLIC            LENOVO        TC-5H   
      OEMB            LENOVO        TC-5H   
      SSDT            LENOVO        TC-5H   

    Tamper is gone . Does this report look Ok to you - licence type etc ?

    Not sure if I should change the other permissions ? incl the specific user permissions ?

    Saturday, June 4, 2016 9:29 PM

All replies

  • Further update. I had already run SFC /SCANNOW as suggested elsewhere in these forums and didn't realise that this had detected errors and replaced various files.

    Although slui.exe is still not allowing access I was able to run slmgr /ato which validated windows ( at least in so far as the non -genuine message is gone from the desktop and a section for activation is now back on the system properties screen with a genuine windows logo).

    However I still cannot get the web verification  to give me a genuine windows result - the answer is always Windows could not be validated both on IE and also Firefox using legit.hta.Maybe related to the tampered file message ? I also attach an updated MGADiag output although I cant see any change

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    
    Validation Code: 0x8004FE22
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-7H8D7-KWVYB-MYMTD
    Windows Product Key Hash: wx5ndMFQm0AcZ8nMxSw8aUrnxQM=
    Windows Product ID: 00371-OEM-9309167-93223
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {30CC2299-FCF3-4C23-B8CA-77390FD52CF5}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_ldr.160408-2045
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A
    
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    
    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Access Runtime (English) 2007 - 121
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005
    
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    
    File Scan Data-->
    
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{30CC2299-FCF3-4C23-B8CA-77390FD52CF5}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MYMTD</PKey><PID>00371-OEM-9309167-93223</PID><PIDType>8</PIDType><SID>S-1-5-21-4111501717-913575102-347679128</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7303WHR</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT43AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20090907000000.000000+000</Date></BIOS><HWID>55E73F07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62972</Pid><PidType>2</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1765CA03E677D8A</Val><Hash>oP+DZrDE1T6e5vY3TRMZLHw3dBw=</Hash><Pid>89388-709-7325542-65158</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  
    
    Spsys.log Content: 0x80070002
    
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    
    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-091-693223-02-6153-7600.0000-1782013
    Installation ID: 004395621015640686693182471614756334889122783983946414
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: MYMTD
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 29/05/2016 21:42:11
    
    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 5:29:2016 20:40
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    
    
    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJSsBQS9SOSqdspgmkUwZAKaYi/YHkbK
    
    OEM Activation 1.0 Data-->
    N/A
    
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name	OEMID Value	OEMTableID Value
      APIC			LENOVO		TC-5H   
      FACP			LENOVO		TC-5H   
      HPET			LENOVO		TC-5H   
      MCFG			LENOVO		TC-5H   
      SLIC			LENOVO		TC-5H   
      OEMB			LENOVO		TC-5H   
      SSDT			LENOVO		TC-5H   
    
    
    


    Sunday, May 29, 2016 9:47 PM
  • To confirm that the problem is what I think it is, please run the following commands in an Elevated Command Prompt window and post the results.

     

    REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

    REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S              

    REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

     

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, May 31, 2016 7:28 AM
    Moderator
  • Hi Noel and thanks for the reply

    Output of commands:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE57495
    7-4077-4AD6-8658-327C2C86C5AA} /S
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-
    8658-327C2C86C5AA} /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
    A}\1.0
        (Default)    REG_SZ    SPPUI 1.0 Type Library

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
    A}\1.0\0

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
    A}\1.0\0\win32
        (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\slui.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
    A}\1.0\FLAGS
        (Default)    REG_SZ    0


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE57495
    7-4077-4AD6-8658-327C2C86C5AA} /S

    Also if it helps to diagnose the "not genuine - resolve online" windows has re-appeared although

    the message at the bottom right hand corner of the desktop  is still not there and the windows activation detail

    at the bottom of the system properties screen is still showing activated and the genuine logo

    Tuesday, May 31, 2016 8:36 AM
  • Thanks for that - the above output seems OK, so the problem may be a little deeper into the registry (or somewhere else altogether!)

    Please post the output from these commands...

    REG QUERY HKLM\SOFTWARE\Classes\CLSID\{A6C13C9D-54E1-44FC-82F0-DBE2C843E51A}\TypeLib /S

    REG QUERY HKLM\SOFTWARE\Classes\CLSID\{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}\TypeLib /S

    REG QUERY HKLM\SOFTWARE\Classes\Interface\{76D90824-E735-4844-B26F-AA1235B6E76B}\TypeLib /S


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, May 31, 2016 9:45 AM
    Moderator
  • Output follows:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\CLSID\{A6C13C9D-54E1-44FC-82
    F0-DBE2C843E51A}\TypeLib /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6C13C9D-54E1-44FC-82F0-DBE2C843E51A}
    \TypeLib
        (Default)    REG_SZ    {EE574957-4077-4AD6-8658-327C2C86C5AA}


    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\CLSID\{F87B28F1-DA9A-4F35-8E
    C0-800EFCF26B83}\TypeLib /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
    \TypeLib
        (Default)    REG_SZ    {EE574957-4077-4AD6-8658-327C2C86C5AA}


    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Interface\{76D90824-E735-484
    4-B26F-AA1235B6E76B}\TypeLib /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76D90824-E735-4844-B26F-AA1235B6E
    76B}\TypeLib
        (Default)    REG_SZ    {EE574957-4077-4AD6-8658-327C2C86C5AA}
        Version    REG_SZ    1.0


    C:\Windows\system32>

    Also I notice the last reply I made for some reason did not have output for the third command on you last

    post. Follows now:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE57495
    7-4077-4AD6-8658-327C2C86C5AA} /S
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>

    Thanks for taking the time to help with this - hopefully we can track it down ?

    Tuesday, May 31, 2016 1:23 PM
  • We have a pretty good record of fixing this problem in 64-bit Windows - but this is the first case that I can recall where the problem has occurred in 32-bit Windows

    The above steps almost always demonstrate the problem sufficiently to define the required fix, but such is obviously not he case here.

    Have you been using any kind of Registry Cleaner software? (DON'T!!) Any software from the WISE or IOBits stable?

    How long ago did the problem start? Have you tried a System Restore back to before the problem arose?

    Let's have a look at the data that the SFC generated - it may help....

    Please copy the C:\Windows\Logs\CBS\CBS.log file to the desktop - then compress it, and upload it to your favourite fileshare site and post a link.

    Also upload the other CBSPersistxxxxxxxxx.CAB files - post links.

    They may give  me a clue to what's happening.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, May 31, 2016 5:01 PM
    Moderator
  • Hi Noel

    It is possible that CCleaner might at some stage have been used but i cannot say with certainty.

    The problem has been there for some considerable time but when the dealer was asked about it he simply said that the windows was definitely genuine.

    As noted before there was no reason to doubt him as other PCs purchased through him have had no such issues and he has otherwise been reputable.

    It is only now when trying to upgrade to W10 that the problem has become an issue

    I had saved the [SR] output of the SFC scan (as per Microsoft advice on the SFC explanatory page) and luckily kept it :

    https://onedrive.live.com/redir?resid=788AE715C469108A!268&authkey=!AIU2lIIoGGkq_es&ithint=file%2ctxt ( I cant post a physical link as the forum wont let me)

    I am a little reluctant to post a public link to the other files as I am in fact helping a family member to try to sort this problem and the PC's concerned are at her workplace ( she deals with IT procurement although she is not an IT person herself)

    I am afraid that identifiable information might be in the CBS logs and data protection issues / regs might be breached?


    • Edited by Padr78 Tuesday, May 31, 2016 9:59 PM
    Tuesday, May 31, 2016 9:36 PM
  • CCleaner is usually  OK - but it's still a good idea to avoid the Registry Cleaner part of it!

    There are no file replacements shown in the SFC scan - which means that I really need to see the CBSPersist files. There is no Personally Identifiable  Information in these logs, they are simply a record of any files which are causing recordable events. Sometimes these event can give us vital information on what's happening to cause these problems. It's possible that if the SFC was run more than once, then the file uploaded is the later one, while the first one had possibly a number of file recorded - this log should still be visible in the Persist files.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, June 1, 2016 8:19 AM
    Moderator
  • Morning Noel,

    I double checked the uploaded file sfcdetails file - I can see some entries between lines 246 and 347 which seem to be about repaired files ?

    I'll need to get the OK to upload the other files - later today.

    Thanks

    Wednesday, June 1, 2016 9:22 AM
  • Noel,

    CBS and CBS Persist logs ( all in one zipped file ) are at:

    https://onedrive.live.com/redir?resid=788AE715C469108A!269&authkey=!AM4YTtyNID0cpBE&ithint=file%2czip

    Hope this helps.

    Wednesday, June 1, 2016 12:08 PM
  • Noel,

    CBS and CBS Persist logs ( all in one zipped file ) are at:

    https://onedrive.live.com/redir?resid=788AE715C469108A!269&authkey=!AM4YTtyNID0cpBE&ithint=file%2czip

    Hope this helps.

    The Persist files make interesting reading!

    There is at least one update that's stuck somewhere in the middle of installing - and that's blocking others.

    It's a while since I dealt with anything similar so I'll have to research it - but here are some of the error messages being thrown up at every shutdown/boot...  (just so I don't lose it!)

    	Line 840624: 2016-05-31 08:02:23, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x800f0816 - CBS_E_DPX_JOB_STATE_SAVED]
    	Line 840754: 2016-05-31 08:05:00, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x800f0816 - CBS_E_DPX_JOB_STATE_SAVED]
    	Line 840852: 2016-05-31 08:05:04, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x800f0816 - CBS_E_DPX_JOB_STATE_SAVED]
    	Line 840950: 2016-05-31 08:05:08, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x800f0816 - CBS_E_DPX_JOB_STATE_SAVED]
    	Line 841572: 2016-05-31 09:17:02, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x800f0816 - CBS_E_DPX_JOB_STATE_SAVED]
    	Line 843608: 2016-05-31 09:17:56, Error                 CSI    0000025f (F) A previous transaction requested a reboot, so you cannot commit any transactions until you reboot.
    	Line 843610: 2016-05-31 09:17:56, Error                 CSI    00000260 (F) STATUS_REQUEST_OUT_OF_SEQUENCE #1651274# from Windows::COM::CComponentStore::ApplyTransactionNow(...)[gle=0xd000042a]
    	Line 843611: 2016-05-31 09:17:56, Error                 CSI    00000261@2016/5/31:09:17:56.941 (F) d:\win7sp1_gdr\base\wcp\componentstore\com\store_transaction.cpp(1841): Error STATUS_REQUEST_OUT_OF_SEQUENCE originated in function Windows::COM::CComponentStore::ApplyTransactionNow expression: (null)
    	Line 843613: 2016-05-31 09:18:27, Error                 CSI    00000262 (F) HRESULT_FROM_WIN32(ERROR_REQUEST_OUT_OF_SEQUENCE) #1651135# from Windows::COM::CPendingTransaction::IStorePendingTransaction_Apply(...)[gle=0x80070308]
    	Line 843614: 2016-05-31 09:18:27, Error                 CSI    00000263 (F) HRESULT_FROM_WIN32(ERROR_REQUEST_OUT_OF_SEQUENCE) #1648279# from Windows::ServicingAPI::CCSITransaction::ICSITransaction2_AddFiles(Flags = 1, a = @0x64ba008, fn = @0x64ba408, fp = @0x64ba808, disp = 0, op = 0)[gle=0x80070308]
    	Line 843616: 2016-05-31 09:18:27, Error                 CBS    Failed to stage execution package: Package_58_for_KB2923545~31bf3856ad364e35~x86~~6.1.1.1 [HRESULT = 0x80070308 - ERROR_REQUEST_OUT_OF_SEQUENCE]
    	Line 843620: 2016-05-31 09:18:27, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x80070308 - ERROR_REQUEST_OUT_OF_SEQUENCE]
    	Line 843758: 2016-05-31 09:18:43, Error                 CSI    0000026d (F) A previous transaction requested a reboot, so you cannot commit any transactions until you reboot.
    	Line 843760: 2016-05-31 09:18:43, Error                 CSI    0000026e (F) STATUS_REQUEST_OUT_OF_SEQUENCE #1662919# from Windows::COM::CComponentStore::ApplyTransactionNow(...)[gle=0xd000042a]
    	Line 843761: 2016-05-31 09:18:43, Error                 CSI    0000026f@2016/5/31:09:18:43.132 (F) d:\win7sp1_gdr\base\wcp\componentstore\com\store_transaction.cpp(1841): Error STATUS_REQUEST_OUT_OF_SEQUENCE originated in function Windows::COM::CComponentStore::ApplyTransactionNow expression: (null)
    	Line 843763: 2016-05-31 09:18:46, Error                 CSI    00000270 (F) HRESULT_FROM_WIN32(ERROR_REQUEST_OUT_OF_SEQUENCE) #1662780# from Windows::COM::CPendingTransaction::IStorePendingTransaction_Apply(...)[gle=0x80070308]
    	Line 843764: 2016-05-31 09:18:47, Error                 CSI    00000271 (F) HRESULT_FROM_WIN32(ERROR_REQUEST_OUT_OF_SEQUENCE) #1658933# from Windows::ServicingAPI::CCSITransaction::ICSITransaction2_AddFiles(Flags = 1, a = @0x64ba008, fn = @0x64ba408, fp = @0x64ba808, disp = 0, op = 0)[gle=0x80070308]
    	Line 843766: 2016-05-31 09:18:47, Error                 CBS    Failed to stage execution package: Package_2_for_KB3075226~31bf3856ad364e35~x86~~6.1.1.1 [HRESULT = 0x80070308 - ERROR_REQUEST_OUT_OF_SEQUENCE]
    	Line 843770: 2016-05-31 09:18:47, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x80070308 - ERROR_REQUEST_OUT_OF_SEQUENCE]
    	Line 843869: 2016-05-31 09:18:54, Error                 CSI    0000027b (F) A previous transaction requested a reboot, so you cannot commit any transactions until you reboot.
    	Line 843871: 2016-05-31 09:18:54, Error                 CSI    0000027c (F) STATUS_REQUEST_OUT_OF_SEQUENCE #1668246# from Windows::COM::CComponentStore::ApplyTransactionNow(...)[gle=0xd000042a]
    	Line 843872: 2016-05-31 09:18:54, Error                 CSI    0000027d@2016/5/31:09:18:54.06 (F) d:\win7sp1_gdr\base\wcp\componentstore\com\store_transaction.cpp(1841): Error STATUS_REQUEST_OUT_OF_SEQUENCE originated in function Windows::COM::CComponentStore::ApplyTransactionNow expression: (null)
    	Line 843874: 2016-05-31 09:19:00, Error                 CSI    0000027e (F) HRESULT_FROM_WIN32(ERROR_REQUEST_OUT_OF_SEQUENCE) #1668107# from Windows::COM::CPendingTransaction::IStorePendingTransaction_Apply(...)[gle=0x80070308]
    	Line 843875: 2016-05-31 09:19:00, Error                 CSI    0000027f (F) HRESULT_FROM_WIN32(ERROR_REQUEST_OUT_OF_SEQUENCE) #1666990# from Windows::ServicingAPI::CCSITransaction::ICSITransaction2_AddFiles(Flags = 1, a = @0x64ba008, fn = @0x64ba408, fp = @0x64ba808, disp = 0, op = 0)[gle=0x80070308]
    	Line 843877: 2016-05-31 09:19:00, Error                 CBS    Failed to stage execution package: Package_2_for_KB3020388~31bf3856ad364e35~x86~~6.1.1.1 [HRESULT = 0x80070308 - ERROR_REQUEST_OUT_OF_SEQUENCE]
    	Line 843881: 2016-05-31 09:19:00, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x80070308 - ERROR_REQUEST_OUT_OF_SEQUENCE]
    	Line 843985: 2016-05-31 09:19:09, Error                 CSI    00000289 (F) A previous transaction requested a reboot, so you cannot commit any transactions until you reboot.
    	Line 843987: 2016-05-31 09:19:09, Error                 CSI    0000028a (F) STATUS_REQUEST_OUT_OF_SEQUENCE #1675514# from Windows::COM::CComponentStore::ApplyTransactionNow(...)[gle=0xd000042a]
    	Line 843988: 2016-05-31 09:19:09, Error                 CSI    0000028b@2016/5/31:09:19:09.434 (F) d:\win7sp1_gdr\base\wcp\componentstore\com\store_transaction.cpp(1841): Error STATUS_REQUEST_OUT_OF_SEQUENCE originated in function Windows::COM::CComponentStore::ApplyTransactionNow expression: (null)
    	Line 843990: 2016-05-31 09:19:17, Error                 CSI    0000028c (F) HRESULT_FROM_WIN32(ERROR_REQUEST_OUT_OF_SEQUENCE) #1675375# from Windows::COM::CPendingTransaction::IStorePendingTransaction_Apply(...)[gle=0x80070308]
    	Line 843991: 2016-05-31 09:19:17, Error                 CSI    0000028d (F) HRESULT_FROM_WIN32(ERROR_REQUEST_OUT_OF_SEQUENCE) #1673182# from Windows::ServicingAPI::CCSITransaction::ICSITransaction2_AddFiles(Flags = 1, a = @0x64ba008, fn = @0x64ba408, fp = @0x64ba808, disp = 0, op = 0)[gle=0x80070308]
    	Line 843993: 2016-05-31 09:19:17, Error                 CBS    Failed to stage execution package: Package_2_for_KB3126446~31bf3856ad364e35~x86~~6.1.1.0 [HRESULT = 0x80070308 - ERROR_REQUEST_OUT_OF_SEQUENCE]
    	Line 843997: 2016-05-31 09:19:17, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x80070308 - ERROR_REQUEST_OUT_OF_SEQUENCE]
    


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, June 1, 2016 3:51 PM
    Moderator
  • ...I found on old resolution of mine that worked - but I need to check it first...

    Please do a Search in your Windows folder (and subfolders) for any files 'pending.xml', and compress and upload all found - post a link


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, June 1, 2016 3:54 PM
    Moderator
  •  only one pending file - https://onedrive.live.com/redir?resid=788AE715C469108A!270&authkey=!AKNRmDUCgKLlR2E&ithint=file%2cxml

    The email notifications and the reply/post listing here seem a little out of sync so i hope i am replying to the correct post

    Wednesday, June 1, 2016 7:35 PM
  • try this...
    Open an Elevated Command Prompt, and run the following commands


    REG LOAD HKLM\COMPONENTS C:\Windows\System32\config\COMPONENTS
    REG DELETE HKLM\COMPONENTS /V PendingRequired


    then reboot, and try Windows Update - do a Check for updates and see what happens (it may take a few hours!)

    Also run a new MGADiag report and post it.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, June 2, 2016 7:13 AM
    Moderator
  • Ran those commands but second one threw an error:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG LOAD HKLM\COMPONENTS C:\Windows\System32\config\COMPONEN
    TS
    The operation completed successfully.

    C:\Windows\system32>REG DELETE HKLM\COMPONENTS /V PendingRequired
    Delete the registry value PendingRequired (Yes/No)? y
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG DELETE HKLM\COMPONENTS /V PendingRequired
    Delete the registry value PendingRequired (Yes/No)? Y
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>

    Also did a windows update - for the record it had not been misbehaving. There were a few failed updates a couple of daays ago but they subsequently

    went through OK. The update history looks fully populated.

    As requested up-to-date MGADiag report but I don't think anything is changed

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-7H8D7-KWVYB-MYMTD
    Windows Product Key Hash: wx5ndMFQm0AcZ8nMxSw8aUrnxQM=
    Windows Product ID: 00371-OEM-9309167-93223
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {30CC2299-FCF3-4C23-B8CA-77390FD52CF5}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_ldr.160408-2045
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Access Runtime (English) 2007 - 121
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{30CC2299-FCF3-4C23-B8CA-77390FD52CF5}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MYMTD</PKey><PID>00371-OEM-9309167-93223</PID><PIDType>8</PIDType><SID>S-1-5-21-4111501717-913575102-347679128</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7303WHR</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT43AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20090907000000.000000+000</Date></BIOS><HWID>559B3E07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62972</Pid><PidType>2</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1765CA03E677D8A</Val><Hash>oP+DZrDE1T6e5vY3TRMZLHw3dBw=</Hash><Pid>89388-709-7325542-65158</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-091-693223-02-6153-7600.0000-1782013
    Installation ID: 004395621015640686693182471614756334889122783983946414
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: MYMTD
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 02/06/2016 10:27:11

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 6:2:2016 09:44
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJSsBQS9SOSqdspgmkUwZAKaYi/YHkbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TC-5H   
      FACP            LENOVO        TC-5H   
      HPET            LENOVO        TC-5H   
      MCFG            LENOVO        TC-5H   
      SLIC            LENOVO        TC-5H   
      OEMB            LENOVO        TC-5H   
      SSDT            LENOVO        TC-5H   

    Thursday, June 2, 2016 9:35 AM
  • Hmmm - the error message you got would tend to back up the fact that updates are installing OK.

    Let's go back a step to the SFC scan results...

    Those corrupted files are interesting, as they are often ones corrupted when using a particular hacker's Activation Exploit.

    It does open up the possibility of using the 'cure' for that hack as a possible repair for this problem...

    Download WATFix - make sure that you UNTICK the box for the 'download manager, AND UNCHECK the 'use
    download manager' option greyed out on the left under the Download button.

    Click on the Download button on the left of the page, not the big shiny button on the right
    (which is an ad for the download manager!!) - and use that - extract the .exe file, and run it, then reboot.  

     

    The downloaded file should be named 'Wat Fix.zip' rather than anything else - the extracted file is 'Wat Fix.exe'


     Post back with another MGADiag report, and we'll then see what we can do.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, June 2, 2016 3:43 PM
    Moderator
  • Hi Noel,

    I have been doing a bit of reading around about watfix etc. I can see two files in Windows/system32 which look "fishy".

    There is a file slmgr.vbs.removewat as well as slmgr.vbs -the latter being the file the SFC scan replaced back to good ?

    There is also slwga.dll.bak and a slwga.dll -the slwga.dll again being the fixed by SFC ?

    There is only one slui.exe which is not allowing access - maybe changed in some way by removewat ?

    I nor the family member I am helping certainly did not use removewat but it looks as if somebody ( at some point) did  ?

    I have also tried to research Wat Fix and I am very uncertain about using it. I have not yet downloaded it but apparently nearly a half of the Virustotal scanners are flagging

    it as malware ? I can also see some comments over in sevenforums.com by I presume yourself (didn't realise you posted in both forums - busy man !!) about avoiding the download button and the tickbox

    possibly being dangerous. Does this not ,by association at least , not call into question the integrity of watfix ? who is the author of watfix and can we really know everything it is doing ? Who placed it on datafilehost.com ?

    Is there no other tool available to counteract/cleanout the effects of removewat - even a list of manual instructions ?

    Please do not take any of this to in any way be questioning your integrity. Based on your forum posts and also on the lengths you have gone to help many people including myself

    it is clear that your  bona-fides is not for discussion . I am just being super-careful/paranoid about security - I don't want to get "out of the frying pan into the fire"

    Thursday, June 2, 2016 7:23 PM
  • Understand absolutely where you're  coming from - but I have been recommending that download for over 5 years now, and no-one who has avoided using the download manager has had any problems with it ;)

    I check the site whenever I haven't recommended it for a while to see what new wrinkles they've added in an attempt to foist whatever their flavour-of-the-month wrapper for the base upload is - and modify my script accordingly.

    I also check the download itself to make sure that it hasn't changed (this one has been run in a VM for the past 24 hours without causing any problems - and has been scanned with Malwarebytes and MSE - neither of which complained)

    I'm not enough of a programmer to be able to say with any certainty exactly what either RemoveWAT or WatFix do - except that WatFix DOES undo everything that RemoveWat did, and also runs SFC to do the file replacements necessary, rather than attempting to do it itself.

    WatFix is NOT a virus. For some reason, the AV's which do detect it appear to have classified it as a Trojan (which it also isn't) because they claim it attempts to send data out - I just checked it (again) and could find no evidence of any attempt to reach any network.

    What it does do is modify some registry entries, and permissions, and replace (via SFC) files which were deleted/modified by RemoveWat.

    The author of WatFix is actually one of the more notorious hackers - who also authored the most successful of the Windows Vista and 7 hacks for bypassing activation requirements, and who released WatFix in order to reset systems corrupted by RemoveWat, so that they could then install his own hack!

    I don't much like his ethics, but in this case at least, he has produce what historically has been a very useful and beneficial repair tool (and I certainly don't have the chops to create a similar tool!)

    Let's have a look at your slui.exe file and see what we can see about it...

    Open an Elevated Command Prompt, and run the following commands.

    DIR C:\Windows\system32\slui.exe /AL /S ATTRIB C:\Windows\system32\slui.exe /S ICACLS C:\Windows\system32\slui.exe /T DIR C:\Windows\winsxs\slui.exe /AL /S ATTRIB C:\Windows\winsxs\slui.exe /S ICACLS C:\Windows\winsxs\slui.exe /T

    post the results - they may make interesting reading.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Friday, June 3, 2016 9:41 AM
    Moderator
  • Hi Noel - thanks. Output requested:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>DIR C:\Windows\system32\slui.exe /AL /S
     Volume in drive C is Preload
     Volume Serial Number is xxxx-xxxx
    File Not Found

    C:\Windows\system32>ATTRIB C:\Windows\system32\slui.exe /S
    A            C:\Windows\system32\slui.exe

    C:\Windows\system32>ICACLS C:\Windows\system32\slui.exe /T
    C:\Windows\system32\slui.exe Everyone:(DENY)(S,X)
                                 NT AUTHORITY\SYSTEM:(I)(F)
                                 BUILTIN\Administrators:(I)(F)
                                 BUILTIN\Users:(I)(RX)
                                 xxxxxxx\xxxxxxx:(I)(F)

    C:\Windows\system32\LogFiles\WMI\RtBackup\*: Access is denied.
    Successfully processed 1 files; Failed processing 1 files

    C:\Windows\system32>DIR C:\Windows\winsxs\slui.exe /AL /S
     Volume in drive C is Preload
     Volume Serial Number is xxxx-xxxx
    File Not Found

    C:\Windows\system32>ATTRIB C:\Windows\winsxs\slui.exe /S
    A            C:\Windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad3
    64e35_6.1.7600.16385_none_5b97f4df0025c6e9\slui.exe
    A            C:\Windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad3
    64e35_6.1.7601.17514_none_5dc908a6fd144a83\slui.exe

    C:\Windows\system32>ICACLS C:\Windows\winsxs\slui.exe /T
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.760
    0.16385_none_5b97f4df0025c6e9\slui.exe Everyone:(DENY)(S,X)

                                           NT AUTHORITY\SYSTEM:(I)(F)

                                           BUILTIN\Administrators:(I)(F)

                                           BUILTIN\Users:(I)(RX)

                                           xxxxxxx\xxxxxxx:(I)(F)

    C:\Windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.760
    1.17514_none_5dc908a6fd144a83\slui.exe Everyone:(DENY)(S,X)

                                           NT AUTHORITY\SYSTEM:(I)(F)

                                           BUILTIN\Administrators:(I)(F)

                                           BUILTIN\Users:(I)(RX)

                                           xxxxxxx\xxxxxxx:(I)(F)

    Successfully processed 2 files; Failed processing 0 files

    C:\Windows\system32>

    The xxxx items are where I have redacted , for privacy reasons, the volume serial number and the user account I am logged on as (it is a valid account)

    The DENY permission is very strange and clearly part of the "tamper"

    Also the file not found is odd - when I can see the file on screen in explorer.

    The bit in the middle about WMI logs may be coincidental - the machine was only switched on

    but could be related to the not genuine as a not genuine screen popped up around the same time

    Friday, June 3, 2016 3:09 PM
  • The DENY permissions should certainly not bepresent.

    Neither should the Allow permissions for individual user accounts!They open up the system rather a lot to the possibility of a hack.

    The File not found is normal - I was looing for a reparse point which may have been created by RemoveWat. There doesn'tappear to have been one.

    Is there any particular reason why there are user-specific permissions are present on all versions of the file?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, June 4, 2016 6:25 AM
    Moderator
  • Should I remove the DENY permissions ?

    I notice that the other files within system32 seem to have permissions only for System/Administrator/Users/TrustedInstaller.

    The slui and slmgr.* files have TrustedInstaller removed and Everyone + the individual user account added. I am thinking to replace these permissions with the "correct"

    permissions based on other W7 PC's not exhibiting problems ? Maybe when SFC replaced the files the permissions were not also changed ?

    As to the reason for the individual account - I don't know. It shows its permissions as inherited for Windows/System32 although it is not specifically included in that folders permissions

    setup ? Must be the inheritance is through the Administrators group. I should mention also - the user account concerned is a domain account rather than a local account - a domain is in use.

    Saturday, June 4, 2016 11:12 AM
  • Update:

    I went ahead and removed the Everyone DENY ( I actually removed Everyone altogether) on slui.exe. Tried running slui 3 - yes asks for product key rather than previous no access)

    Didn't enter the key as I took it that my previous slmgr /ato success had already done so

    Tried an online genuine verification - come back as verified ( or at least offers MS Security Essentials because Windows is Genuine)

    Hopefully won't get any genuine popups but don't want to count my chickens .... just yet

    Here is latest WGADiag output:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-7H8D7-KWVYB-MYMTD
    Windows Product Key Hash: wx5ndMFQm0AcZ8nMxSw8aUrnxQM=
    Windows Product ID: 00371-OEM-9309167-93223
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {30CC2299-FCF3-4C23-B8CA-77390FD52CF5}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_ldr.160408-2045
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Access Runtime (English) 2007 - 121
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{30CC2299-FCF3-4C23-B8CA-77390FD52CF5}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MYMTD</PKey><PID>00371-OEM-9309167-93223</PID><PIDType>8</PIDType><SID>S-1-5-21-4111501717-913575102-347679128</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7303WHR</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT43AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20090907000000.000000+000</Date></BIOS><HWID>55133207018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62972</Pid><PidType>2</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1765CA03E677D8A</Val><Hash>oP+DZrDE1T6e5vY3TRMZLHw3dBw=</Hash><Pid>89388-709-7325542-65158</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-091-693223-02-6153-7600.0000-1782013
    Installation ID: 004395621015640686693182471614756334889122783983946414
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: MYMTD
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 04/06/2016 22:05:19

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:4:2016 22:04
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJSsBQS9SOSqdspgmkUwZAKaYi/YHkbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TC-5H   
      FACP            LENOVO        TC-5H   
      HPET            LENOVO        TC-5H   
      MCFG            LENOVO        TC-5H   
      SLIC            LENOVO        TC-5H   
      OEMB            LENOVO        TC-5H   
      SSDT            LENOVO        TC-5H   

    Tamper is gone . Does this report look Ok to you - licence type etc ?

    Not sure if I should change the other permissions ? incl the specific user permissions ?

    Saturday, June 4, 2016 9:29 PM
  • That looks fine now - you should also remove the user-specific permissions to reduce the potential attack-surface.

    FYI, here's what the permissions are on my system...

    C:\Windows\system32>ICACLS C:\Windows\system32\slui.exe /T
    C:\Windows\system32\slui.exe NT SERVICE\TrustedInstaller:(F)
                                 BUILTIN\Administrators:(RX)
                                 NT AUTHORITY\SYSTEM:(RX)
                                 BUILTIN\Users:(RX)

    C:\Windows\system32>ICACLS C:\Windows\winsxs\slui.exe  /T
    C:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7600.16385_none_b7b69062b883381f\slui.exe NT SERVICE\TrustedInstaller:(F)
                                             BUILTIN\Administrators:(RX)
                                             NT AUTHORITY\SYSTEM:(RX)
                                             BUILTIN\Users:(RX)

    C:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_b9e7a42ab571bbb9\slui.exe NT SERVICE\TrustedInstaller:(F)
                                             BUILTIN\Administrators:(RX)
                                             NT AUTHORITY\SYSTEM:(RX)
                                             BUILTIN\Users:(RX)

    (this is an old system - and I don't so the possible file cleanup - which is why I have both versions available in the winsxs folder)

    Good luck!


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, June 6, 2016 7:46 AM
    Moderator
  • Thanks Noel - I'll tidy up the permissions. I/we very much appreciate your help on this.
    Monday, June 6, 2016 11:33 AM
  • No problem ;)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, June 6, 2016 11:39 AM
    Moderator