Remove From My Forums

Windows 7 Ultimate - Installed for a number of years - now not genuine

Question
0

Sign in to vote

I purchased my copy of Windows 7 Ultimate as part of my Microsoft Action Pack subscription, and it's been working fine for a number of years. Any ideas?

When I run the MGADiag tool here are the results:
Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-8BK7W-7KMG3-XBCKW
Windows Product Key Hash: 6R5gxHzb9pWT/G67BxmiOR32r+Q=
Windows Product ID: 00426-948-1154514-85373
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {8186D86D-3B23-4892-B2D6-6089EC4C134B}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Gabhan.INPUT2K4.000\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B58F7E54-D731-4B2A-B546-FF33005FE070}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XBCKW</PKey><PID>00426-948-1154514-85373</PID><PIDType>5</PIDType><SID>S-1-5-21-3277422079-4206815381-1968672891</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Dell XPS420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="5"/><Date>20080623000000.000000+000</Date></BIOS><HWID>13F33A07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B9K </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
Error: 0x80070426

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: 0x00000000
HealthStatus: 0x0001000000000000
Event Time Stamp: 10:10:2012 08:33
WAT Activex: Registered
WAT Admin Service: Registered

HWID Data-->
HWID Hash Current: MgAAAAMAAAABAAEAAgABAAAAAgABAAEAeqiK2Zgkm7r+AHYKHPzJHiw2AHmv8l5lRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B9K
FACP DELL B9K
HPET DELL B9K
BOOT DELL B9K
MCFG DELL B9K
SSDT DELL st_ex
DUMY DELL B9K
SLIC DELL B9K
SSDT DELL st_ex
SSDT DELL st_ex
SSDT DELL st_ex

Gabhan

Wednesday, October 10, 2012 8:34 AM

Answers

0

Sign in to vote
Thanks for all your help. From reading about SQL Server and resource issues, I've made a few tweaks (Took databases not in use offline - used BCDEdit to increase Virtual Address Space in Windows - removed unnecessary SQL Agent jobs) and my machine has been happily running all day without a 'Non-Genuine' popup. Using Process Explorer, I was able to see that the Virtual Size of the SqlServer process was 2.9GB. So it looks like SQL Server may have been the root of the problem all along. But I feel that I have a much cleaner machine at the end of it. Again, many thanks for all your efforts - I learned a lot!
Gabhan
- Marked as answer by Gabhans Friday, October 19, 2012 4:23 PM
Friday, October 19, 2012 4:23 PM

All replies

0

Sign in to vote

You have a complex error present which until now has been a very rare one - this is the third case this week of this exact problem, and we currently have no solution in the forums

I suspect either

1) Malware

2) Security Software is preventing access to part of the registry

3) corruption introduced by changes in installed software.

What Security software are you running? Have you either upgraded or changed it - EVER, or recently?

What other installed software changes did you make around the time the problem first appeared, if any?

Have you had any problems with malware recently?

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, October 10, 2012 9:02 AM

Moderator
0

Sign in to vote
Until about 2 months ago I was using Avast Anti-Virus (Free Version) but I felt that was slowing my system down, so I removed it completely and installed Microsoft Security Essentials. That has been installed and updated without a problem until yesterday, when the 'Not Genuine' error occurred.

This PC was upgraded about two years ago from Windows Vista.
I have never had an issue with Viruses or Malware on this PC.
The only software installations I would have done would have been Windows Updates, and the latest version of iTunes.
As this is an older PC, running the Delphi 7 IDE for updating software written a number of years ago, I am usually quite careful about what I install.
As the Delphi 7 IDE is quite complex to install and update, I really do not want to reinstall Windows entirely. This would be as close to a disaster as I can think of, as many of the Delphi 7 packages will not install in Windows 7 (although they continue to function on this upgraded machine).

Despite numerous reboots last night and this morning, it was still popping up fairly regularly. Having installed a number of windows updates just now, and rebooted, I have not seen the 'Not Genuine' popup since. But maybe that's a coincidence :)

Will post again if the popup reappears.

Gabhan
Wednesday, October 10, 2012 10:49 AM
0

Sign in to vote

Interesting....

You say that you had Avast on there - when you uninstalled it, did you also run their cleanup tool?

When the machine was delivered, it almost certainly had a pre-installed trial of either McAfee or Norton - did you also run the cleanup tool for whichever it was?

Please open regegit, and export the HKLM\SYSTEM\CurrentControlSet\Services\sppsvc Key as a .reg file, and paste it to your reply - please also check the Permissions on the Key. (Do you have SubInACLS installed by any chance?)

(I would normally simply ask for a reg query output, but I think that this error is more related to permissions than to actual values - teh C0000022 error is an Access Denied one)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, October 10, 2012 11:20 AM

Moderator
0

Sign in to vote
Whilst reading your reply, I got the Windows Activation - 'This computer is not running genuine Windows' popup. The code at the bottom of that window says 0x8004fe21.

When I bought the machine I would have reinstalled Windows Vista Business from my Action Pack Subscription CD (I think - it was quite some time ago - as I like to see what is getting installed from the word go)

I didn't run any cleanup tools from Avast. Should I?

I can install SubInACLS if you want...

I've pasted the reg key info below. In relation to permissions, what permissions should be set on that key? This is what is currently set:

CREATOR OWNER - Special permissions, SYSTEM - Full Control & Read, Administrators - Full control & Read, Users - Read

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sppsvc]
"DisplayName"="@%SystemRoot%\\system32\\sppsvc.exe,-101"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,70,00,70,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00
"Description"="@%SystemRoot%\\system32\\sppsvc.exe,-100"
"ObjectName"="NT AUTHORITY\\NetworkService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"DelayedAutoStart"=dword:00000001
"Type"=dword:00000010
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\
61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,\
72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,\
00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sppsvc\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,70,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,14,00,\
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,01,00,00,00,00,00,05,12,00,00,00

Gabhan
- Edited by Gabhans Wednesday, October 10, 2012 1:58 PM
Wednesday, October 10, 2012 1:50 PM
0

Sign in to vote

Just thought of something else I installed, and uninstalled recently. A driver for a HP Multi-Function printer I was testing for a customer with a Delphi developed app.

Oh - and when I click 'Resolve online now' on the popup, it directs me to the 'Install Security Essentials' page.
Gabhan

Wednesday, October 10, 2012 1:53 PM
1

Sign in to vote
(Just lost my original post fat-fingering a Google search ! 2nd try)

I don't think it's the printer driver (although HP's reputation isn't the highest, I suspect I would have seen more reports of the error)

It could be residues from Avast -

Download the Avast removal utility from here http://www.avast.com/uninstall-utility

Follow the instructions for running it, and when complete, reboot the machine.

run a new MGADiag report - post it if any of these three error flags change....

Cached Validation Code: N/A, hr = 0xc0000022

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
Error: 0x80070426

HealthStatus: 0x0001000000000000

specicially, it's the last one I'm most interested in - but I suspect that any change in that will either result in a different error elsewhere, or is itself a resultant.

either way please export the Windows Application and Event logs, and upload them to your public SkyDrive (or other favoured fileshare app) and post a link

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Proposed as answer by george1009Editor Wednesday, October 10, 2012 3:12 PM
- Unproposed as answer by Gabhans Wednesday, October 10, 2012 8:40 PM
Wednesday, October 10, 2012 2:14 PM

Moderator
0

Sign in to vote

OK - some changes to report:
Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: 0x0
Windows Product Key: *****-*****-8BK7W-7KMG3-XBCKW
Windows Product Key Hash: 6R5gxHzb9pWT/G67BxmiOR32r+Q=
Windows Product ID: 00426-948-1154514-85373
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {A9D1776D-14A4-4C0F-B277-A46919E81FFA}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Gabhan.INPUT2K4.000\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A9D1776D-14A4-4C0F-B277-A46919E81FFA}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XBCKW</PKey><PID>00426-948-1154514-85373</PID><PIDType>5</PIDType><SID>S-1-5-21-3277422079-4206815381-1968672891</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Dell XPS420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="5"/><Date>20080623000000.000000+000</Date></BIOS><HWID>13F33A07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B9K </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-948-115451-00-6153-7600.0000-0062010
Installation ID: 000536475863972223055884582505656515503140949454893140
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XBCKW
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 10/10/2012 15:43:48

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: PASS
Event Time Stamp: 10:10:2012 14:52
WAT Activex: Registered
WAT Admin Service: Registered

HWID Data-->
HWID Hash Current: MgAAAAMAAAABAAEAAgABAAAAAgABAAEAeqiK2Zgk/gCbunYKHPzJHiw2AHmv8l5lRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B9K
FACP DELL B9K
HPET DELL B9K
BOOT DELL B9K
MCFG DELL B9K
SSDT DELL st_ex
DUMY DELL B9K
SLIC DELL B9K
SSDT DELL st_ex
SSDT DELL st_ex
SSDT DELL st_ex

Gabhan

Wednesday, October 10, 2012 2:46 PM
0

Sign in to vote

That comes as a TOTAL suprise - not to say, shock!

Your system appears to be fine now.

I can't remember if the Avast tool creates an action log - if it did, could you please upload it??

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, October 10, 2012 3:05 PM

Moderator
0

Sign in to vote

That comes as a TOTAL suprise - not to say, shock!

me too.

Wednesday, October 10, 2012 3:14 PM

Answerer
0

Sign in to vote

I cannot find a log file anywhere. I understand if this is to be useful to anyone in the future, it would be desirable. I've googled it, but cannot find any mention of where a log file might be created.

Funny thing is - it seemed to complete the uninstall cleanup exceptionally quickly - within a second...

Fingers crossed it's not a temporary fix - I'll leave this ticket in my pinned tabs for a few days just to be sure.

Many thanks for the help - I wouldn't have connected Avast to the Windows Genuine errors.
Gabhan

Wednesday, October 10, 2012 3:19 PM
0

Sign in to vote

As I understand it, the Avast cleanup tool is merely a registry cleaner - specifically removing registry entries created or modified by the Avast installers and updates.

As such, it should be pretty quick :)

I've asked the OP in the other thread to run the tool, and tell me if Avast was ever installed there.

Next time I get the error up, hopefully I'll know a little more about what the cleanup tool actually does, and I'll be able to request specific data from the poster so that we can find the exact error site.

Now I'm off to get the tool myself and play with it and RegMon :)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, October 10, 2012 3:30 PM

Moderator
0

Sign in to vote

It was too good to be true. I haven't even rebooted, and I got the 'Not Genuine' popup again. Here's the MGADiag this time:

Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-8BK7W-7KMG3-XBCKW
Windows Product Key Hash: 6R5gxHzb9pWT/G67BxmiOR32r+Q=
Windows Product ID: 00426-948-1154514-85373
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {3026C866-7CF3-4677-8B1A-0D6153F5FC3D}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Gabhan.INPUT2K4.000\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3026C866-7CF3-4677-8B1A-0D6153F5FC3D}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XBCKW</PKey><PID>00426-948-1154514-85373</PID><PIDType>5</PIDType><SID>S-1-5-21-3277422079-4206815381-1968672891</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Dell XPS420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="5"/><Date>20080623000000.000000+000</Date></BIOS><HWID>13F33A07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B9K </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
Error: 0x80070426

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: 0x00000000
HealthStatus: 0x0001000000000000
Event Time Stamp: 10:10:2012 20:34
WAT Activex: Registered
WAT Admin Service: Registered

HWID Data-->
HWID Hash Current: MgAAAAMAAAABAAEAAgABAAAAAgABAAEAeqiK2Zgk/gCbunYKHPzJHiw2AHmv8l5lRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B9K
FACP DELL B9K
HPET DELL B9K
BOOT DELL B9K
MCFG DELL B9K
SSDT DELL st_ex
DUMY DELL B9K
SLIC DELL B9K
SSDT DELL st_ex
SSDT DELL st_ex
SSDT DELL st_ex

Gabhan

Wednesday, October 10, 2012 8:38 PM
0

Sign in to vote

Since the last MGADiag, I have run Outlook 2010, iTunes 10.7.0.21, Delphi7 (Build 8.1), Google Chrome 23.0.1271.22 beta-m, and some command prompts / windows explorer windows.

Nothing else. No installs / uninstalls. Back to scratching my head again :(
Gabhan

Wednesday, October 10, 2012 8:43 PM
0

Sign in to vote

Around the same time as the popup, in the event log, there is an event
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 10/10/2012 21:37:53
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: GabhanXPS
Description:
The Software Protection service failed to start. 0xD000009A
6.1.7601.17514
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="49152">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-10-10T20:37:53.000000000Z" />
<EventRecordID>5552804</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>GabhanXPS</Computer>
<Security />
</System>
<EventData>
<Data>0xD000009A</Data>
<Data>6.1.7601.17514</Data>
</EventData>
</Event>
Gabhan

Wednesday, October 10, 2012 8:47 PM
0

Sign in to vote

The only refernces I can find to any 0xD000009A error relate to WU, and multiple MUI installation.

How many Language MUI's do you have installed?

Your userprofile folder name looks as if it may be a 'generated' profile - one created when an earlier profile crashed. When di that happen? (did you find out what caused it?)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, October 10, 2012 9:49 PM

Moderator
0

Sign in to vote

As far as I am aware, there is only a single language installed - when I go to uninstall from the Keyboards and Languages tab, it tells me English (English) is the only language installed.

This machine was once connected to a domain (when initially set up). I disconnected from the domain but kept the username the same, which generated the additional profile folder with a .000 extension. This was around 2 years ago and the machine had been running fine ever since.
Gabhan

Wednesday, October 10, 2012 10:04 PM
0

Sign in to vote

OK - it's probably not that, then :)

Run the following commands

REG QUERY HKCR\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6} /S

DIR C:\Windows\regtlibv12.exe /S
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, October 10, 2012 11:39 PM

Moderator
0

Sign in to vote

C:\Users\Gabhan.Input2k4.000>REG QUERY HKCR\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6} /S

HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2
(Default) REG_SZ Microsoft WMI Scripting V1.2 Library

HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0

HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32
(Default) REG_EXPAND_SZ %SystemRoot%\system32\wbem\wbemdisp.TLB

HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\FLAGS
(Default) REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\HELPDIR
(Default) REG_EXPAND_SZ %SystemRoot%\system32\wbem\

C:\Users\Gabhan.Input2k4.000>
C:\Users\Gabhan.Input2k4.000>DIR C:\Windows\regtlibv12.exe /S
Volume in drive C is DriveC
Volume Serial Number is 9238-2F45

Directory of C:\Windows\Microsoft.NET\Framework\v4.0.30319

18/03/2010 13:16 58,192 regtlibv12.exe
1 File(s) 58,192 bytes

Total Files Listed:
1 File(s) 58,192 bytes
0 Dir(s) 9,311,158,272 bytes free
Gabhan

Thursday, October 11, 2012 12:35 AM
0

Sign in to vote
In relation to the previous error relating to The Software Protection service, should this service be running all the time? It's set to Automatic (Delayed Start), but it's not running. I can start it (at the moment - at least - I couldn't earlier) without any errors, and stop it too. Should it always be running?

Gabhan
- Edited by Gabhans Thursday, October 11, 2012 12:39 AM
Thursday, October 11, 2012 12:38 AM
0

Sign in to vote

The sservice does a check at boot, and then stops automatically until called on - this is by design.

You have however reminded me of something I've never actually bothered to check before against an MGADiag - the Task Scheduler entries for the SPPSVC.

back later :)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Thursday, October 11, 2012 7:10 AM

Moderator
0

Sign in to vote

OK - Went to bed - left the computer on - came back to the same popup 'Not Genuine' warning on-screen.

I now cannot start the Software Protection service:

C:\Users\Gabhan.Input2k4.000>net start sppsvc
The Software Protection service is starting.
The Software Protection service could not be started.

A system error has occurred.

System error 1450 has occurred.

Insufficient system resources exist to complete the requested service.

The Resource Monitor has been running, and I cannot see any major changes in memory usage since last night.

Gabhan

Thursday, October 11, 2012 7:59 AM
0

Sign in to vote

Nasty - that sort of system error number is usually associated with file system problems.

I suggest that you run CHKDSK C: /R and SFC /SCANNOW scans - post the CHKDSK output (Wininit event in the Applications log) and upload the full CBS.log file (copy it to desktop first - it can't easily be played with directly))
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Thursday, October 11, 2012 10:05 AM

Moderator
0

Sign in to vote

OK, CBS.log output as follows - fails after 16% - just going to reboot to allow the chkdsk to run:
2012-10-11 11:55:37, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
2012-10-11 11:55:37, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2012-10-11 11:55:47, Info CSI 00000050 Repair results created:
POQ 15 starts:

POQ 15 ends.
2012-10-11 11:55:47, Info CSI 00000051 [SR] Verify complete
2012-10-11 11:55:47, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2012-10-11 11:55:47, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2012-10-11 11:55:52, Info CSI 00000054 Repair results created:
POQ 16 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\2d5239fa9ea7cd012d070000f40e080c._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\730c43fa9ea7cd012e070000f40e080c.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\836f47fa9ea7cd012f070000f40e080c.$$_ehome_40103e2da1d121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"
3: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\3e6061fa9ea7cd0130070000f40e080c.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
4: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\30aa63fa9ea7cd0131070000f40e080c.$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms"
5: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\fdff64fa9ea7cd0132070000f40e080c.$$_system32_windowspowershell_v1.0_modules_applocker_b50db0a500311141.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_applocker_b50db0a500311141.cdf-ms"
6: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\a189b4fa9ea7cd0133070000f40e080c.$$_system32_windowspowershell_v1.0_modules_applocker_en-us_0185315044ae185f.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_applocker_en-us_0185315044ae185f.cdf-ms"

POQ 16 ends.
2012-10-11 11:55:52, Info CSI 00000055 [SR] Verify complete
2012-10-11 11:55:52, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
2012-10-11 11:55:52, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2012-10-11 11:55:56, Info CSI 00000058 Repair results created:
POQ 17 starts:

POQ 17 ends.
2012-10-11 11:55:56, Info CSI 00000059 [SR] Verify complete
2012-10-11 11:55:56, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
2012-10-11 11:55:56, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:04, Info CSI 0000005c Repair results created:
POQ 18 starts:

POQ 18 ends.
2012-10-11 11:56:04, Info CSI 0000005d [SR] Verify complete
2012-10-11 11:56:04, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:04, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:07, Info CSI 00000060 Repair results created:
POQ 19 starts:

POQ 19 ends.
2012-10-11 11:56:07, Info CSI 00000061 [SR] Verify complete
2012-10-11 11:56:08, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:08, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:10, Info CSI 00000064 Repair results created:
POQ 20 starts:

POQ 20 ends.
2012-10-11 11:56:10, Info CSI 00000065 [SR] Verify complete
2012-10-11 11:56:10, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:10, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:12, Info CSI 00000068 Repair results created:
POQ 21 starts:

POQ 21 ends.
2012-10-11 11:56:12, Info CSI 00000069 [SR] Verify complete
2012-10-11 11:56:12, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:12, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:17, Info CSI 0000006c Repair results created:
POQ 22 starts:

POQ 22 ends.
2012-10-11 11:56:17, Info CSI 0000006d [SR] Verify complete
2012-10-11 11:56:17, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:17, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:21, Info CSI 00000070 Repair results created:
POQ 23 starts:

POQ 23 ends.
2012-10-11 11:56:21, Info CSI 00000071 [SR] Verify complete
2012-10-11 11:56:21, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:21, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:24, Info CSI 00000074 Repair results created:
POQ 24 starts:

POQ 24 ends.
2012-10-11 11:56:24, Info CSI 00000075 [SR] Verify complete
2012-10-11 11:56:25, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:25, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:29, Info CSI 00000078 Repair results created:
POQ 25 starts:

POQ 25 ends.
2012-10-11 11:56:29, Info CSI 00000079 [SR] Verify complete
2012-10-11 11:56:29, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:29, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:34, Info CSI 0000007c Repair results created:
POQ 26 starts:

POQ 26 ends.
2012-10-11 11:56:34, Info CSI 0000007d [SR] Verify complete
2012-10-11 11:56:34, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:34, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:37, Info CSI 00000080 Repair results created:
POQ 27 starts:

POQ 27 ends.
2012-10-11 11:56:37, Info CSI 00000081 [SR] Verify complete
2012-10-11 11:56:37, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:37, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:42, Info CSI 00000084 Repair results created:
POQ 28 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\2299f2179fa7cd01e40b0000f40e080c._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\460c02189fa7cd01e50b0000f40e080c.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\b6141a189fa7cd01e60b0000f40e080c.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\6fd91e189fa7cd01e70b0000f40e080c.$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms"
4: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\a1d964189fa7cd01e80b0000f40e080c.$$_apppatch_1143992cbbbebcab.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms"

POQ 28 ends.
2012-10-11 11:56:42, Info CSI 00000085 [SR] Verify complete
2012-10-11 11:56:42, Info CSI 00000086 [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:42, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:50, Info CSI 00000088 Repair results created:
POQ 29 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\30a26b1b9fa7cd014d0c0000f40e080c._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\5f1e721b9fa7cd014e0c0000f40e080c.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\17e3761b9fa7cd014f0c0000f40e080c.$$_help_windows_en-us_b594929e73669c5e.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_help_windows_en-us_b594929e73669c5e.cdf-ms"
3: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\36fc781b9fa7cd01500c0000f40e080c.$$_help_help_en-us_91e6e7979a9bf9c6.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_help_help_en-us_91e6e7979a9bf9c6.cdf-ms"
4: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\df898e1b9fa7cd01510c0000f40e080c.$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms"
5: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\bb17ea1b9fa7cd01520c0000f40e080c.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms"
6: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0abee1b9fa7cd01530c0000f40e080c.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms"
7: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\9174ff1b9fa7cd01540c0000f40e080c.$$_resources_fbee56ab048ab239.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
8: Mov
2012-10-11 11:56:50, Info CSI e File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\5eca001c9fa7cd01550c0000f40e080c.$$_resources_themes_4d0d4910e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms"
9: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\f5470b1c9fa7cd01560c0000f40e080c.$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms"
10: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\a935ca1c9fa7cd01570c0000f40e080c.$$_schcache_f995a5d4decb8cc0.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_schcache_f995a5d4decb8cc0.cdf-ms"
11: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\fe964d1d9fa7cd01580c0000f40e080c.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
12: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\15d5501d9fa7cd01590c0000f40e080c.$$_system32_logfiles_ait_5b4995189d2e6c55.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_ait_5b4995189d2e6c55.cdf-ms"
13: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\d574541d9fa7cd015a0c0000f40e080c.programdata_microsoft_windows_ait_140a03828e6ffe97.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_ait_140a03828e6ffe97.cdf-ms"
14: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\c4bc731d9fa7cd015b0c0000f40e080c.$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms"
15: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\00ef771d9fa7cd015c0c0000f40e080c.$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms", Destination = [l:188{94}]"\
2012-10-11 11:56:50, Info CSI SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms"
16: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\991af41d9fa7cd015d0c0000f40e080c.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms"
17: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\0fd2f51d9fa7cd015e0c0000f40e080c.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms"

POQ 29 ends.
2012-10-11 11:56:50, Info CSI 00000089 [SR] Verify complete
2012-10-11 11:56:51, Info CSI 0000008a [SR] Verifying 100 (0x00000064) components
2012-10-11 11:56:51, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2012-10-11 11:56:54, Info CSI 0000008c [SR] Cannot repair member file [l:34{17}]"winresume.exe.mui" of Microsoft-Windows-BootEnvironment-OS-Loader.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2012-10-11 11:56:55, Info CSI 0000008d Ignoring duplicate ownership for directory [l:64{32}]"\??\C:\Windows\Branding\Shellbrd" in component Microsoft-Windows-Branding-Shell-Ultimate, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2012-10-11 11:56:58, Error CSI 0000008e (F) STATUS_ACCESS_DENIED #1826381# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile(flags = (AllowFileNotFound), handle = {provider=NULL, handle=0}, da = (FILE_GENERIC_READ), oa = @0x96e540->OBJECT_ATTRIBUTES {s:24; rd:NULL; on:[136]"\SystemRoot\WinSxS\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4\winresume.exe.mui"; a:(OBJ_CASE_INSENSITIVE)}, iosb = @0x96e4f8, as = (null), fa = 0, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), cd = FILE_OPEN, co = (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT), eab = NULL, eal = 0, disp = Invalid)
[gle=0xd0000022]
2012-10-11 11:56:58, Error CSI 0000008f@2012/10/11:10:56:58.603 (F) d:\win7sp1_gdr\base\wcp\sil\merged\ntu\ntsystem.cpp(2057): Error STATUS_ACCESS_DENIED originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile expression: (null)
[gle=0x80004005]
2012-10-11 11:57:02, Error CSI 00000090 (F) STATUS_ACCESS_DENIED #1826380# from Windows::Rtl::SystemImplementation::CDirectory::OpenExistingFile(...)[gle=0xd0000022]
2012-10-11 11:57:02, Error CSI 00000091 (F) STATUS_ACCESS_DENIED #1826379# from Windows::Rtl::SystemImplementation::CDirectory_IRtlDirectoryTearoff::OpenExistingFile(flags = (MissingFileIsOk), da = (FILE_GENERIC_READ), oa = @0x96e6e8->SIL_OBJECT_ATTRIBUTES {s:20; on:"winresume.exe.mui"; a:(OBJ_CASE_INSENSITIVE)}, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), oo = (FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE), file = NULL, disp = Invalid)
[gle=0xd0000022]
2012-10-11 11:57:02, Error CSI 00000092 (F) STATUS_ACCESS_DENIED #1826307# from PrimitiveInstaller::CCoordinator::RepairComponent(Component = Microsoft-Windows-BootEnvironment-OS-Loader.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral)[gle=0xd0000022]

Gabhan

Thursday, October 11, 2012 10:57 AM
0

Sign in to vote

Wininit output:

Checking file system on C:
The type of the file system is NTFS.
Volume label is DriveC.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
485376 file records processed. File verification completed.
775 large file records processed. 0 bad file records processed. 1578 EA records processed. 123 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
619838 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
485376 file SDs/SIDs processed. Cleaning up 193 unused index entries from index $SII of file 0x9.
Cleaning up 193 unused index entries from index $SDH of file 0x9.
Cleaning up 193 unused security descriptors.
Security descriptor verification completed.
67232 data files processed. CHKDSK is verifying Usn Journal...
34976192 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
485360 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
1992137 free clusters processed. Free space verification is complete.
Windows has checked the file system and found no problems.

102399999 KB total disk space.
93640192 KB in 409621 files.
200812 KB in 67233 indexes.
0 KB in bad sectors.
590447 KB in use by the system.
65536 KB occupied by the log file.
7968548 KB available on disk.

4096 bytes in each allocation unit.
25599999 total allocation units on disk.
1992137 allocation units available on disk.

Internal Info:
00 68 07 00 bf 46 07 00 ae 54 0c 00 00 00 00 00 .h...F...T......
c6 0d 00 00 7b 00 00 00 00 00 00 00 00 00 00 00 ....{...........
78 a3 14 00 50 01 13 00 78 30 13 00 00 00 13 00 x...P...x0......

Windows has finished checking your disk.
Please wait while your computer restarts.

Gabhan

Thursday, October 11, 2012 12:47 PM
0

Sign in to vote

... at least the drive appear to be physically OK.

Run the SFC again - it may be able to access those files now.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Thursday, October 11, 2012 10:54 PM

Moderator
0

Sign in to vote

Looks fairly similar to me :-
2012-10-12 09:03:57, Info CBS Starting TrustedInstaller initialization.
2012-10-12 09:03:57, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2012-10-12 09:03:58, Info CSI 00000001@2012/10/12:08:03:58.215 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x2726de79 @0x33395d7d @0x3337205a @0xc31c99 @0xc31236 @0x771375a8)
2012-10-12 09:03:58, Info CSI 00000002@2012/10/12:08:03:58.287 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x2726de79 @0x333d7183 @0x333d4013 @0xc31c99 @0xc31236 @0x771375a8)
2012-10-12 09:03:58, Info CSI 00000003@2012/10/12:08:03:58.315 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x2726de79 @0x6d884bc8 @0x6d8854a6 @0xc31327 @0xc31245 @0x771375a8)
2012-10-12 09:03:58, Info CBS Ending TrustedInstaller initialization.
2012-10-12 09:03:58, Info CBS Starting the TrustedInstaller main loop.
2012-10-12 09:03:58, Info CBS TrustedInstaller service starts successfully.
2012-10-12 09:03:58, Info CBS SQM: Initializing online with Windows opt-in: False
2012-10-12 09:03:58, Info CBS SQM: Cleaning up report files older than 10 days.
2012-10-12 09:03:58, Info CBS SQM: Requesting upload of all unsent reports.
2012-10-12 09:03:58, Info CBS SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2012-10-12 09:03:58, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2012-10-12 09:03:58, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6
2012-10-12 09:03:58, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2012-10-12 09:03:58, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2012-10-12 09:03:58, Info CBS NonStart: Checking to ensure startup processing was not required.
2012-10-12 09:03:58, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xd8fa14
2012-10-12 09:03:58, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2012-10-12 09:03:58, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c8
2012-10-12 09:03:58, Info CSI 00000007@2012/10/12:08:03:58.443 CSI perf trace:
CSIPERF:TXCOMMIT;206
2012-10-12 09:03:58, Info CBS NonStart: Success, startup processing not required as expected.
2012-10-12 09:03:58, Info CBS Startup processing thread terminated normally
2012-10-12 09:03:58, Info CSI 00000008 CSI Store 2425728 (0x00250380) initialized
2012-10-12 09:04:00, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:04:00, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-10-12 09:04:12, Info CSI 0000000b Repair results created:
POQ 0 starts:

POQ 0 ends.
2012-10-12 09:04:12, Info CSI 0000000c [SR] Verify complete
2012-10-12 09:04:12, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2012-10-12 09:04:12, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2012-10-12 09:04:18, Info CSI 0000000f Repair results created:
POQ 1 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\3b24402d50a8cd01ca000000f41e081f._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\23654b2d50a8cd01cb000000f41e081f.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\15af4d2d50a8cd01cc000000f41e081f.$$_ehome_40103e2da1d121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"
3: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\ad586d2d50a8cd01cd000000f41e081f.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
4: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\9499782d50a8cd01ce000000f41e081f.$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms"
5: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\5b147b2d50a8cd01cf000000f41e081f.$$_system32_windowspowershell_v1.0_modules_applocker_b50db0a500311141.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_applocker_b50db0a500311141.cdf-ms"
6: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\4a07be2d50a8cd01d0000000f41e081f.$$_system32_windowspowershell_v1.0_modules_applocker_en-us_0185315044ae185f.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_applocker_en-us_0185315044ae185f.cdf-ms"

POQ 1 ends.
2012-10-12 09:04:18, Info CSI 00000010 [SR] Verify complete
2012-10-12 09:04:19, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:04:19, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2012-10-12 09:04:27, Info CSI 00000013 Repair results created:
POQ 2 starts:

POQ 2 ends.
2012-10-12 09:04:27, Info CSI 00000014 [SR] Verify complete
2012-10-12 09:04:28, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:04:28, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2012-10-12 09:04:56, Info CSI 00000017 Repair results created:
POQ 3 starts:

POQ 3 ends.
2012-10-12 09:04:56, Info CSI 00000018 [SR] Verify complete
2012-10-12 09:04:56, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:04:56, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-10-12 09:05:01, Info CSI 0000001b Repair results created:
POQ 4 starts:

POQ 4 ends.
2012-10-12 09:05:01, Info CSI 0000001c [SR] Verify complete
2012-10-12 09:05:01, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2012-10-12 09:05:01, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2012-10-12 09:05:04, Info CSI 0000001f Repair results created:
POQ 5 starts:

POQ 5 ends.
2012-10-12 09:05:04, Info CSI 00000020 [SR] Verify complete
2012-10-12 09:05:05, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:05:05, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2012-10-12 09:05:09, Info CSI 00000023 Repair results created:
POQ 6 starts:

POQ 6 ends.
2012-10-12 09:05:09, Info CSI 00000024 [SR] Verify complete
2012-10-12 09:05:10, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:05:10, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2012-10-12 09:05:17, Info CSI 00000027 Repair results created:
POQ 7 starts:

POQ 7 ends.
2012-10-12 09:05:17, Info CSI 00000028 [SR] Verify complete
2012-10-12 09:05:17, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:05:17, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2012-10-12 09:05:23, Info CSI 0000002b Repair results created:
POQ 8 starts:

POQ 8 ends.
2012-10-12 09:05:23, Info CSI 0000002c [SR] Verify complete
2012-10-12 09:05:23, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2012-10-12 09:05:23, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2012-10-12 09:05:28, Info CSI 0000002f Repair results created:
POQ 9 starts:

POQ 9 ends.
2012-10-12 09:05:28, Info CSI 00000030 [SR] Verify complete
2012-10-12 09:05:28, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:05:28, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2012-10-12 09:05:34, Info CSI 00000033 Repair results created:
POQ 10 starts:

POQ 10 ends.
2012-10-12 09:05:34, Info CSI 00000034 [SR] Verify complete
2012-10-12 09:05:35, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:05:35, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2012-10-12 09:05:40, Info CSI 00000037 Repair results created:
POQ 11 starts:

POQ 11 ends.
2012-10-12 09:05:40, Info CSI 00000038 [SR] Verify complete
2012-10-12 09:05:40, Info CSI 00000039 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:05:40, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2012-10-12 09:05:44, Info CSI 0000003b Repair results created:
POQ 12 starts:

POQ 12 ends.
2012-10-12 09:05:44, Info CSI 0000003c [SR] Verify complete
2012-10-12 09:05:45, Info CSI 0000003d [SR] Verifying 100 (0x00000064) components
2012-10-12 09:05:45, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2012-10-12 09:05:50, Info CSI 0000003f Repair results created:
POQ 13 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\5f33be6350a8cd0181050000f41e081f._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\7b86c56350a8cd0182050000f41e081f.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\ca09d26350a8cd0183050000f41e081f.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\50fdd76350a8cd0184050000f41e081f.$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms"
4: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\e774226450a8cd0185050000f41e081f.$$_apppatch_1143992cbbbebcab.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms"

POQ 13 ends.
2012-10-12 09:05:50, Info CSI 00000040 [SR] Verify complete
2012-10-12 09:05:50, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:05:50, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2012-10-12 09:06:00, Info CSI 00000043 Repair results created:
POQ 14 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0f6126850a8cd01ea050000f41e081f._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\211d186850a8cd01eb050000f41e081f.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\24ca1e6850a8cd01ec050000f41e081f.$$_help_windows_en-us_b594929e73669c5e.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_help_windows_en-us_b594929e73669c5e.cdf-ms"
3: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\095e236850a8cd01ed050000f41e081f.$$_help_help_en-us_91e6e7979a9bf9c6.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_help_help_en-us_91e6e7979a9bf9c6.cdf-ms"
4: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\ab103a6850a8cd01ee050000f41e081f.$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms"
5: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\bdf59a6850a8cd01ef050000f41e081f.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms"
6: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\76ba9f6850a8cd01f0050000f41e081f.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms"
7: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\b746b16850a8cd01f1050000f41e081f.$$_resources_fbee56ab048ab239.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
8: Mov
2012-10-12 09:06:00, Info CSI e File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\f478b56850a8cd01f2050000f41e081f.$$_resources_themes_4d0d4910e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms"
9: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\30abb96850a8cd01f3050000f41e081f.$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms"
10: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\45bf7d6950a8cd01f4050000f41e081f.$$_schcache_f995a5d4decb8cc0.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_schcache_f995a5d4decb8cc0.cdf-ms"
11: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\07b8166a50a8cd01f5050000f41e081f.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
12: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\36341d6a50a8cd01f6050000f41e081f.$$_system32_logfiles_ait_5b4995189d2e6c55.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_ait_5b4995189d2e6c55.cdf-ms"
13: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\57fa256a50a8cd01f7050000f41e081f.programdata_microsoft_windows_ait_140a03828e6ffe97.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_ait_140a03828e6ffe97.cdf-ms"
14: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\514b3c6a50a8cd01f8050000f41e081f.$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms"
15: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\2f04426a50a8cd01f9050000f41e081f.$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms", Destination = [l:188{94}]"\
2012-10-12 09:06:00, Info CSI SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms"
16: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\cadcc46a50a8cd01fa050000f41e081f.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms"
17: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\2c03ca6a50a8cd01fb050000f41e081f.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms"

POQ 14 ends.
2012-10-12 09:06:00, Info CSI 00000044 [SR] Verify complete
2012-10-12 09:06:01, Info CSI 00000045 [SR] Verifying 100 (0x00000064) components
2012-10-12 09:06:01, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2012-10-12 09:06:05, Info CSI 00000047 [SR] Cannot repair member file [l:34{17}]"winresume.exe.mui" of Microsoft-Windows-BootEnvironment-OS-Loader.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2012-10-12 09:06:06, Info CSI 00000048 Ignoring duplicate ownership for directory [l:64{32}]"\??\C:\Windows\Branding\Shellbrd" in component Microsoft-Windows-Branding-Shell-Ultimate, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2012-10-12 09:06:09, Error CSI 00000049 (F) STATUS_ACCESS_DENIED #913170# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile(flags = (AllowFileNotFound), handle = {provider=NULL, handle=0}, da = (FILE_GENERIC_READ), oa = @0x20e038->OBJECT_ATTRIBUTES {s:24; rd:NULL; on:[136]"\SystemRoot\WinSxS\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4\winresume.exe.mui"; a:(OBJ_CASE_INSENSITIVE)}, iosb = @0x20dff0, as = (null), fa = 0, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), cd = FILE_OPEN, co = (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT), eab = NULL, eal = 0, disp = Invalid)
[gle=0xd0000022]
2012-10-12 09:06:09, Error CSI 0000004a@2012/10/12:08:06:09.527 (F) d:\win7sp1_gdr\base\wcp\sil\merged\ntu\ntsystem.cpp(2057): Error STATUS_ACCESS_DENIED originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile expression: (null)
[gle=0x80004005]
2012-10-12 09:06:12, Error CSI 0000004b (F) STATUS_ACCESS_DENIED #913169# from Windows::Rtl::SystemImplementation::CDirectory::OpenExistingFile(...)[gle=0xd0000022]
2012-10-12 09:06:12, Error CSI 0000004c (F) STATUS_ACCESS_DENIED #913168# from Windows::Rtl::SystemImplementation::CDirectory_IRtlDirectoryTearoff::OpenExistingFile(flags = (MissingFileIsOk), da = (FILE_GENERIC_READ), oa = @0x20e1e0->SIL_OBJECT_ATTRIBUTES {s:20; on:"winresume.exe.mui"; a:(OBJ_CASE_INSENSITIVE)}, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), oo = (FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE), file = NULL, disp = Invalid)
[gle=0xd0000022]
2012-10-12 09:06:12, Error CSI 0000004d (F) STATUS_ACCESS_DENIED #913096# from PrimitiveInstaller::CCoordinator::RepairComponent(Component = Microsoft-Windows-BootEnvironment-OS-Loader.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral)[gle=0xd0000022]
2012-10-12 09:16:17, Info CBS Reboot mark refs incremented to: 1
2012-10-12 09:16:17, Info CBS Scavenge: Starts
2012-10-12 09:16:17, Info CSI 0000004e@2012/10/12:08:16:17.550 CSI Transaction @0x3018d8 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [10]"TI6.0_0:0/"

2012-10-12 09:16:17, Info CBS Scavenge: Begin CSI Store
2012-10-12 09:16:18, Info CSI 0000004f Performing 1 operations; 1 are not lock/unlock and follow:
Scavenge (8): flags: 00000017
2012-10-12 09:16:18, Info CSI 00000050 Store coherency cookie matches last scavenge cookie, skipping scavenge.
2012-10-12 09:16:18, Info CSI 00000051 ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=7
2012-10-12 09:16:18, Info CSI 00000052 Creating NT transaction (seq 2), objectname [6]"(null)"
2012-10-12 09:16:18, Info CSI 00000053 Created NT transaction (seq 2) result 0x00000000, handle @0x1f0
2012-10-12 09:16:18, Info CSI 00000054@2012/10/12:08:16:18.578 CSI perf trace:
CSIPERF:TXCOMMIT;64543
2012-10-12 09:16:18, Info CBS Scavenge: Completed, dis
2012-10-12 09:16:18, Info CSI 00000055@2012/10/12:08:16:18.578 CSI Transaction @0x3018d8 destroyed
2012-10-12 09:16:18, Info CBS Reboot mark refs: 0
2012-10-12 09:16:18, Info CBS Idle processing thread terminated normally
2012-10-12 09:16:18, Info CBS Ending the TrustedInstaller main loop.
2012-10-12 09:16:18, Info CBS Starting TrustedInstaller finalization.
2012-10-12 09:16:18, Info CBS Ending TrustedInstaller finalization.

Gabhan

Friday, October 12, 2012 8:41 AM
0

Sign in to vote

Sorry about the delayed response - ISP problems :(

OK _ let's have a look at the files concerned

Open an Elevated Command Prompt, and run the following commands

DIR C:\Windows\winresume.exe.mui /S

ICACLS C:\Windows\winresume.exe.mui /T

DIR C:\Windows\ntsystem.cpp /S

post the results.

Here are some instructions to make life easier :)

1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.

2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.

3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Sunday, October 14, 2012 1:18 PM

Moderator
0

Sign in to vote

Thanks Noel - I'm a .net software developer so my pride is already in tatters at not being able to sort this out myself :( but thanks for the basics :)

One other thing I notice, my memory management on this PC seems to be completely down the toilet. Lots of 'Not enough storage to process the command' type messages from Delphi, SQL Server etc. Disabling Superfetch seems to have improved matters, but obviously that's not a solution.... but looking at resource manager, or process explorer, there are no applications consuming huge amounts of memory...hopefully just a symptom of something we can get to the bottom of.
C:\Users\Gabhan.INPUT2K4.000>DIR C:\Windows\winresume.exe.mui /S
Volume in drive C is DriveC
Volume Serial Number is 9238-2F45

Directory of C:\Windows\System32\Boot\en-US

14/07/2009 03:11 29,776 winresume.exe.mui
1 File(s) 29,776 bytes

Directory of C:\Windows\System32\en-US

14/07/2009 03:11 29,776 winresume.exe.mui
1 File(s) 29,776 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f1
02945576be4

14/07/2009 03:11 29,776 winresume.exe.mui
1 File(s) 29,776 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1c534
ed7917cdfc7

14/07/2009 03:11 29,776 winresume.exe.mui
1 File(s) 29,776 bytes

Total Files Listed:
4 File(s) 119,104 bytes
0 Dir(s) 11,410,059,264 bytes free

C:\Users\Gabhan.INPUT2K4.000>
C:\Users\Gabhan.INPUT2K4.000>ICACLS C:\Windows\winresume.exe.mui /T
C:\Windows\CSC\v2.0.6\*: Access is denied.
Successfully processed 0 files; Failed processing 1 files

C:\Users\Gabhan.INPUT2K4.000>
C:\Users\Gabhan.INPUT2K4.000>DIR C:\Windows\ntsystem.cpp /S
Volume in drive C is DriveC
Volume Serial Number is 9238-2F45
File Not Found

C:\Users\Gabhan.INPUT2K4.000>

Gabhan

Monday, October 15, 2012 8:26 AM
0

Sign in to vote

C:\Users\Gabhan.INPUT2K4.000>ICACLS C:\Windows\winresume.exe.mui /T
C:\Windows\CSC\v2.0.6\*: Access is denied.

Interesting result that - I occasionally see this type of response, and as yet have no ide what's causing it. Usually, it's from the RtBackup folder - this one is somewhat different

It may give us a clue - please run the following commands

ICACLS C:\Windows\CSC

ICACLS C:\Windows\CSC\v2.0.6

This may be a result of Offline Files settings or content going adrift - do you actually use that ability, or could you switch it off? (at least temporarily,to test the effect and clear the folders)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, October 15, 2012 8:53 AM

Moderator
0

Sign in to vote

Don't use offline files. It seems to be disabled in Sync center.

C:\Users\Gabhan.INPUT2K4.000>ICACLS C:\Windows\CSC
C:\Windows\CSC NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

C:\Users\Gabhan.INPUT2K4.000>
C:\Users\Gabhan.INPUT2K4.000>ICACLS C:\Windows\CSC\v2.0.6
C:\Windows\CSC\v2.0.6: Access is denied.
Successfully processed 0 files; Failed processing 1 files

C:\Users\Gabhan.INPUT2K4.000>
Gabhan

Monday, October 15, 2012 9:04 AM
0

Sign in to vote

Interesting - please use Windows Explorer to look at ownership and permissions on the failing folder. (attempting to access this area could be what's causing your resource problems??)

I'm not sure exactly how best to delete the folders - or even if it should be done. They are not present on a default install of Win7, so I would expect them to be removable.

I'll do some research and get back to you.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, October 15, 2012 9:28 AM

Moderator
0

Sign in to vote

http://www.techsupportforum.com/forums/f10/c-windows-csc-338173.html

is interesting.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, October 15, 2012 9:31 AM

Moderator
0

Sign in to vote

OK - I've taken ownership of that folder, turned on 'Offline Files' - Rebooted - deleted all offline files - Turned off 'Offline Files' - Rebooted. Here are the results of the last commands again:

C:\>ICACLS C:\Windows\CSC
C:\Windows\CSC NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

C:\>
C:\>ICACLS C:\Windows\CSC\v2.0.6
C:\Windows\CSC\v2.0.6 BUILTIN\Administrators:(OI)(CI)(F)
GabhanXPS\Gabhan:(OI)(CI)(F)

Successfully processed 1 files; Failed processing 0 files

C:\>

And the previous commands:
C:\>DIR C:\Windows\winresume.exe.mui /S
Volume in drive C is DriveC
Volume Serial Number is 9238-2F45

Directory of C:\Windows\System32\Boot\en-US

14/07/2009 03:11 29,776 winresume.exe.mui
1 File(s) 29,776 bytes

Directory of C:\Windows\System32\en-US

14/07/2009 03:11 29,776 winresume.exe.mui
1 File(s) 29,776 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f1
02945576be4

14/07/2009 03:11 29,776 winresume.exe.mui
1 File(s) 29,776 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1c534
ed7917cdfc7

14/07/2009 03:11 29,776 winresume.exe.mui
1 File(s) 29,776 bytes

Total Files Listed:
4 File(s) 119,104 bytes
0 Dir(s) 11,429,191,680 bytes free

C:\>
C:\>ICACLS C:\Windows\winresume.exe.mui /T
C:\Windows\System32\Boot\en-US\winresume.exe.mui NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(RX)
NT AUTHORITY\SYSTEM:(RX)
BUILTIN\Users:(RX)

C:\Windows\System32\en-US\winresume.exe.mui GabhanXPS\Gabhan:(F)

C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4\wi
nresume.exe.mui GabhanXPS\Gabhan:(RX)

BUILTIN\Administrators:(F)

C:\Windows\winsxs\x86_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1c534ed7917cdfc7\wi
nresume.exe.mui NT SERVICE\TrustedInstaller:(F)

BUILTIN\Administrators:(RX)

NT AUTHORITY\SYSTEM:(RX)

BUILTIN\Users:(RX)

Successfully processed 4 files; Failed processing 0 files

C:\>
C:\>DIR C:\Windows\ntsystem.cpp /S
Volume in drive C is DriveC
Volume Serial Number is 9238-2F45
File Not Found

C:\>

Gabhan

Monday, October 15, 2012 10:32 AM

That's an improvement, at least! :)

AHAH!

C:\Windows\System32\en-US\winresume.exe.mui GabhanXPS\Gabhan:(F)

C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4\winresume.exe.mui GabhanXPS\Gabhan:(RX)
BUILTIN\Administrators:(F)

Both files are missing permissions for TrustedInstaller - and others.

Run the following commands

ICACLS C:\Windows\System32\en-US\winresume.exe.mui /grant TrustedInstaller:(F)
ICACLS C:\Windows\System32\en-US\winresume.exe.mui /grant SYSTEM:(RX)
ICACLS C:\Windows\System32\en-US\winresume.exe.mui /grant Users:(RX)
ICACLS C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4\winresume.exe.mui /grant TrustedInstaller:(F)
ICACLS C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4\winresume.exe.mui /grant Users:(RX)
ICACLS C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4\winresume.exe.mui /grant SYSTEM:(RX)

Then reboot and post a new MGADiag report.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, October 15, 2012 11:09 AM

Moderator

0

Sign in to vote

Setting permissions for TrustedInstaller seems to fail:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Gabhan.INPUT2K4.000>ICACLS C:\Windows\System32\en-US\winresume.exe.mui /grant TrustedInstaller:(F)
TrustedInstaller: No mapping between account names and security IDs was done.
Successfully processed 0 files; Failed processing 1 files

C:\Users\Gabhan.INPUT2K4.000>ICACLS C:\Windows\System32\en-US\winresume.exe.mui /grant SYSTEM:(RX)
processed file: C:\Windows\System32\en-US\winresume.exe.mui
Successfully processed 1 files; Failed processing 0 files

C:\Users\Gabhan.INPUT2K4.000>ICACLS C:\Windows\System32\en-US\winresume.exe.mui /grant Users:(RX)
processed file: C:\Windows\System32\en-US\winresume.exe.mui
Successfully processed 1 files; Failed processing 0 files

C:\Users\Gabhan.INPUT2K4.000>ICACLS C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.
7600.16385_en-us_766f102945576be4\winresume.exe.mui /grant TrustedInstaller:(F)
TrustedInstaller: No mapping between account names and security IDs was done.
Successfully processed 0 files; Failed processing 1 files

C:\Users\Gabhan.INPUT2K4.000>ICACLS C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.
7600.16385_en-us_766f102945576be4\winresume.exe.mui /grant Users:(RX)
processed file: C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766
f102945576be4\winresume.exe.mui
Successfully processed 1 files; Failed processing 0 files

C:\Users\Gabhan.INPUT2K4.000>ICACLS C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.
7600.16385_en-us_766f102945576be4\winresume.exe.mui /grant SYSTEM:(RX)
processed file: C:\Windows\winsxs\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766
f102945576be4\winresume.exe.mui
Successfully processed 1 files; Failed processing 0 files

Gabhan

Monday, October 15, 2012 11:23 AM
0

Sign in to vote

Never mind "NT Service\Trusted Installer" .... rebooting
Gabhan

Monday, October 15, 2012 11:26 AM
0

Sign in to vote

I keep forgetting that the TI service requires the full name, rather than just the normal short name :(

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, October 15, 2012 11:39 AM

Moderator
0

Sign in to vote

Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: 0x0
Windows Product Key: *****-*****-8BK7W-7KMG3-XBCKW
Windows Product Key Hash: 6R5gxHzb9pWT/G67BxmiOR32r+Q=
Windows Product ID: 00426-948-1154514-85373
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {D68A3897-0893-4121-A1C8-87F6EB71914A}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Gabhan.INPUT2K4.000\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{60C38416-3645-48D4-9F60-ED162F4FBA2C}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XBCKW</PKey><PID>00426-948-1154514-85373</PID><PIDType>5</PIDType><SID>S-1-5-21-3277422079-4206815381-1968672891</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Dell XPS420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="5"/><Date>20080623000000.000000+000</Date></BIOS><HWID>13F33A07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B9K </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-948-115451-00-6153-7600.0000-0062010
Installation ID: 000536475863972223055884582505656515503140949454893140
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XBCKW
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 15/10/2012 12:43:43

Windows Activation Technologies-->
HrOffline: N/A
HrOnline: N/A
HealthStatus: N/A
Event Time Stamp: N/A
WAT Activex: Registered
WAT Admin Service: Registered

HWID Data-->
HWID Hash Current: MgAAAAMAAAABAAEAAgABAAAAAgABAAEAeqiK2Zu6mCT+AHYKHPzJHiw2AHmv8l5lRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B9K
FACP DELL B9K
HPET DELL B9K
BOOT DELL B9K
MCFG DELL B9K
SSDT DELL st_ex
DUMY DELL B9K
SLIC DELL B9K
SSDT DELL st_ex
SSDT DELL st_ex
SSDT DELL st_ex

Gabhan

Monday, October 15, 2012 11:47 AM
0

Sign in to vote

So far, so good :)

That's got rid of the c0000022 error.

Now try validating at www.microsoft.com/genuine/validate and let's see what happens.

Once done, reboot, and post another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, October 15, 2012 12:03 PM

Moderator
0

Sign in to vote

(Oh - you're back to using an old copy of MGADiag again - please make sure you use the new one!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, October 15, 2012 12:11 PM

Moderator
0

Sign in to vote

OOps = never realised there was two different versions:

Validation brings me to the 'Download Security Essentials' page - but it always did that (see earlier in the thread).

Rebooted and this is the report:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-8BK7W-7KMG3-XBCKW
Windows Product Key Hash: 6R5gxHzb9pWT/G67BxmiOR32r+Q=
Windows Product ID: 00426-948-1154514-85373
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {60C38416-3645-48D4-9F60-ED162F4FBA2C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Gabhan.INPUT2K4.000\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{60C38416-3645-48D4-9F60-ED162F4FBA2C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XBCKW</PKey><PID>00426-948-1154514-85373</PID><PIDType>5</PIDType><SID>S-1-5-21-3277422079-4206815381-1968672891</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Dell XPS420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="5"/><Date>20080623000000.000000+000</Date></BIOS><HWID>13F33A07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B9K </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-948-115451-00-6153-7600.0000-0062010
Installation ID: 000536475863972223055884582505656515503140949454893140
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XBCKW
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 15/10/2012 13:16:26

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:15:2012 13:10
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MgAAAAMAAAABAAEAAgABAAAAAgABAAEAeqiK2Zu6mCT+AHYKHPzJHiw2AHmv8l5lRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B9K
FACP DELL B9K
HPET DELL B9K
BOOT DELL B9K
MCFG DELL B9K
SSDT DELL st_ex
DUMY DELL B9K
SLIC DELL B9K
SSDT DELL st_ex
SSDT DELL st_ex
SSDT DELL st_ex

Gabhan

Monday, October 15, 2012 12:17 PM
0

Sign in to vote

Well, as far as MGADiag is concerned, you don't have a problem any more :)

Your system is validating properly, and appears to be holding the validation status properly, the Software Protection Service is now running properly, and there are no longer any errors in the report that I can see.

Are you still seeing a non-genuine notification?? - or is it just the black desktop? If the latter, simply change the background to whatever you like.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, October 15, 2012 12:39 PM

Moderator
0

Sign in to vote

Will be using the PC for the afternoon. If there are any non-genuine notifications I will report back. Fingers crossed.

If all is well I'll report in the morning.

Many thanks...
Gabhan

Monday, October 15, 2012 12:53 PM
0

Sign in to vote

<crosses fingers>
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, October 15, 2012 1:16 PM

Moderator
0

Sign in to vote

Still not quite right :(

Haven't rebooted since my last message, and running MGADiag now gives the following output:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-8BK7W-7KMG3-XBCKW
Windows Product Key Hash: 6R5gxHzb9pWT/G67BxmiOR32r+Q=
Windows Product ID: 00426-948-1154514-85373
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {60C38416-3645-48D4-9F60-ED162F4FBA2C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Gabhan.INPUT2K4.000\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{60C38416-3645-48D4-9F60-ED162F4FBA2C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XBCKW</PKey><PID>00426-948-1154514-85373</PID><PIDType>5</PIDType><SID>S-1-5-21-3277422079-4206815381-1968672891</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Dell XPS420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="5"/><Date>20080623000000.000000+000</Date></BIOS><HWID>13F33A07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B9K </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
Error: 0x80070426

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc

HWID Data-->
HWID Hash Current: MgAAAAMAAAABAAEAAgABAAAAAgABAAEAeqiK2Zu6mCT+AHYKHPzJHiw2AHmv8l5lRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B9K
FACP DELL B9K
HPET DELL B9K
BOOT DELL B9K
MCFG DELL B9K
SSDT DELL st_ex
DUMY DELL B9K
SLIC DELL B9K
SSDT DELL st_ex
SSDT DELL st_ex
SSDT DELL st_ex

Gabhan

Tuesday, October 16, 2012 9:36 AM
0

Sign in to vote

Aw, Shoot!

This could be because of a boot to 'Last Known Good Configuration' :(

Please reboot, and see what happens, then....

post the Applidcations and System Event logs - upload to your Skydrive

Please run the following commands, and post the results.

REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S
REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC

REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC

They may show something

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, October 16, 2012 9:57 AM

Moderator
0

Sign in to vote

Ran sfc /scannow (which completed this time) and it says it repaired some files. Rebooted and uploaded the Application, System and CBS logs to my public skydrive (IT Folder)

Registry results below:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Gabhan.INPUT2K4.000>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
DisplayName REG_SZ Security Processor Loader Driver
ErrorControl REG_DWORD 0x3
Start REG_DWORD 0x0
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
0 REG_SZ Root\LEGACY_SPLDR\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

C:\Users\Gabhan.INPUT2K4.000>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
Service REG_SZ spldr
Legacy REG_DWORD 0x1
ConfigFlags REG_DWORD 0x400
Class REG_SZ LegacyDriver
ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}
DeviceDesc REG_SZ Security Processor Loader Driver
Capabilities REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control
ActiveService REG_SZ spldr

C:\Users\Gabhan.INPUT2K4.000>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC
ERROR: The system was unable to find the specified registry key or value.

C:\Users\Gabhan.INPUT2K4.000>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC
ERROR: The system was unable to find the specified registry key or value.

C:\Users\Gabhan.INPUT2K4.000>
Gabhan

Tuesday, October 16, 2012 10:46 AM
0

Sign in to vote

Re-ran the MGADiag again just for completeness sake:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-8BK7W-7KMG3-XBCKW
Windows Product Key Hash: 6R5gxHzb9pWT/G67BxmiOR32r+Q=
Windows Product ID: 00426-948-1154514-85373
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {60C38416-3645-48D4-9F60-ED162F4FBA2C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Gabhan.INPUT2K4.000\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{60C38416-3645-48D4-9F60-ED162F4FBA2C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XBCKW</PKey><PID>00426-948-1154514-85373</PID><PIDType>5</PIDType><SID>S-1-5-21-3277422079-4206815381-1968672891</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Dell XPS420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="5"/><Date>20080623000000.000000+000</Date></BIOS><HWID>13F33A07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B9K </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-948-115451-00-6153-7600.0000-0062010
Installation ID: 000536475863972223055884582505656515503140949454893140
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XBCKW
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 16/10/2012 11:47:17

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MgAAAAMAAAABAAEAAgABAAAAAgABAAEAeqiK2Zu6mCT+AHYKHPzJHiw2AHmv8l5lRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B9K
FACP DELL B9K
HPET DELL B9K
BOOT DELL B9K
MCFG DELL B9K
SSDT DELL st_ex
DUMY DELL B9K
SLIC DELL B9K
SSDT DELL st_ex
SSDT DELL st_ex
SSDT DELL st_ex

Gabhan

Tuesday, October 16, 2012 10:47 AM
0

Sign in to vote

That's showing genuine again :)

please go to validation, and see what it has to say this time - www.microsoft.com/genuine/validate

something appears to be clearing the status from the report area...

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, October 16, 2012 10:57 AM

Moderator
0

Sign in to vote

Ran sfc /scannow (which completed this time) and it says it repaired some files. Rebooted and uploaded the Application, System and CBS logs to my public skydrive (IT Folder)

Gabhan

I can't find a link anywhere to your Skydrive? can you post one, please
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, October 16, 2012 11:01 AM

Moderator
0

Sign in to vote

Validation web page validates, and brings me to the 'Because Windows installed on your PC is genuine, enjoy the security, reliability and protection it provides.' page.

Skydrive here:

https://skydrive.live.com/redir?resid=2FFFC62936C66D2D!184

Gabhan

Tuesday, October 16, 2012 11:09 AM
0

Sign in to vote

My guess, is that something is causing the memory management to degrade over time, and that this is causing the Software Protection Service to fail to start later, which is causing the 'Non-Genuine' warning. But the strange thing is, there are no processes consuming large amounts of memory at the time when the 'Not enough storage is available to process the command' type messages appear. And closing down all running applications does seem to free up memory, but doesn't resolve the 'Not enough storage' messages. The only thing I can do at that point is to reboot....

For instance, I can start and stop the Software Protection service without a problem now. But in an hour or so, I will not be able to (even if I leave the machine idle). And at some point shortly after that I'll get the 'non-genuine' messages, and I'll have to reboot.
Gabhan

Tuesday, October 16, 2012 11:17 AM
0

Sign in to vote

Hmm - Winlogon threw a fault at 16:15 yesterday EventID 4005 but I can't find a corresponding System event at the same time to be able to diagnose it. :(

http://technet.microsoft.com/en-us/library/547cec52-e38e-47a1-b0a3-b28edcea5d2f.aspx applies here.

the problem appears to be the service is failing to start with a 0xD000009A error.

This appears to be an 'Insufficient resources' message - see the associated EventID 7023 entries in the System log

There are a large number of Warning flags on the e1express Source, which appears to be an Intel Gigabit Ethernet driver? perhaps a driver update/refresh would be a good idea?

There are also problems with other services/drivers:-

Akamai NetSession Interface

Cisco IPSec driver

DNE

WUDFRd

vnccom

vncdrv

SBRE

Let's see what we can see for them all -I only have a couple of them on my systems (WUDFrd/SBRE)

you could search the registry for the related Keys - mostly in the

HKLM\System\CurrentControlSet\Services

and

HKLM\System\CurrentControlSet\Enum\Root (as LEGACY_xxxx subkeys)

keys, I suspect

If you export them as .reg files, the results are going to be too long for here, so if you paste them into a Notepad file and upload them, I'll take a looksee.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, October 16, 2012 12:00 PM

Moderator
0

Sign in to vote

Had a look at the CBS.log file, and it's a little confusing, as it says it's unable to repair two files (winload.exe and winresume.exe), and then says that id did after all repair them!

Another SFC may be a good idea, and we can then see whether it did after all repair the errors.

If not, then perhaps a CheckSUR run would be a good idea (it may be a good idea anyhow!) -

Please run the CheckSUR tool from http://support.microsoft.com/kb/947821

(you'll need to look in the details for Method 2)

Then zip the CheckSUR.log and upload it to your public SkyDrive so I can take a look - post
a link in your reply.

The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on
how much it has to do, and may exit silently - it may appear to freeze for most
of that time, but be patient.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, October 16, 2012 12:08 PM

Moderator
0

Sign in to vote

I updated the network card driver a few days ago as I was having trouble with my network connection. I wasn't sure whether this was related to the problems I was having (or even the cause). Installing the Windows Update one wouldn't work at all (driver failed to start type messages), so I installed the Intel one from their website and I haven't noticed a problem in the last couple of days.

I'm not sure where the Akamai NetSession Interface came from - tempted to just uninstall it as I don't recognise it. Sound like a good idea?

The Cisco IPSec driver was uninstalled a number of months ago - and as far as I was aware it was gone. Should I google for a cleanup tool?

The others I do not recognise at all. I'll export the reg keys I can find and upload them.

Gabhan

Tuesday, October 16, 2012 12:20 PM
0

Sign in to vote

Is this an add-on Ethernet card, or a built-in one?

If the latter, you'll be better off going to the Dell site and downloading the latest one from their download pages (using your ServiceTag to ensure full compliance) Dell have a nasty habit of customizing hardware/firmware so that the default drivers don't work properly.

Akamai NetSession - http://www.akamai.com/html/misc/akamai_client/netsession_interface_faq.html

Cisco - I've always tried to steer clear:) - it may just be a case of removing the appropriate registry entry, so we'll see when we get the output.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, October 16, 2012 12:49 PM

Moderator
0

Sign in to vote
Uninstalled Akamai NetSession Interface - Rebooted - ran sfc /scannow - updated CBS.log file on Skydrive

Going to run the CheckSUR tool now

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Gabhan.INPUT2K4.000>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Users\Gabhan.INPUT2K4.000>

Gabhan
- Edited by Gabhans Tuesday, October 16, 2012 1:02 PM
Tuesday, October 16, 2012 1:01 PM
0

Sign in to vote

It's a built in Ethernet card, but Dell haven't updated the driver on their website since 2007. Windows Update had done a few updates since then, but the most recent update caused my network card not to function - hence the installation of the Intel one.
Gabhan

Tuesday, October 16, 2012 1:10 PM
0

Sign in to vote
From what I can make out, these should be the 'proper' drivers?

http://downloadcenter.intel.com/detail_desc.aspx?agr=Y&DwnldID=18713

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Tuesday, October 16, 2012 1:23 PM forgot link!
Tuesday, October 16, 2012 1:23 PM

Moderator
0

Sign in to vote
CheckSUR log file uploaded to skydrive

As many reg keys as I can find uploaded to skydrive.

Can find no mention of vncdrv anywhere in the registry (except as part of VNCCOM)

I've also updated the Application and System logs on the skydrive.

Would it be an idea to uninstall the intel ethernet driver, reinstall the dell one from 2007, then let windows update do it's thing again?

Gabhan
- Edited by Gabhans Tuesday, October 16, 2012 1:39 PM
Tuesday, October 16, 2012 1:33 PM
0

Sign in to vote

These are the drivers I have installed already. I have the same installer with the same date/byte size on my hard disc already.
Gabhan

Tuesday, October 16, 2012 1:46 PM
0

Sign in to vote

Whilst there may be a winlogon service failure in the system event log, it's not quite the same as the technet article suggests, because the PC will boot fine, and the service will start and run for a number of hours. However, at some point there will be a system resource problem which will prevent the service from running (seemingly unrelated to ram / memory usage - looking at the resource monitor reveals no resource problems that I can see). So whilst the symptoms may be the same, the cause would seem to be very different in that the service does function prefectly normally for a number of hours before becoming unresponsive.
Gabhan

Tuesday, October 16, 2012 1:53 PM
0

Sign in to vote

My usual method of dealing with the Intel PROset type drivers is to uninstall the related software from Programs&Features - it's totally unnecessary as a rule.

If the base drivers still misbehave (or get uninstalled at the same time), you can force a refresh by extracting the installer without installation (use WinRAR or similar), and then going into Device Manager, and updating from there, pointing at the extracted files.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, October 16, 2012 1:54 PM

Moderator
0

Sign in to vote

Should I go ahead and do this with the network drivers, or can you tell anything from the new\updated log files and reg keys on the skydrive?
Gabhan

Tuesday, October 16, 2012 2:06 PM
0

Sign in to vote

Should I go ahead and do this with the network drivers, or can you tell anything from the new\updated log files and reg keys on the skydrive?

Gabhan

SFC and CheckSUR are clear now :)

It'll take me a while to work out what the reg files mean, and the implications - you may as well try the Intel thing and see if it improves things at all.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, October 16, 2012 2:16 PM

Moderator
0

Sign in to vote

I'd agree with that analysis :)

OK - I've had a look at the files, and while I don't understand a lot of it, I think there are some safe actions we can take.

First create a System Restore point so we have a fallback!

Please delete the following two registry keys.... (you can always reinstate them individually from the .reg files if something falls over :) )

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vnccom

HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE

HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Systems

The SBRE problem is not so easy - there is nothing apparently amiss with the registry Key, as presented, but something is obviously failing.

One solution is to simply delete the Key and see what (if anything) falls over - it's not present in a default Windows install, and I've seen references to it in association with Ad-Adaware, and Vipre (as 'remaindered' registry entries after uninstalling the product).

run DIR C:\Windows\SBRE.sys /S and see if anything is found - if not, delete the following Key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBRE

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, October 16, 2012 4:49 PM

Moderator
0

Sign in to vote

OK - I've removed the Intel Software from Add/Remove programs and re-installed just the driver.

I've removed all the registry keys you mention above and have rebooted - no errors on reboot so no negative affects from that.

I've updated the application and system logs on the skydrive.

Is there anything else I should run?
Gabhan

Tuesday, October 16, 2012 5:58 PM
0

Sign in to vote

Nope - just use the system for a while and see if we've reduced the resource problems.

Post another set of Event logs tomorrow sometime and we'll see whether it's made much difference
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, October 16, 2012 6:40 PM

Moderator
0

Sign in to vote

Checked MGADiag last night and all looked OK. Checking it this morning and it's back to giving me the 0x8004FE21 error. (system NOT rebooted in between)

I've posted another set of Application and System event logs to the skydrive.

This is the current MGADiag output. But it would be a safe bet that a reboot would fix this temporarily.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-8BK7W-7KMG3-XBCKW
Windows Product Key Hash: 6R5gxHzb9pWT/G67BxmiOR32r+Q=
Windows Product ID: 00426-948-1154514-85373
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {20FF9098-2B43-4DF0-9507-066E4AD5EF30}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Gabhan.INPUT2K4.000\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7E09BE2B-874F-42BB-A1A8-F5D81A8002DC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XBCKW</PKey><PID>00426-948-1154514-85373</PID><PIDType>5</PIDType><SID>S-1-5-21-3277422079-4206815381-1968672891</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Dell XPS420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="5"/><Date>20080623000000.000000+000</Date></BIOS><HWID>13F33A07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B9K </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
Error: 0x80070426

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 10:16:2012 16:34
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc

HWID Data-->
HWID Hash Current: MgAAAAMAAAABAAEAAgABAAAAAgABAAEAeqiK2Zu6mCT+AHYKHPzJHiw2AHmv8l5lRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B9K
FACP DELL B9K
HPET DELL B9K
BOOT DELL B9K
MCFG DELL B9K
SSDT DELL st_ex
DUMY DELL B9K
SLIC DELL B9K
SSDT DELL st_ex
SSDT DELL st_ex
SSDT DELL st_ex

Gabhan

Wednesday, October 17, 2012 8:27 AM
0

Sign in to vote

I noticed the e1express errors in the system event log. This seems to be related to the network card. It would seem that the 'Allow the computer to turn off this device to save power' was selected, so I have disabled that. Will not reboot until I need to, in the hope something else will be thrown up in the logs.
Gabhan

Wednesday, October 17, 2012 8:32 AM
0

Sign in to vote

There are three service errors at 18:29+ last night - involving the IPBusEnum and umrdpservice Services.

Then there are no errors in the System Event log until 09:19 when the Software Protection Service ran out of resources (except for the e1express errors)

The Applications log, OTOH has a number of problems...

Unhandled Exception in ASP .NET 2.0.... - EventID1309 - multiple entries 21:40 - 23:06

Winlogon crashed - EventID 4005 - 19:26, 02:05

SidebySide errors - EventID 63 start at 06:08 last one at 07:21

The SideBySide errors are interesting -

Activation context generation failed for "C:\Program Files\Common Files\March Hare Software Ltd\sqlite3.dll".Error in manifest or policy file "C:\Program Files\Common Files\March Hare Software Ltd\sqlite3.dll" on line 3. The value "3.3.6" of attribute "version" in element "assemblyIdentity" is invalid

Activation context generation failed for "c:\Program Files\dtSearch\bin64\dtIndexer64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

I have to admit here that I have no idea how to track them :)

The only commonality I can see in the System log for the SxS errors is that Defrag was running both times (and stopped in between)

The last successful license check was at 23:27 -
At exactly midnight what appears to have been a scheduled task raised an MSSQLSERVER entry - ID 17177
At 01:00:21 a slew of entries ID 17137 was created over a period of just under a minute

This presumably is from a Scheduled task?? - it my be worth disabling that task tonight, if possible, since the first entry after it in the Apps log is the Winlogon crash an hour later.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, October 17, 2012 9:40 AM

Moderator
0

Sign in to vote
OK - I've gone back to the 2007 network card driver from Dell instead of the Intel one. Just to see if that clears the e1express errors in the system log.

SQLite3.dll is used by my Version Control system (SVN) so those errors may be related to file check-in or check-outs I was doing at that time (if it was earlier in the evening)

I had previously disabled Windows Search and indexing as I see no value whatsoever in it - so I'm surprised there are errors relating to it - isn't dtIndexer64.exe relating to the 64bit version of Windows Search?

There are a few tasks scheduled for midnight:

Adobe Flash Player update - deleted. I'll manually update it
SR - seems to be a windows task?
ProgramDataUpdater - scheduled for 00:30 - again this seems to be a windows task?

I cannot see any MSSQL Scheduled tasks or jobs scheduled for midnight. Is there somewhere I might find a list?
Gabhan
Wednesday, October 17, 2012 9:53 AM
0

Sign in to vote

Never having used SQL Server I couldn't say - but I would imagine it's in the Task Scheduler somewhere :)

Most Windows tasks run at semi-random times to prevent clashes - it may be worth rescheduling SR to a slightly different time - say 00:20 and we may be able to see something - you could also enable the History log (it's not supposed to start until the system has been fallow for 10 minutes anyhow)

I don't have a ProgramDataUpdater shcedule - what's the executable/action?

Surprised that the Flash updater is set for exactly midnght - mine appears to be semi-random, and runs hourly(!!) at 29 minutes past the hour (now reset to run only for 12 hours a week, rather than 24 hours a day!!)

I think the dtSearch\bin64\dtIndexer64.exe is more likely to be from http://www.dtsearch.com/ - check the properties of the executable and see. (it certainly doesn't exist on any of my installs).

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, October 17, 2012 10:16 AM

Moderator
0

Sign in to vote

OK - I found dtSearch on my PC and removed it. Installing the older Dell network card driver certainly seemed to have an impact. System log is much cleaner, and I used the system quite heavily for about 4 hours this morning without any issues. Problem is, on reboot the newer driver had re-enabled itself. How can I clean out the drivers so only the Dell one gets used - not the Intel or Microsoft ones that are listed as compatible, and seem to install automatically on reboot?
Gabhan

Wednesday, October 17, 2012 12:30 PM
0

Sign in to vote

To be honest, it's not a problem I've ever had with Win7, so I'm not abolutely certain!

I'll do some research and get back (or ask someone I know!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, October 17, 2012 2:31 PM

Moderator
0

Sign in to vote

There's a PROUnstl.exe utility in the driver download - if you've extracted that, you should find it easily enough (there seems to be one in each of the subfolders - whether it's the same or different i haven't checked)

Run it as Admin, and see if that clears the later drivers.

You may want try running it in Safe Mode, if it doesn't remove the newer drivers in normal mode.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, October 17, 2012 4:33 PM

Moderator
0

Sign in to vote

Thanks. I've actually disabled the on-board card and installed an old external card I had lying around. It seems to be working without an issue.

So I'm back to the original problem of Non-Genuine popups. Going to clean out the logs and do a fresh boot. Will upload the log files and go through them myself with a fine tooth comb. Something is still causing an issue even after clearing out all the issues dealt with above.
Gabhan

Thursday, October 18, 2012 8:45 AM
0

Sign in to vote

The logs should be interesting, then - there's a good chance that disabling the onboard NIC would force a re-activation anyhow, and it'll be interesting to see the Security-SPP and related events around that time (can you remember what time you did that?)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Thursday, October 18, 2012 9:04 AM

Moderator
0

Sign in to vote

Hi - latest updates - with much less to look at in the System log, I attacked a driver failure issue by using verifier. This yielded a Blue Screen of Death on reboot. An analysis of the dump files showed an aspi32.sys driver from 2002 failing. Used autoruns to disable it, and a few other drivers that were no longer required on my system. This cleared the verifier issue, and some more issues in the System log. I've uploaded the log files to the sky drive, but I'm going to monitor this myself for a few days. I have a better feeling after clearing the old drivers.. :)
Gabhan

Thursday, October 18, 2012 8:10 PM
0

Sign in to vote
I'lk get to it tomorrow - It's been Pool match night :)

What on earth was an aspi32.sys driver doing on the system?? - especially one from 2002?

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Thursday, October 18, 2012 8:35 PM
Thursday, October 18, 2012 8:35 PM

Moderator
0

Sign in to vote
This machine had an Adaptec SCSI card (for a high-speed document scanner), and apparently their old drivers used to install aspi32.sys !!! It's been on the system for a long time, but obviously some other driver update recently has decided to take exception to it :(

Gabhan
- Edited by Gabhans Thursday, October 18, 2012 8:47 PM
Thursday, October 18, 2012 8:46 PM
0

Sign in to vote

Many(..MANY) moons ago, I had a SCSI scanner (Win98, IIRC?) but I'd actually bought the computer with a SCSI CD Drive anyhow (a Gateway 2000 P75 full tower - cost a fortune!). The case alone weighed about 12 lbs :)

I eventually realised it was the cause of more problems than it solved, and replaced the CD drive and removed the card - for various reasons I had to reformat/reinstall soon after.

If your machine has been through the upgrade to Win7 since that driver was installed and the hardware removed, I'm not surprised that it's causing problems, merely that it's taken so long to surface.

(G'Night!)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Thursday, October 18, 2012 9:38 PM

Moderator
0

Sign in to vote

OK - another 'Non-Genuine' popup this evening. I was actually convinced I'd solved it :(

Uploaded a pre Non-Genuine and post Non-Genuine set of logs dated 18th October. I'm going to try running the machine for the night/morning without SQL Server running. It'll be pretty difficult for me to work without it, but I have to get to the bottom of this.
Gabhan

Thursday, October 18, 2012 11:55 PM
0

Sign in to vote

Machine has been up for over 8 hours and no resource issues (with SQL Server service stopped). So either SQL Server is the cause of the problem, or it accelerates it. Going to try to leave it disabled for as long as possible.
Gabhan

Friday, October 19, 2012 8:04 AM
0

Sign in to vote

SQL Server problems are well out of my experience!.

You may want to try post in the MSDN SQL forums to see if anyone has any experience in this type of problem there.

http://social.msdn.microsoft.com/Forums/en/category/sqlserver/

probably the best tway to be to summarise, and include a link back to this thread - if you post a link here, I can keep an eye on it, and interfere/interject if I think it's going off-track :)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Friday, October 19, 2012 9:30 AM

Moderator
0

Sign in to vote
Thanks for all your help. From reading about SQL Server and resource issues, I've made a few tweaks (Took databases not in use offline - used BCDEdit to increase Virtual Address Space in Windows - removed unnecessary SQL Agent jobs) and my machine has been happily running all day without a 'Non-Genuine' popup. Using Process Explorer, I was able to see that the Virtual Size of the SqlServer process was 2.9GB. So it looks like SQL Server may have been the root of the problem all along. But I feel that I have a much cleaner machine at the end of it. Again, many thanks for all your efforts - I learned a lot!
Gabhan
- Marked as answer by Gabhans Friday, October 19, 2012 4:23 PM
Friday, October 19, 2012 4:23 PM
0

Sign in to vote

Again, many thanks for all your efforts - I learned a lot!

Gabhan

That makes two of us :)

Thanks for bearing with me as I groped around for a 'solution'

I hope your system continues to behave properly - good luck!

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Friday, October 19, 2012 9:42 PM

Moderator

Answered by:

Windows 7 Ultimate - Installed for a number of years - now not genuine

Question

Answers

All replies