none
Build 6002 - Not Genuine, No COA

    Question

  • Hello!  

    I have had my laptop since January of 2009.  

    Recently, I have been receiving the error that my copy of Windows Vista is not valid.  I have tried to recreate the licensing store through \system 32, which I saw on other forums, however, when I get to the last step it says 'permission denied'.  I have an OEM product key.  Unfortunately, the sticker from the bottom of my of my computer that would have the COA product key has long since worn off so I am unable to obtain that key.  

    I have included my diagnostics below.  Thank you in advance for your help!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
    Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
    Windows Product ID: 
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.120824-0336
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-3969566641-39007500-1738613080</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.90</Version><SMBIOSVersion major="2" minor="4"/><Date>20090604000000.000000+000</Date></BIOS><HWID>CF333507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NAAAAAEAAgABAAIAAQABAAAAAwABAAEAeqgETNqPRm56fxzqJPbGUfL09kx86CblrFYqhQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC TOSINV TOSINV00
      FACP TOSINV TOSINV00
      HPET TOSINV TOSINV00
      BOOT TOSINV TOSINV00
      MCFG TOSINV TOSINV00
      ASF! TOSINV TOSINV00
      SLIC TOSINV TOSINV00
      SSDT PmRef CpuPm



    • Edited by elissa87 Saturday, December 8, 2012 8:50 PM
    Saturday, December 8, 2012 12:20 AM

Answers

All replies

  •  

    Recreate the Licensing Store with the correct data.

     

    1) Open an Internet Browser window.

    2) Type: %windir%\system32 into the browser address bar.

    3) Find the file CMD.exe

    4) Right-Click on CMD.exe and select 'Run as Administrator'

    5) Type: net stop slsvc (it may ask you if you are sure, select yes)

    6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing

    7) Type: rename tokens.dat tokens.bar

    8) Type: cd %windir%\system32

    9) Type: net start slsvc

    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)

    11) Restart your computer twice. 

     

    You may be asked to enter your COA Key and/or Activate. – if asked for the Key, use the one on your COA sticker on the machine’s case (you may need to activate by telephone).   ( In your case, you'll be unable to do this - cancel out at this point)

     

    Once complete, run another MGADiag report and post back with the results.     

    If that doesn't work, then we'll have to start digging into the system.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 8, 2012 8:09 AM
    Moderator
  • Hello Noel!

    Thank you for your reply.  

    I have already tried to recreate the Licensing Store, but I have it another go for good measure. Yesterday, after completing the 'cscript' command, it would say 'permission denied'.  However, today after typing this same command, I received a pop-up alert stating that 'an unauthorized change was made to windows and it must be reinstalled' using a CD or DVD.  ?!?! My computer came pre-loaded with windows, so I do not have a windows cd or dvd.  Also, my COA sticker from the bottom of my computer has long since work off so I cannot get that license number.  

    Thanks!

    Saturday, December 8, 2012 1:38 PM
  • The changing error may actually be a good sign

    Please post a new MGADiag so we can see if anything has changed.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 8, 2012 2:36 PM
    Moderator
  • Command prompt finally worked....until it asked for the license, of course, since it won't take the only license number I have.

    Here's the MGADiag.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
    Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
    Windows Product ID: 
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.120824-0336
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-3969566641-39007500-1738613080</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.90</Version><SMBIOSVersion major="2" minor="4"/><Date>20090604000000.000000+000</Date></BIOS><HWID>CF333507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NAAAAAEAAgABAAIAAQABAAAAAwABAAEAeqgETNqPRm56fxzqJPbGUfL09kx86CblrFYqhQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC TOSINV TOSINV00
      FACP TOSINV TOSINV00
      HPET TOSINV TOSINV00
      BOOT TOSINV TOSINV00
      MCFG TOSINV TOSINV00
      ASF! TOSINV TOSINV00
      SLIC TOSINV TOSINV00
      SSDT PmRef CpuPm


    • Edited by elissa87 Saturday, December 8, 2012 8:51 PM removing product key
    Saturday, December 8, 2012 4:52 PM
  • No change :(

    Please download the Farbar Service Scanner (FSS.exe) from

     

    http://www.bleepingcomputer.com/download/farbar-service-scanner/

     

    Run it, and tick all the options, then click on the Scan button - copy and paste the report to your response.

     

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 8, 2012 4:59 PM
    Moderator
  • Hello again! 

    Farbar Service Scanner Version: 07-12-2012
    Ran by Elissa (administrator) on 08-12-2012 at 14:36:11
    Running from "C:\Users\Elissa\Desktop"
    Windows Vista (TM) Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    IE proxy is enabled.
    ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110


    Windows Firewall:
    =============

    Firewall Disabled Policy: 
    ==================


    System Restore:
    ============

    System Restore Disabled Policy: 
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy: 
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy: 
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2012-10-09 20:31] - [2012-06-01 19:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\ipnathlp.dll => MD5 is legit
    C:\Windows\system32\iphlpsvc.dll
    [2010-04-14 21:42] - [2010-02-18 08:30] - 0200704 ____A (Microsoft Corporation) 1998BD97F950680BB55F55A7244679C2

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    Saturday, December 8, 2012 7:37 PM
  • None of the obvious services are faulting, then.

     

    Please download http://kb.eset-la.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and save it to your desktop.

    Double-click ServicesRepair.exe

    If security notifications appear, click

    Continue or Run and then click Yes when asked if you want to proceed.

    Once the tool has finished, you will be prompted to restart your computer.

    Click Yes to restart.

    Then run another MGADiag report, and post that together with any results from the tool


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 8, 2012 8:32 PM
    Moderator
  • The Services Repair tool did not give me anything to copy.

    Here is the MGADiag (I've realized that it includes my OEM product key, so I've deleted that).

    Thanks again for all of your help!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
    Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
    Windows Product ID: 
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.120824-0336
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-3969566641-39007500-1738613080</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.90</Version><SMBIOSVersion major="2" minor="4"/><Date>20090604000000.000000+000</Date></BIOS><HWID>CF333507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NAAAAAEAAgABAAIAAQABAAAAAwABAAEAeqgETNqPRm56fxzqJPbGUfL09kx86CblrFYqhQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC TOSINV TOSINV00
      FACP TOSINV TOSINV00
      HPET TOSINV TOSINV00
      BOOT TOSINV TOSINV00
      MCFG TOSINV TOSINV00
      ASF! TOSINV TOSINV00
      SLIC TOSINV TOSINV00
      SSDT PmRef CpuPm


    • Edited by elissa87 Saturday, December 8, 2012 8:53 PM
    Saturday, December 8, 2012 8:52 PM
  • You share that Key with a few hundreds of thousand of others - everyone who purchased a Toshiba with Vista Home Premium installed.

    The MGADiag tool obscures enough of even a personal Key to make it practically impossible to duplicate the full Key.

    Please run a full CHKDSK and SFC scan....

     

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    CHKDSK C: /R

     

    and hit the Enter key.

    You will be told that the drive is locked,

    and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

     

    The CHKDSK will take a few hours depending on the size of the drive, so be patient!

     

    After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) -

    then run the SFC.

     

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

    At the Command prompt, type

     

    SFC /SCANNOW

     

    and hit the Enter key

     

    Wait for the scan to finish - make a note of any error messages - and then reboot.

     

     

    Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive (http://skydrive.live.com ) and post a link to it so that I can take a look.

     

    Post a new MGADiag report with details of any error messages encountered.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 8, 2012 9:13 PM
    Moderator
  • Here we are.  I am not allowed to post direct links in the forums yet since my account is new so we'll just have to go with the old fashioned copy and past!  I've also provided a link for a screen shot of my SFC Scan results.  It said there were corrupt files but could not correct some of them.

    SFC Scan Results:

    https://skydrive.live.com/redir?resid=D8435A1C122BD752!112&authkey=!AHIj5UBqCqnI5sQ

    CBS Log:

    https://skydrive.live.com/redir?resid=D8435A1C122BD752!113&authkey=!AMjkKlneJAAfO5Y


    Thanks!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
    Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
    Windows Product ID: 89578-OEM-7332157-00237
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.120824-0336
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-3969566641-39007500-1738613080</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.90</Version><SMBIOSVersion major="2" minor="4"/><Date>20090604000000.000000+000</Date></BIOS><HWID>CF333507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NAAAAAEAAgABAAIAAQABAAAAAwABAAEAeqgETNqPRm56fxzqJPbGUfL09kx86CblrFYqhQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC TOSINV TOSINV00
      FACP TOSINV TOSINV00
      HPET TOSINV TOSINV00
      BOOT TOSINV TOSINV00
      MCFG TOSINV TOSINV00
      ASF! TOSINV TOSINV00
      SLIC TOSINV TOSINV00
      SSDT PmRef CpuPm

    Sunday, December 9, 2012 12:02 AM
  • That scan did find a couple of errors - really very minor ones.

    2012-12-08 18:44:44, Info                  CSI    000001d6 [SR] Beginning Verify and Repair transaction
    2012-12-08 18:44:44, Info                  CSI    000001d7 Hashes for file member \SystemRoot\WinSxS\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_d0c824c923c9e622\settings.ini do not match actual file [l:24{12}]"settings.ini" :
      Found: {l:32 b:ntPb8a3owMmbzl2TXFHogrOTUqnXgzASIdBVmJptaGE=} Expected: {l:32 b:v6OQf2AJO5FVbRBJuIwXxkdkCoOaSk3y0ol6uTH491o=}
    2012-12-08 18:44:44, Info                  CSI    000001d8 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2012-12-08 18:44:44, Info                  CSI    000001d9 Hashes for file member \SystemRoot\WinSxS\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_d0c824c923c9e622\settings.ini do not match actual file [l:24{12}]"settings.ini" :
      Found: {l:32 b:ntPb8a3owMmbzl2TXFHogrOTUqnXgzASIdBVmJptaGE=} Expected: {l:32 b:v6OQf2AJO5FVbRBJuIwXxkdkCoOaSk3y0ol6uTH491o=}
    2012-12-08 18:44:44, Info                  CSI    000001da [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2012-12-08 18:44:44, Info                  CSI    000001db [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
    2012-12-08 18:44:44, Info                  CSI    000001dc Repair results created:

    This error is actually present in what I believe is most copies of Vista (at least it seems like it!)

     and I don't believe it's harmful.

    Having said that, we will try and fix it - tomorrow (it's gone midnight here).

    Please confirm that you are able to access the 'Repair your Computer' option from an F8 boot (same way as accessing Safe Mode)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, December 9, 2012 12:23 AM
    Moderator
  • 'Repair your Computer' available and ready to go tomorrow!
    Sunday, December 9, 2012 1:35 AM
  • Great :)

    First, please run the following command and in a Command Prompt window

    DIR C:\elissa

    Hopefully, it won't exist! If it does, please run the following command

    DIR %userprofile%\desktop\elissa

    to check that we have a clear area, and post back for fresh instructions.

    Assuming DIR C:\elissa shows 'Not found', please follow these instructions.

    I've uploaded a file - elissa.zip - to my SkyDrive at https://skydrive.live.com/#cid=936736BB8FCEB92F&id=936736BB8FCEB92F%21526
    Please download and save it.

    Right-click on the saved file and select Extract all...
    Change the target to C:\ and click on Extract
    This should create a folder
    C:\elissa

    Close all windows (it would be a good idea to print these instructions!)
    Now reboot to the Repair Environment - as soon as the machine restarts, start tapping F8 - this should bring up the Advanced Boot Menu, at the top of which should be the option 'Repair my Computer'
    Pick that
    You'll have to log in with your username and password.

    Pick the option to use a Command Prompt
    At the prompt type
    DIR C:\elissa
    hit the enter key - if you get a 'Not Found' error try
    DIR D:\elissa
    or
    DIR E:\elissa

    The drive letter in use when you find the folder will need to be substituted (for<drive>) into the following command...

    XCOPY <drive>:\elissa <drive>:\windows\winsxs /y /i /s /v /h

    run the command (it should take almost no time)and when the prompt returns, type
    EXIT
    and hit the Enter key to exit Command Prompt - reboot to Normal Mode Windows.

    Now run SFC /SCANNOW in an Elevated Command Prompt
    then reboot and upload the new CBS.log file to your SkyDrive Public folder, and post a new link

    Also run a new MGADiag report, and post the result.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, December 9, 2012 11:32 AM
    Moderator
  • Hello again!

    Here is the link to my new CBS log.  The scan didn't seem to find any errors.

    https://skydrive.live.com/redir?resid=D8435A1C122BD752!114&authkey=!AMoxxIySXGwaFNQ

    And of course, my newest and shiniest MGADiag!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
    Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
    Windows Product ID: 89578-OEM-7332157-00237
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.120824-0336
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-3969566641-39007500-1738613080</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.90</Version><SMBIOSVersion major="2" minor="4"/><Date>20090604000000.000000+000</Date></BIOS><HWID>CF333507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NAAAAAEAAgABAAIAAQABAAAAAwABAAEAeqgETNqPRm56fxzqJPbGUfL09kx86CblrFYqhQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC TOSINV TOSINV00
      FACP TOSINV TOSINV00
      HPET TOSINV TOSINV00
      BOOT TOSINV TOSINV00
      MCFG TOSINV TOSINV00
      ASF! TOSINV TOSINV00
      SLIC TOSINV TOSINV00
      SSDT PmRef CpuPm

    Sunday, December 9, 2012 2:09 PM
  • Good - the fix worked then :) - even if it didn't cure the cause of your non-genuine problem.

    Please open Event Viewer, and navigate to the Windows Logs Application log, anf right-click on it - select Save all events as...

    Save it as App.evtx

    do the same for the System log - save it as Sys.evtx.

    Then compress the two files together and upload them to your public SkyDrive, and post a new link. 


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, December 9, 2012 2:18 PM
    Moderator
  • Making progress!

    I'm not sure if it will help when looking at the logs, but I started getting the non-genuine error sometime around the middle of November, but I'm not sure exactly what date.  

    Here you go!

    https://skydrive.live.com/redir?resid=D8435A1C122BD752!115&authkey=!APyRcaWmNNX5jcw

    Thanks!

    Sunday, December 9, 2012 4:38 PM
  • This could take a while - I've never seen errors like that in teh Applicarion logs, before!

    The System Event log is comparatively normal but shows a number of errors that will need to be addressed.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, December 9, 2012 5:24 PM
    Moderator
  • Since the problem seems widespread, we need to do this in little steps and lots of reboots:)

    Please first rebuild the Performanc Monitor log database...

    Open an Elevated Command Prompt, and run the following command

    lodctr /r

    Please post the response, then reboot and upload a new Event Viewer log for Application eents only.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, December 9, 2012 5:36 PM
    Moderator
  • Response: Successfully rebuilt performance counter settings from system backup store.

    App Log:

    https://skydrive.live.com/redir?resid=D8435A1C122BD752!116&authkey=!AMbExx40UZ7UwLY

    Sunday, December 9, 2012 6:27 PM
  • That seems to have reduced the frequency of problems, at least!

    You appear to have Norton 360 installed - What other Anti-Virus products have EVER been installed on this machine?

    Has Norton been upgraded since it was first installed?


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, December 9, 2012 7:02 PM
    Moderator
  • There are signs in the System log of problems with the Intel Storage matrix drivers.

    Please download and install the following set of drivers -

    Installing the Intel Drivers

    try downloading and installing them from here -

    http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=2101&DwnldID=17412

     

     

    Once complete, please reboot twice, then post another MGADiag report. 

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, December 9, 2012 7:13 PM
    Moderator
  • Good question on the anti-virus...Before Norton I had webroot for a year or too.  I think I might have had a free version of Symantec at one point, but never used the full version. Not sure if either of these county, but I currently have Malwarebyte installed (which I have run scanned with a few times) and I also have combofix installed but have never run or used it.  

    Downloading the Intel drivers now... 

    Sunday, December 9, 2012 7:43 PM
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
    Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
    Windows Product ID: 89578-OEM-7332157-00237
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.120824-0336
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-3969566641-39007500-1738613080</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.90</Version><SMBIOSVersion major="2" minor="4"/><Date>20090604000000.000000+000</Date></BIOS><HWID>CF333507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: MgAAAAEAAQABAAIAAQABAAAAAwABAAEAeqgETNqPRm6YpCT2xlHy9PZMfOgm5axWKoU=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC TOSINV TOSINV00
      FACP TOSINV TOSINV00
      HPET TOSINV TOSINV00
      BOOT TOSINV TOSINV00
      MCFG TOSINV TOSINV00
      ASF! TOSINV TOSINV00
      SLIC TOSINV TOSINV00
      SSDT PmRef CpuPm

    Sunday, December 9, 2012 7:59 PM
  • Oh yes, and I have updated Norton, but I just checked and there is another update available.  Taking care of that now as well.
    Sunday, December 9, 2012 8:02 PM
  • Please uninstall Combofix - it should only be used under supervision and instruction by a trained specialist.

    Malwarebytes is fine - make sure  you update it before every use!

    Webroot - what exact version did you have, if you can remember? you need to use the removal toll from here to cleanup afterwadrs. http://support.webroot.com/app/answers/detail/a_id/2223

    I would recommend at least temporarily uninstalling Norton  (and running the Norton Removal Tool) and replacing it with Microsoft Security Essentials.

    Norton Removal Tool - https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

    Microsoft Security Essentials download.... http://windows.microsoft.com/en-US/windows/security-essentials-download


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, December 9, 2012 8:06 PM
    Moderator
  • Okay, I did everything except Microsoft Security Essentials would not install without a "valid windows key" so I've reinstalled Norton for now.  Sorry that took so long!  I'm simultaneously perfecting a term paper and studying for a term final exam both for tomorrow! But when I get back on the computer tomorrow afternoon, I will be done all that!
    Monday, December 10, 2012 3:35 AM
  • OK - that's fine (good luck with the exam!)

    Please post a new MGADiag report, and upload new Event logs.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, December 10, 2012 8:31 AM
    Moderator
  • Thanks!

    Here you go!

    Logs: 

    https://skydrive.live.com/redir?resid=D8435A1C122BD752!117&authkey=!AI3ggDtfc0lYFlA

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
    Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
    Windows Product ID: 89578-OEM-7332157-00237
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.120824-0336
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-3969566641-39007500-1738613080</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.90</Version><SMBIOSVersion major="2" minor="4"/><Date>20090604000000.000000+000</Date></BIOS><HWID>CF333507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: MgAAAAEAAQABAAIAAQABAAAAAwABAAEAeqgETNqPRm6YpCT2xlHy9PZMfOgm5axWKoU=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC TOSINV TOSINV00
      FACP TOSINV TOSINV00
      HPET TOSINV TOSINV00
      BOOT TOSINV TOSINV00
      MCFG TOSINV TOSINV00
      ASF! TOSINV TOSINV00
      SLIC TOSINV TOSINV00
      SSDT PmRef CpuPm

    Monday, December 10, 2012 8:29 PM
  • The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
    {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
     and APPID 
    NT AUTHORITY
     to the user SYSTEM\S-1-5-18 SID (LocalHost (Using LRPC)) from address %9. This security permission can be modified using the Component Services administrative tool.

    Beginning to be able to see the wood through the trees now :)

    At some point you would seem to have had Lavasoft AdAware installed? - there's a characteristic driver error in lbd.sys present which we can deal with later. When did you uninstall it?

    There's an odd DCOM error in there... (the code box jumped to the top - I'll eave it there).

    The HP CUE DeviceDiscovery Service hangss on startup...

    The major problem with the Apps log is the Bonjour service - not unusual.

    The root of

    0x80070057 error your Licensing problem appears to be a


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, December 11, 2012 7:20 AM
    Moderator
  • Sorry about that - forum problems again!

    That last should have been

    The root of your Licensing problem appears to be a 0x80070057 error - often caused by  firewalls, or service problems.

    Please run teh following commands in an Elevated Command Prompt, and post the results.

    NET START SLSVC

    NET START SLUINOTIFY

    NET START SPLDR


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, December 11, 2012 7:26 AM
    Moderator
  • I couldn't tell you when I had lavasoft...its been a really long time.

    The response to each of those commands was "the requested service has already been started".

    Tuesday, December 11, 2012 1:59 PM
  • Please open an Elevated Command prompt, and run the following commands - they may help to identify the cause...., and make sure that I don't leave a mess behind when I try and fix things :)

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\lbd /S REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LBD /S REG QUERY HKCR\CLSID\{C97FCC79-E628-407D-AE68-A06AD6D8B4D1} /S REG QUERY HKCR\AppID\IPBusEnum.DLL REG QUERY HKCR\AppID\{344ED43D-D086-4961-86A6-1106F4ACAD9B}



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Tuesday, December 11, 2012 5:53 PM
    Moderator
  • Thank!

    Here are the results!

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\Elissa>REG QUERY  HKLM\SYSTEM\CurrentControlSet\Services\lbd /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lbd
        Type    REG_DWORD    0x2
        Start    REG_DWORD    0x0
        ErrorControl    REG_DWORD    0x1
        Tag    REG_DWORD    0x3
        ImagePath    REG_EXPAND_SZ    system32\DRIVERS\Lbd.sys
        DisplayName    REG_SZ    Lbd
        Group    REG_SZ    FSFilter Activity Monitor
        DependOnService    REG_MULTI_SZ    FltMgr
        Description    REG_SZ    Ad-Aware mini-filter driver

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lbd\Instances
        DefaultInstance    REG_SZ    Lbd - Top Instance

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lbd\Instances\Lbd - Bottom
    Instance
        Altitude    REG_SZ    361000
        Flags    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lbd\Instances\Lbd - Middle
    Instance
        Altitude    REG_SZ    370000
        Flags    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lbd\Instances\Lbd - Top Ins
    tance
        Altitude    REG_SZ    385000
        Flags    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lbd\Enum
        0    REG_SZ    Root\LEGACY_LBD\0000
        Count    REG_DWORD    0x1
        NextInstance    REG_DWORD    0x1


    C:\Users\Elissa>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LBD /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LBD
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LBD\0000
        Service    REG_SZ    Lbd
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x0
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Lbd


    C:\Users\Elissa>REG QUERY HKCR\CLSID\{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  /S

    HKEY_CLASSES_ROOT\CLSID\{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
        (Default)    REG_SZ    AssociatedDevicePresence Class
        AppID    REG_SZ    {344ED43D-D086-4961-86A6-1106F4ACAD9B}

    HKEY_CLASSES_ROOT\CLSID\{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}\LocalService
        (Default)    REG_SZ    IPBusEnum
        ThreadingModel    REG_SZ    Free


    C:\Users\Elissa>REG QUERY HKCR\AppID\IPBusEnum.DLL

    HKEY_CLASSES_ROOT\AppID\IPBusEnum.DLL
        AppID    REG_SZ    {344ED43D-D086-4961-86A6-1106F4ACAD9B}


    C:\Users\Elissa>REG QUERY HKCR\AppID\{344ED43D-D086-4961-86A6-1106F4ACAD9B}

    HKEY_CLASSES_ROOT\AppID\{344ED43D-D086-4961-86A6-1106F4ACAD9B}
        (Default)    REG_SZ    IPBusEnum
        LocalService    REG_SZ    IPBusEnum
        LaunchPermission    REG_BINARY    010004807000000080000000000000001400000002
    005C0004000000000014000900000001010000000000051200000000001400090000000101000000
    00000513000000000018000900000001020000000000052000000020020000000014000900000001
    01000000000005040000000102000000000005200000002002000001020000000000052000000020
    020000


    C:\Users\Elissa>

    Tuesday, December 11, 2012 10:36 PM
  • OK

    Lets clear up the dregs of the Lavasoft driver first, and gather a little more information at the same time -

    Open an Elevated Command Prompt, and run the following commands - post the results

    REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\LBD /F
    REG DELETE HKLM\SYSTEM\CurrentControlSet\Enum\LEGACY_LBD /F
    REG QUERY HKLM\SOFTWARE\Classes\AppID\IPBusEnum.DLL /S
    REG QUERY HKLM\SOFTWARE\Classes\CLSID\{C97FCC79-E628-407D-AE68-A06AD6D8B4D1} /S
    REG QUERY HKLM\SOFTWARE\Classes\AppID\{344ED43D-D086-4961-86A6-1106F4ACAD9B} /S
     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, December 12, 2012 12:13 AM
    Moderator
  • Here you go!

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\LBD /F
    The operation completed successfully.

    C:\Windows\system32>REG DELETE HKLM\SYSTEM\CurrentControlSet\Enum\LEGACY_LBD /F
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\AppID\IPBusEnum.DLL /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IPBusEnum.DLL
        AppID    REG_SZ    {344ED43D-D086-4961-86A6-1106F4ACAD9B}


    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\CLSID\{C97FCC79-E628-407D-AE
    68-A06AD6D8B4D1} /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}

        (Default)    REG_SZ    AssociatedDevicePresence Class
        AppID    REG_SZ    {344ED43D-D086-4961-86A6-1106F4ACAD9B}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
    \LocalService
        (Default)    REG_SZ    IPBusEnum
        ThreadingModel    REG_SZ    Free


    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\AppID\{344ED43D-D086-4961-86
    A6-1106F4ACAD9B} /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{344ED43D-D086-4961-86A6-1106F4ACAD9B}

        (Default)    REG_SZ    IPBusEnum
        LocalService    REG_SZ    IPBusEnum
        LaunchPermission    REG_BINARY    010004807000000080000000000000001400000002
    005C0004000000000014000900000001010000000000051200000000001400090000000101000000
    00000513000000000018000900000001020000000000052000000020020000000014000900000001
    01000000000005040000000102000000000005200000002002000001020000000000052000000020
    020000


    C:\Windows\system32>

    Wednesday, December 12, 2012 1:58 PM
  • Ooops - slight typo in one of the commands....

    please run this one in an Elevated Command Prompt....

    REG DELETE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LBD /F


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, December 12, 2012 2:01 PM
    Moderator
  • It says "access denied" for that one.  
    Wednesday, December 12, 2012 3:59 PM
  • Interesting!

    OK - we'll have to do it the hard way :)

    Open Regedit and navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LBD Key

     

    Right-click on the key name, and Select Permissions,

    Click on Advanced, then the Owner tab

    Make sure that Administrators is the owner, and put a tick in the 'Replace owner...' box at the bottom

    Click OK once

    add Administrators to the 'Groups or Usernames' list, and give them Full permissions

    CLICK OK

    now rightclick on the LEGACY_LBD key again, and select delete (make sure that you have the right one - undo is not an option here!)

    close regedit.

    open an elevated Command prompt, and run the following commands.

    REG QUERY  HKLM\SYSTEM\CurrentControlSet\Services\lbd /S
    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LBD
    /S

    post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, December 12, 2012 5:11 PM
    Moderator
  • Okay... hopefully these are the results we want...

     Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY  HKLM\SYSTEM\CurrentControlSet\Services\lbd /S
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LBD
     /S
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>
    Wednesday, December 12, 2012 7:43 PM
  • Lovely - now reboot, and then save a new pair of event logs, and upload them.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, December 12, 2012 8:09 PM
    Moderator
  • Here we are!

    https://skydrive.live.com/redir?resid=D8435A1C122BD752!118&authkey=!AGSix-sTKvsqW9g

    Thursday, December 13, 2012 1:55 AM
  • I could only see the System event log??

     

    I see some updates came down yesterday for you - did they all install OK?

    There does seem to have been a problem with this one - http://support.microsoft.com/kb/2729453 - which may indicate that the problem you're having lies in this area. (.NET integrity)

    Unfortunately, this can be a minefield!

    Please run another SFC /SCANNOW and upload a new CBS.log file to your SkyDrive - we'll see if there's any new indicators there.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, December 13, 2012 1:22 PM
    Moderator
  • Oh boy.   Sorry about that.  Here is the app log:

    https://skydrive.live.com/redir?resid=D8435A1C122BD752!116&authkey=!AMbExx40UZ7UwLY

    Yes, all the updates installed fine as far as I can tell.  

    CBS Log:

    https://skydrive.live.com/redir?resid=D8435A1C122BD752!119&authkey=!AGvYHP0aEhhx7xQ


    • Edited by elissa87 Thursday, December 13, 2012 4:49 PM
    Thursday, December 13, 2012 4:46 PM
  • Please uninstall the current Toshiba Service Station app from the Programs and Features listing - we'll leave off reinstalling it until later. (It can be downloaded from the Toshiba website, if you actually use it at all!)

    Then install the following driver - http://cdgenp01.csd.toshiba.com/content/support/downloads/driver_intel_robson_TC50034200E.exe

    Reboot twice, and run a new MGADiag report


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, December 14, 2012 9:49 AM
    Moderator
  • Here you go!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-JQMWD-2QJRJ-RJ34F
    Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=
    Windows Product ID: 89578-OEM-7332157-00237
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.120824-0336
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: http=127.0.0.1:16110;https=127.0.0.1:16110
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B0C31CA9-9FA9-4A35-BF90-2D110881F1BF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-3969566641-39007500-1738613080</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.90</Version><SMBIOSVersion major="2" minor="4"/><Date>20090604000000.000000+000</Date></BIOS><HWID>CF333507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: MgAAAAEAAQABAAIAAQABAAAAAwABAAEAeqgETNqPRm6YpCT2xlHy9PZMfOgm5axWKoU=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC TOSINV TOSINV00
      FACP TOSINV TOSINV00
      HPET TOSINV TOSINV00
      BOOT TOSINV TOSINV00
      MCFG TOSINV TOSINV00
      ASF! TOSINV TOSINV00
      SLIC TOSINV TOSINV00
      SSDT PmRef CpuPm

    Saturday, December 15, 2012 1:32 AM
  • Still no change :(

    Please download and save  the CheckSUR tool from http://support.microsoft.com/kb/947821

    (you'll need to look in the details for Method 2)

     

    Run it - The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on how much it has to do, and may exit silently - it may appear to freeze for most of that time, but be patient.

    The result is logged in the C:\Windows\Logs\CBS\CheckSUR.log file  - and an archive …\checksur.persist.log file

     

    Then zip the CheckSUR.log and upload it to your public SkyDrive so I can take a look - post a link in your reply.

     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, December 15, 2012 10:36 AM
    Moderator
  • Alrighty, here we are!

    https://skydrive.live.com/redir?resid=D8435A1C122BD752!120&authkey=!ANJWKFKsiUCJCh8

    Thanks!

    Sunday, December 16, 2012 4:40 AM
  • There was nothing found there .

    I will need to do some  more  research and get back to you - if you haven't heard by Tuesday, SHOUT! :)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, December 16, 2012 8:58 PM
    Moderator
  • That's fine. Thank you so much!
    Monday, December 17, 2012 1:58 AM
  • Please run the following command, and post the results.

    ICACLS C:\Windows\System32\logfiles\WMI /T


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, December 18, 2012 2:41 PM
    Moderator
  • Here we are:

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>ICACLS C:\Windows\System32\logfiles\WMI /T
    C:\Windows\System32\logfiles\WMI NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                     NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(F)
                                     NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(F)
                                     BUILTIN\Administrators:(OI)(CI)(F)
                                     BUILTIN\Performance Log Users:(OI)(CI)(F)

    C:\Windows\System32\logfiles\WMI\RtBackup NT AUTHORITY\SYSTEM:(OI)(CI)(F)

    C:\Windows\System32\logfiles\WMI\tscore1.etl NT AUTHORITY\SYSTEM:(I)(F)
                                                 NT AUTHORITY\LOCAL SERVICE:(I)(F)
                                                 NT AUTHORITY\NETWORK SERVICE:(I)(F)

                                                 BUILTIN\Administrators:(I)(F)
                                                 BUILTIN\Performance Log Users:(I)(F
    )

    C:\Windows\System32\logfiles\WMI\tscore2.etl NT AUTHORITY\SYSTEM:(I)(F)
                                                 NT AUTHORITY\LOCAL SERVICE:(I)(F)
                                                 NT AUTHORITY\NETWORK SERVICE:(I)(F)

                                                 BUILTIN\Administrators:(I)(F)
                                                 BUILTIN\Performance Log Users:(I)(F
    )

    Successfully processed 4 files; Failed processing 0 files

    C:\Windows\system32>

    Tuesday, December 18, 2012 11:19 PM
  • I'm just about out of ideas :(

    At this point, you really have three choices....

    1) contact WGA support for assistance (which may or may not be free)

    2) Attempt a repair install

    3) Attempt a clean install using the Recovery media from your machine.

    WGA Support can be found here

     

    North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4

     

    Outside North America: http://support.microsoft.com/contactus/?ws=support#tab0

     

    Please let us know if (and how) MS manage to repair the problem without a repair install of the OS - it would be useful for future reference!    


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, December 19, 2012 10:16 AM
    Moderator
  • Will do!  Thank you so much for all of your help!!
    Thursday, December 20, 2012 2:35 PM