locked
Another Windows 7 Not Genuine Issue! RRS feed

  • Question

  • Last week I noticed Windows Update was failing with error code 0x80096001 and I started getting the Windows Not Genuine popups as well. After research on the Web I believe Windows Update is not working because it thinks my copy of Windows is not genuine, so that is where I am starting my trouble shooting. I have tried several Mr FixITs and KB article fixes to no avail.

    Note that this is a work computer with a volume license but our IT department's standard response to issues is for them just to re-image the machine and be done with it. This will cause me about a week of down time getting all my apps re-installed and back in working condition. So I was hoping someone had a cleaver quick fix for this so I can avoid this.

    Also note that if I run slui.exe from the command prompt I get a window back that says Activation was successful, but MGADiag still shows problems and Update still does not work. MGADiag output is attached below. Seems like the tampered files listed are the problem.

    I have run CHKDSK /R and there are no disk problems. I also ran SFC /SCANNOW and it reported no system file issues either and all was OK.

    Thanks for any help!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-J8D7P-XQJJ2-GPDD4
    Windows Product Key Hash: xgsndMkYdJsYmUng0qIJ/thx+HI=
    Windows Product ID: 00371-868-0000007-85534
    Windows Product ID Type: 1
    Windows License Type: KMS Client
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {23F8562F-DF6E-4DA4-93B5-0C51DD1CB564}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{23F8562F-DF6E-4DA4-93B5-0C51DD1CB564}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-GPDD4</PKey><PID>00371-868-0000007-85534</PID><PIDType>1</PIDType><SID>S-1-5-21-1084033152-1343579915-1710828045</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Precision WorkStation T3500  </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A11</Version><SMBIOSVersion major="2" minor="5"/><Date>20110420000000.000000+000</Date></BIOS><HWID>958D3007018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>B10K   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
    Activation ID: b92e9980-b9d5-4821-9c94-140f632f6312
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-868-000000-03-1033-7601.0000-0172012
    Installation ID: 001723607685341202360093216105807366514891516856627521
    Partial Product Key: GPDD4
    License Status: Licensed
    Volume activation expiration: 252420 minute(s) (175 day(s))
    Remaining Windows rearm count: 1
    Trusted time: 1/17/2012 10:35:51 AM

    Key Management Service client information
        Client Machine ID (CMID): 088508d9-5c97-43c3-a48b-13ecc6ad9f33
        KMS machine name from DNS: ******************:1688
        KMS machine extended PID: 55041-00168-313-106864-03-1033-7600.0000-1442010
        Activation interval: 120 minutes
        Renewal interval: 10080 minutes
        KMS host caching is enabled

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 1:13:2012 17:40
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: NAAAAAIAAAABAAIAAgACAAAAAgABAAEA6GHe7vDpTjRGec5wqsfSGd6IoINqXSb6BF/qgg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    B10K  
      FACP   DELL    B10K  
      HPET   DELL    B10K  
      BOOT   DELL    B10K  
      MCFG   DELL    B10K  
      SSDT   DELL  st_ex
      ASF!   DELL    B10K  
      TCPA   DELL    B10K  
      DMAR   DELL    B10K  
      SLIC   DELL    B10K  
      SSDT   DELL  st_ex

     


    • Edited by DallasAg81 Tuesday, January 17, 2012 5:12 PM
    Tuesday, January 17, 2012 5:02 PM

Answers

  • "DallasAg81" wrote in message news:6a02e8d6-164c-44a5-89db-8e0393aed8b9...

    Sorry for the delay, darn work gets in the way! I checked the permissions with ICACLS and the tampered files have the same permissions as the files on the other working PC and all other main windows system files I checked.

    At this point I think it is just best to give up and go with a clean rebuild. Sighhhhh. Thanks for your help!

     

    If it’s not too much hassle, that is probably the best solution – you may want to run the MGADiag tool at critical points in the process to check that everything is as expected, and create manual System Restore points at the same time.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by DallasAg81 Wednesday, January 18, 2012 9:44 PM
    Wednesday, January 18, 2012 8:41 PM
    Moderator

All replies

  • "DallasAg81" wrote in message news:d0310bdc-f0d7-4ff9-b644-1fdd17a1adad...

    Last week I noticed Windows Update was failing with error code 0x80096001 and I started getting the Windows Not Genuine popups as well. After research on the Web I believe Windows Update is not working because it thinks my copy of Windows is not genuine, so that is where I am starting my trouble shooting. I have tried several Mr FixITs and KB article fixes to no avail.

    Note that this is a work computer with a volume license but our IT department's standard response to issues is for them just to re-image the machine and be done with it. This will cause me about a week of down time getting all my apps re-installed and back in working condition. So I was hoping someone had a cleaver quick fix for this so I can avoid this.

    Also note that if I run slui.exe from the command prompt I get a window back that says Activation was successful, but MGADiag still shows problems and Update still does not work. MGADiag output is attached below. Seems like the tampered files listed are the problem.

    I have run CHKDSK /R and there are no disk problems. I also ran SFC /SCANNOW and it reported no system file issues either and all was OK.

    Thanks for any help!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-J8D7P-XQJJ2-GPDD4
    Windows Product Key Hash: xgsndMkYdJsYmUng0qIJ/thx+HI=
    Windows Product ID: 00371-868-0000007-85534
    Windows Product ID Type: 1
    Windows License Type: KMS Client
    Windows OS version: 6.1.7601.2.00010100.1.0.048

    Other data-->
    SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Precision WorkStation T3500  </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A11</Version><SMBIOSVersion major="2" minor="5"/><Date>20110420000000.000000+000</Date></BIOS

     

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
    Partial Product Key: GPDD4
    License Status: Licensed
    Volume activation expiration: 252420 minute(s) (175 day(s))
    Remaining Windows rearm count: 1
    Trusted time: 1/17/2012 10:35:51 AM

    Key Management Service client information
        Client Machine ID (CMID): 088508d9-5c97-43c3-a48b-13ecc6ad9f33
        KMS machine name from DNS: ******************:1688
        KMS machine extended PID: 55041-00168-313-106864-03-1033-7600.0000-1442010
        Activation interval: 120 minutes
        Renewal interval: 10080 minutes
        KMS host caching is enabled

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 1:13:2012 17:40
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


     


     
     
    Try updating the IRST drivers – they often lead to this set of errors.
    Installing the Intel Rapid Storage Drivers
    try downloading and installing them from here -
    - you’ll need the set for the x64 (64-bit) platform on Win7
    Once complete, please reboot twice, then post another MGADiag report.
    Good Luck!

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, January 17, 2012 5:40 PM
    Moderator
  • Thanks for the reply. I forgot to add in my OP that I saw you recommend the Intel Driver update in another thread this weekend and tried that. The driver update was successful but it has not changed the problem. My info posted above was taken after the Intel driver update and rebooting twice. Thanks again, any other possibilities?
    Tuesday, January 17, 2012 5:47 PM
  • "DallasAg81" wrote in message news:c3b2a8fc-053d-49f9-a55a-7e501ddf05aa...
    Thanks for the reply. I forgot to add in my OP that I saw you recommend the Intel Driver update in another thread this weekend and tried that. The driver update was successful but it has not changed the problem. My info posted above was taken after the Intel driver update and rebooting twice. Thanks again, any other possibilities?
     
    Ah – in that case, I’m not sure where to go – but try this, as it may resolve things
     
    SFC -System File Checker - Instructions
    Click on the Start button
    type in the Search box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator
    - the Elevated Command Prompt window should pop up
    At the Command prompt, type

    SFC /SCANNOW

    and hit the Enter key
    Wait for the scan to finish - make a note of any error messages - and then reboot.
     
    If the notification doesn’t disappear at that point, then try recreating the Licensing store....
    Recreate the Licensing Store
    1) Click Start button.
    2) Type: CMD.exe into the 'Search programs and files' field
    3) Right-Click on CMD.exe and select Run as Administrator
    4) Type: net stop sppsvc (It may ask you if you are sure, select yes)
    Note: the Software Protection service may not be running, this is ok.
    5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
    6) Type: rename tokens.dat tokens.bar
    7) Type: cd %windir%\system32
    8) Type: net start sppsvc
    9) Type: slui.exe
    10) After a couple of seconds Windows Activation dialog will appear. You may be asked to re-activate and/or re-enter your product key or Activation may occur automatically.

    Reboot and Post back with a new MGADiag report

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, January 17, 2012 5:53 PM
    Moderator
  • SFC Results:

    c:\>SFC /SCANNOW

    Beginning system scan.  This process will take some time.

    Beginning verification phase of system scan.
    Verification 100% complete.

    Windows Resource Protection did not find any integrity violations.

    Renaming tokens.dat and slui.exe results:

    Comes back with a window that says activation was successfull.

    After reboot, MGADiag output still the same:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-J8D7P-XQJJ2-GPDD4
    Windows Product Key Hash: xgsndMkYdJsYmUng0qIJ/thx+HI=
    Windows Product ID: 00371-868-0000007-85534
    Windows Product ID Type: 1
    Windows License Type: KMS Client
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {23F8562F-DF6E-4DA4-93B5-0C51DD1CB564}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{23F8562F-DF6E-4DA4-93B5-0C51DD1CB564}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-GPDD4</PKey><PID>00371-868-0000007-85534</PID><PIDType>1</PIDType><SID>S-1-5-21-1084033152-1343579915-1710828045</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Precision WorkStation T3500  </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A11</Version><SMBIOSVersion major="2" minor="5"/><Date>20110420000000.000000+000</Date></BIOS><HWID>958D3007018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>B10K   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
    Activation ID: b92e9980-b9d5-4821-9c94-140f632f6312
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-868-000000-03-1033-7601.0000-0172012
    Installation ID: 001723607685341202360093216105807366514891516856627521
    Partial Product Key: GPDD4
    License Status: Licensed
    Volume activation expiration: 252300 minute(s) (175 day(s))
    Remaining Windows rearm count: 1
    Trusted time: 1/17/2012 12:58:47 PM

    Key Management Service client information
        Client Machine ID (CMID): 088508d9-5c97-43c3-a48b-13ecc6ad9f33
        KMS machine name from DNS: *********************:1688
        KMS machine extended PID: 55041-00168-313-106864-03-1033-7600.0000-1442010
        Activation interval: 120 minutes
        Renewal interval: 10080 minutes
        KMS host caching is enabled

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000003EFFF
    Event Time Stamp: 1:13:2012 17:40
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watadminsvc.exe
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\wat\watux.exe
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys


    HWID Data-->
    HWID Hash Current: NAAAAAIAAAABAAIAAgACAAAAAgABAAEA6GHe7vDpTjRGec5wqsfSGd6IoINqXSb6BF/qgg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    B10K  
      FACP   DELL    B10K  
      HPET   DELL    B10K  
      BOOT   DELL    B10K  
      MCFG   DELL    B10K  
      SSDT   DELL  st_ex
      ASF!   DELL    B10K  
      TCPA   DELL    B10K  
      DMAR   DELL    B10K  
      SLIC   DELL    B10K  
      SSDT   DELL  st_ex

    ================================================

    I notice that this time stamp in the Windows Activation Technologies--> Section never changes:

    Event Time Stamp: 1:13:2012 17:40
    I wonder what happened then? How does Windows determine that a file has been tampered with? All the WAT files look to have date code of 9/22/2010 and not been recently modifed.

    Thanks again for your help!

     

    Tuesday, January 17, 2012 7:12 PM
  • BTW - I have another Windows 7 PC acquired at the same time that is working OK. I did a binary compare of the files reported as tampered with the known good copies from the working PC. They all compared 100% exactly the same. So the files themselves are not actually changed. Its just Windows for some reason "thinks" they are.

    Again how does Windows detect tampered files? Is there any way to re-register these files so Windows sees them as good?

    Tuesday, January 17, 2012 7:39 PM
  • "DallasAg81" wrote in message news:e7a4203f-1ff9-4f5c-9094-3eb349d6e5bb...

    BTW - I have another Windows 7 PC acquired at the same time that is working OK. I did a binary compare of the files reported as tampered with the known good copies from the working PC. They all compared 100% exactly the same. So the files themselves are not actually changed. Its just Windows for some reason "thinks" they are.

    Again how does Windows detect tampered files? Is there any way to re-register these files so Windows sees them as good?

    The problem may be with permissions, rather than anything else – try using ICACLS on both machines to compare them.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, January 17, 2012 8:56 PM
    Moderator
  • Sorry for the delay, darn work gets in the way! I checked the permissions with ICACLS and the tampered files have the same permissions as the files on the other working PC and all other main windows system files I checked.

    At this point I think it is just best to give up and go with a clean rebuild. Sighhhhh. Thanks for your help!

     

    Wednesday, January 18, 2012 6:59 PM
  • "DallasAg81" wrote in message news:6a02e8d6-164c-44a5-89db-8e0393aed8b9...

    Sorry for the delay, darn work gets in the way! I checked the permissions with ICACLS and the tampered files have the same permissions as the files on the other working PC and all other main windows system files I checked.

    At this point I think it is just best to give up and go with a clean rebuild. Sighhhhh. Thanks for your help!

     

    If it’s not too much hassle, that is probably the best solution – you may want to run the MGADiag tool at critical points in the process to check that everything is as expected, and create manual System Restore points at the same time.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by DallasAg81 Wednesday, January 18, 2012 9:44 PM
    Wednesday, January 18, 2012 8:41 PM
    Moderator