none
Repeatedly Asked to Validate OEM Win 7 Home Prem Toshiba

    Question

  •  

    Please look at my diagnostic report.  I keep getting the "This copy of Windows is not Genuine" issue.  I can't activate, and am forced to use my copy of Win 7 Home Prem to reinstall.  This is a Toshiba Satellite L455D-S5976 purchased 4/20/10.  Problems from day one with network connectivy, lwireless capability (can't prevent laptop from connecting to any available wifi because it is auto config to connect to anything it sees) Is running a hidden Virtual Machine/Remote Access Server which shares media/connects with open ports I can't control to access my Digital Cable TV set top boxes.  Have spent months trying to secure machine, certificates are all bogus...security is compromised, and OEM has embedded a backend portal using every vulnerability that Microsoft has addressed in the last 6 months.  Unable to get legitimate Security Updates, as they are blocked.  Unable to install antivirus protection and the corrupted "Norton 30 day trial" long since expired.  Toshiba refuses to assist, and will not offer support, as they blame it on Microsoft.  Have tons of proof of OEM corruption, because I have read hundreds of log files, script files, dll files and you can't get a clean install of the OS because there are files "write protected" on the "software created" floppy disk (there is no physical floppy on this $400 laptop) which shows storage allocated in the registry.  Also shows Bluetooth with all config data, when the specs for the Laptop clearly state NO Bluetooth.  Need answers as to how this can be legal, and what actions I can take against the OEM.

    Event Log Item:Log Name:      Application
    Source:        Microsoft-Windows-Security-SPP
    Date:          11/6/2010 4:43:51 PM
    Event ID:      1004
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      37L4247D28-05
    Description:
    The Software Protection service has successfully installed the license.
    License Title=Windows(R) 7 UL-PHN License (Public)
    License Id=1bbc0638-6daa-43f8-b4da-136eab47699f
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
        <EventID Qualifiers="16384">1004</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2010-11-06T22:43:51.000000000Z" />
        <EventRecordID>78</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>37L4247D28-05</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Windows(R) 7 UL-PHN License (Public)</Data>
        <Data>1bbc0638-6daa-43f8-b4da-136eab47699f</Data>
      </EventData>
    </Event>Log Name:      Application
    Source:        Microsoft-Windows-LoadPerf
    Date:          11/6/2010 11:20:23 PM
    Event ID:      3001
    Task Category: None
    Level:         Error
    Keywords:     
    User:          SYSTEM
    Computer:      Luna_Blue
    Description:
    The performance counter name string value in the registry is not formatted correctly. The malformed string is 5188. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-LoadPerf" Guid="{122EE297-BB47-41AE-B265-1CA8D1886D40}" />
        <EventID>3001</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2010-11-07T05:20:23.062924900Z" />
        <EventRecordID>257</EventRecordID>
        <Correlation />
        <Execution ProcessID="2132" ThreadID="2136" />
        <Channel>Application</Channel>
        <Computer>Luna_Blue</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <UserData>
        <EventXML xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="LoadPerf">
          <param1>5188</param1>
          <binaryDataSize>16</binaryDataSize>
          <binaryData>441400004214000043140000B8010000</binaryData>
        </EventXML>
      </UserData>
    </Event>

     

     

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-7YFPD-K76TY-RWTCH
    Windows Product Key Hash: 6SN4z7hPtY4eb0jzWxpKplfWAqQ=
    Windows Product ID: 00359-OEM-9806874-47303
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7600.2.00010300.0.0.003
    ID: {2E4A1D97-A3F1-4E2A-8A2A-CF4EF36A94EE}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7600.win7_rtm.090713-1255
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{2E4A1D97-A3F1-4E2A-8A2A-CF4EF36A94EE}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RWTCH</PKey><PID>00359-OEM-9806874-47303</PID><PIDType>8</PIDType><SID>S-1-5-21-3455901370-1677300584-303342135</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L455D</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V1.20</Version><SMBIOSVersion major="2" minor="4"/><Date>20091117000000.000000+000</Date></BIOS><HWID>F9B83607018400F6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: 5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00196-068-747303-02-1033-7600.0000-3102010
    Installation ID: 013075215575073601475221160444927156353692611451582702
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: RWTCH
    License Status: Initial grace period
    Time remaining: 42600 minute(s) (29 day(s))
    Remaining Windows rearm count: 3
    Trusted time: 11/7/2010 3:21:35 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Not Registered - 0x80040154
    Admin Service: Not Registered - 0x80040154
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEABAABAAEAAAAAAAAAAQABAAEAJJRA+PxJVPLi+/iyEDMIi5brGnsOHg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   PTLTD     APIC 
      FACP   AMD     ANT    
      SRAT   AMD     HAMMER 
      MSCT   OEMID   MSCTTBL
      HPET   PTLTD   HPETTBL
      MCFG   PTLTD     MCFG 
      TCPA   TOSCPL         
      SLIC   TOSCPL  TOSCPL00
      SSDT   PTLTD   POWERNOW

     

    Sunday, November 07, 2010 9:20 AM

Answers

  • "bluemoon60fla" wrote in message news:08b034c6-8c90-4020-a09b-a2aa73fdc960...

    I don't understand why people respond to posts with irrelevant advice.  A Toshiba "Factory" recovery via media disks, or sending off to them for repair will not fix this PC.  I questioned them about that, and I was told I would receive back a PC configured the same way, with the "value added" corruption I have now, which is not removable or reconfigurable into a "standalone machine" configuration.  It will still be a NT Workstation running a virtual server with all the same garbage waiting to stage itself on every reboot.

     


    people respond to the facts - not to your assertions.
     
    FACT - you have an OEM install of Windows 7 on a Toshiba machine which will not validate, giving a 0xc004f012 error in the MGADiag report.
    FACT - your machine has had hardware problems since purchase (or a  least so you state)
    FACT - you have been messing with the software to a huge extent, and no-one here is ever going to be able to tell in what way.
    FACT - I got it wrong when I mentioned Vista - I should have said Win 7 (comes from posting on 20 different forums, and then getting a complex post!)
     
    Why did you not arrange for repair of the hardware problems by Toshiba?
    Where on earth did you get this 'It will still be a NT Workstation running a virtual server with all the same garbage waiting to stage itself on every reboot' from?? In no way is this either NT or a virtual server - and I know of nothing that could make it so, without actually installing a virtual server.
    .If you're referring to the 'extras' that Toshiba puts into the installation media, then your solution is at hand. Simply reformat and reinstall using your Walmart disk - and your COA Key - and activate by phone.
    That will still not solve your hardware problems - and will create some extra problems, as you will still have to install the drivers after the initial setup , and those you'll have to get from the Toshiba website.
    What makes you think  the IEAK is blocking Google results?
     
    is the only registry entry I can find anything for
    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, November 10, 2010 11:29 PM
    Moderator
  • If you want advice then don't yell, this is all volunteer and given the fact that we can't physicaly touch your computer we have to go on the information at hand.

    If you did a clean install with a genuine disk whether it was an upgrade or not and you problem is repeatable then I would suggest you start a no cost support incident with MS. No, I don't know what those individual registry entries mean but maybe they can help you. When you install windows to do a clean install you must select custom as opposed to upgrade, it appears from your post that you did perform a clean install so again, start a no-cost support incident.

    http://support.microsoft.com/gp/contactwga

    Wednesday, November 10, 2010 11:34 PM

All replies

  • "bluemoon60fla" wrote in message news:f209a201-64ff-4dc7-9f40-fb98383b3ed7...

     

    Please look at my diagnostic report.  I keep getting the "This copy of Windows is not Genuine" issue.  I can't activate, and am forced to use my copy of Win 7 Home Prem to reinstall.  This is a Toshiba Satellite L455D-S5976 purchased 4/20/10.  Problems from day one with network connectivy, lwireless capability (can't prevent laptop from connecting to any available wifi because it is auto config to connect to anything it sees) Is running a hidden Virtual Machine/Remote Access Server which shares media/connects with open ports I can't control to access my Digital Cable TV set top boxes.  Have spent months trying to secure machine, certificates are all bogus...security is compromised, and OEM has embedded a backend portal using every vulnerability that Microsoft has addressed in the last 6 months.  Unable to get legitimate Security Updates, as they are blocked.  Unable to install antivirus protection and the corrupted "Norton 30 day trial" long since expired.  Toshiba refuses to assist, and will not offer support, as they blame it on Microsoft.  Have tons of proof of OEM corruption, because I have read hundreds of log files, script files, dll files and you can't get a clean install of the OS because there are files "write protected" on the "software created" floppy disk (there is no physical floppy on this $400 laptop) which shows storage allocated in the registry.  Also shows Bluetooth with all config data, when the specs for the Laptop clearly state NO Bluetooth.  Need answers as to how this can be legal, and what actions I can take against the OEM.

     

     

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-7YFPD-K76TY-RWTCH
    Windows Product Key Hash: 6SN4z7hPtY4eb0jzWxpKplfWAqQ=
    Windows Product ID: 00359-OEM-9806874-47303
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7600.2.00010300.0.0.003

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Not Registered - 0x80040154
    Admin Service: Not Registered - 0x80040154
    HealthStatus Bitmask Output:

     


    Failures to validate are often the result of over-zealous security software - what such do you have installed?
    Assuming you're behind a NAT router, try disabling your firewall and attempting to validate.
     
    Norton can be a pain to remove - and leftovers will often prevent the installation of better solutions.Use the Norton Removal tool to get rid of it, and then install MSE (at least as a temporary measure), and run a system scan
    Be aware that this will remove ALL Norton software from your PC, so ensure that your recovery system isn't managed by Norton software.
     
    I highly doubt that Toshiba's software is the source of your problems, or we'd have seen a slew of similar problems from the moment it was first issued - did you buy direct from Toshiba, or through a vendor, who may have 'customised' the installation?
     
     
    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, November 07, 2010 10:18 AM
    Moderator
  • If you read my post you missed the part about "I can't get any AntiVirus to install properly".  Maybe some additional info would shed some light on the issue.

    1.  I already had a Toshiba Laptop that had Vista H. Prem, and it malfunctioned in Aug 2009 after an important realtek driver update ( rearrange the letters...read them backwards....translate...decode....encode....have some fun with the possibilities, use your imagination, or better yet think outside of the box)  Ohh did I say box??   blackbox.dll ( we'll talk about that later)   r....t.....l     run time library   realtek remote terminal  k=kernel  e=extended e=elevated a=access a= Drive A: (that would be the 16bit dos floppy drive) Oddly enough so did the remaining 3 pc's in my home....even when they never had "realtek"....definitely not my 10 year old Sony XP Home desktop...or the Sony Vaio Vista Home prem Laptop which could never get SP2. This is why I finally broke down and purchased from WALMART a $400 bare basic Toshiba in April 2010 with Windows 7 Home Premium.  Feel free to read my other threads on the issues I have brought up.  

    2.  I was told by Toshiba that if I didn't like their nice little "Value Added Package"  DRIVER TVALZ_O; I could perform a "clean install" using my windows 7 retail disk (purchased to install on one of the Vista Machines).  If if formatted the harddrive, and installed Win 7, all OEM would be gone for good.  So, using diskpart, delete all volumes, partitions, OEM factory partition, leaving me with 232GB of unallocated space on a 250GB harddrive. (The other mysterious 18GB has yet to be explained, but I am intelligent enough to know that even the conversion factor of kb to gb would not account for that large of a discrepancy)   Yet, I still have OEM reference in the registry, Windows Update still shoves TVALZ_O  at me repeatedly, and even installs itself when I have updates set to let me choose, or I hide it.

    3.  If Toshiba has  told the truth, the "Trial Norton" would be fully eradicated from my system, no need for a removal tool.

    4.  I first powered up the new laptop in a very secure location on govt land where not even cell phones get signal.  My first move was to copy down all of the Bios info.  There was no Floppy Drive in the boot options.  After shutting down, returning home (digital cable service, packaged with digital phone and high speed internet)  powered up machine, no wired connection, laptop connects to an "insecure" unknown wireless connection it finds (not mine, router unplugged).  Now Bios shows "floppy disk" as an option in boot drive choices, and it can't be disabled (USB, CDRom and HardDrive all have option to disable, but not floppy)  Magic.....isnt it?   ohhh, speaking of Magic....that would be the Magic USB cable for migwiz, and the 10 foot OOBE cable ....just a few more weird items I noticed while viewing the registry.

    5. Toshiba now refuses to assist me with any support, saying its Microsoft's problem, yet I can search Microsoft and find no mention of these configs in a standard Home premium OS.  What I can find is that Home Premium is not supposed to have BitLocker or multiple language pack capability, but funny, they are active on my PC.

     

    file blackbox.dll    Properties:

    File Description:  BlackBox DLL  Type:  Application extension  File version:   11.0.7600.16385  Product name:  Microsoft (r) DRM

    Copyright: (c) Microsoft Corporation. All rights reserved  Size: 726 KB   Date modified: 7/13/2009 7:15PM  Language: English (United States)

    Original filename: blackbox.dll   and here is just a portion of that file:

    &DRMVer=%d.%d d r m v 1 k e y   . k e y   p d r m . d a t      )Ô¬ÖöE¼<߬“D–Æ×OÄ$ÆÄ$#PÄ$SÄ$RPÄ$PÄ$èPÄ$%QÄ$hQÄ$IpÄ$4YÄ$VÄ$0`Ä$ÉdÄ$ßlÄ$¥QÄ$)Ô¬ÖöE¼<߬“D–Æõ…ÈÒ´¿B‹“Ã͏ƒ*©"Ä$Ä$î~Ä$Ä$IÄ$/Ä$<Ä$á~Ä$û~Ä$ŒÄ$‚Ä$ wÄ$‰pÄ$qÄ$
    qÄ$qÄ$#qÄ$.qÄ$9qÄ$ðvÄ$þvÄ$hÄ$4YÄ$VÄ$0`Ä$ÉdÄ$ßlÄ$bwÄ$°BÅ$°BÅ$°BÅ$°BÅ$°BÅ$°BÅ$°BÅ$°BÅ$°BÅ$°BÅ$°BÅ$°BÅ$RtlInitUnicodeString NtOpenFile NtQuerySystemInformation n t d l l . d l l   \ D e v i c e \ K s e c D D   SOFTWARE\Microsoft\Cryptography\RNG Seed InterlockedCompareExchange kernel32.dll  µCÄÕ¼0
    gb ÙÈ°
    Ö۬Р‹²ŒaêЋõ¸Å`Ðm5šÞ
    ZàG¤çLa%—PqëÄ$SOFTWARE\Microsoft\DRM  »Ž’Ÿ”Ž“™»·¾ b l a c k b o x . b i n   CLSID\ \CLSID\ É¾»ËÌϸÌ×¹¹ÎË×ËËžÈ׸¾¹Ì×ÊʹÊμÍÿ¹Ì¸‡ú%s\Version EventRegister I n p r o c S e r v e r 3 2   P r o g I D   V e r s i o n   % S   s h e l l 3 2 . d l l   % S \ I n p r o c S e r v e r 3 2   % S \ P r o g I D   % S \ V e r s i o n      È   Ì   Р  Ô      Øù›‹ÚÃï+K…ÄÑêÕ;mQ6ÛðNd+à~Ÿэ…Žø¦×~M¿Ù
    ÙnŒž2_O=ì©„Yk^†çâ‹ÞK),ìMvýZ:wD : P ( D ; C I O I ; G A ; ; ; B G ) ( D ; C I O I ; G A ; ; ; L G ) ( A ; ; G A ; ; ; W D ) S : ( M L ; ; 0 x 1 ; ; ; L W )   D : P ( D ; C I O I ; G A ; ; ; D G ) ( D ; C I O I ; G A ; ; ; B G ) ( D ; C I O I ; G A ; ; ; L G ) ( A ; ; G A ; ; ; W D ) S : ( M L ; ; 0 x 1 ; ; ; L W )   D : P ( D ; C I O I ; G A ; ; ; B G ) ( D ; C I O I ; G A ; ; ; L G ) ( A ; ; 0 x 1 e 0 1 f f ; ; ; W D ) ( A ; O I C I I O ; G A ; ; ; W D ) ( A ; ; G A ; ; ; S Y ) S : ( M L ; ; 0 x 1 ; ; ; L W )   D : P ( D ; C I O I ; G A ; ; ; D G ) ( D ; C I O I ; G A ; ; ; B G ) ( D ; C I O I ; G A ; ; ; L G ) ( A ; ; 0 x 1 e 0 1 f f ; ; ; W D ) ( A ; O I C I I O ; G A ; ; ; W D ) ( A ; ; G A ; ; ; S Y ) S : ( M L ; ; 0 x 1 ; ; ; L W )   D : P ( D ; C I O I ; G A ; ; ; B G ) ( D ; C I O I ; G A ; ; ; L G ) ( A ; ; G A ; ; ; W D )   D : P ( D ; C I O I ; G A ; ; ; D G ) ( D ; C I O I ; G A ; ; ; B G ) ( D ; C I O I ; G A ; ; ; L G ) ( A ; ; G A ; ; ; W D )   D : P ( D ; C I O I ; G A ; ; ; B G ) ( D ; C I O I ; G A ; ; ; L G ) ( D ; ; S D ; ; ; W D ) ( A ; ; 0 x 1 e 0 1 f f ; ; ; W D ) ( A ; O I C I I O ; G A ; ; ; W D )   D : P ( D ; C I O I ; G A ; ; ; D G ) ( D ; C I O I ; G A ; ; ; B G ) ( D ; C I O I ; G A ; ; ; L G ) ( D ; ; S D ; ; ; W D ) ( A ; ; 0 x 1 e 0 1 f f ; ; ; W D ) ( A ; O I C I I O ; G A ; ; ; W D )   SOFTWARE\Microsoft\DRM  S O F T W A R E \ M i c r o s o f t \ D R M   U p g r a d e I n P r o g r e s s   S Y S T E M \ S e t u p   SHGetFolderPathW D R M   A l l   U s e r s   W i n d o w s   M i c r o s o f t   % P R O G R A M D A T A %   * . *   U p g r a d e P a t h   DataPath D a t a P a t h   D R M v 1      CreateToolhelp32Snapshot Module32First Module32Next k e r n e l 3 2 . d l l           À      FABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!

     Î_vsnwprintf atol  ù_wcsnicmp `wcsrchr Y_except_handler4_common Ìiswctype  ”_ftol2  Uwcscpy_s  ï_wcsicmp  j _XcptFilter Þmalloc  ¦free  Õ_initterm _amsg_exit  È_vsnprintf  [wcsncmp $strrchr ìmemmove ü_purecall 8RegCreateKeyExA HRegDeleteValueW HGetSecurityDescriptorDacl y CreatePrivateObjectSecurityEx BGetNamedSecurityInfoW ±SetNamedSecurityInfoW MGetSecurityDescriptorSacl Ü DestroyPrivateObjectSecurity  yRegSetKeySecurity r ConvertStringSecurityDescriptorToSecurityDescriptorW  üOpenThreadToken ÷OpenProcessToken  9RegCreateKeyExW ~RegSetValueExW  [GetTraceEnableFlags \GetTraceEnableLevel ]GetTraceLoggerHandle  ŠRegisterTraceGuidsW UnregisterTraceGuids  0RegCloseKey mRegQueryValueExA  }RegSetValueExA  nRegQueryValueExW  aRegOpenKeyExW `RegOpenKeyExA e MFHeapFree  d MFHeapAlloc sSetLastError  ÖUnmapViewOfFile Œ CreateFileMappingW  WMapViewOfFile DLocalAlloc  yGetSystemTimeAsFileTime éInterlockedCompareExchange  ãInitializeCriticalSectionAndSpinCount ÁGetCurrentProcessId ïInterlockedIncrement  ëInterlockedDecrement  âInitializeCriticalSection Ñ DeleteCriticalSection î EnterCriticalSection  9LeaveCriticalSection  £GetVersionExA EGetProcAddress  GetModuleHandleA  R CloseHandle ˆ CreateFileA ÓUnhandledExceptionFilter  GetLastError  ÏHeapFree  JGetProcessHeap  GetModuleFileNameA  ËHeapAlloc ²Sleep Þ DisableThreadLibraryCalls ÀGetCurrentProcess %WriteFile ðGetFileSize u CopyFileW Ö DeleteFileW cMoveFileW ƒGetTempFileNameW  …GetTempPathW  ÀReadFile   CreateFileW ìInterlockedExchange GetModuleHandleW  Ý DeviceIoControl `FreeEnvironmentStringsA aFreeEnvironmentStringsW MlstrlenA  NlstrlenW  ØGetEnvironmentStrings ÚGetEnvironmentStringsW  ÌGetDiskFreeSpaceA ¿GlobalMemoryStatus  §QueryPerformanceCounter GetLocalTime  “GetTickCount  ÅGetCurrentThreadId  =LoadLibraryExA  ìVirtualFree ïVirtualProtect  éVirtualAlloc  ¤GetVersionExW sGetSystemInfo ùWaitForSingleObject ResumeThread  ™SetThreadPriority SetThreadAffinityMask µ CreateThread  FGetProcessAffinityMask  WideCharToMultiByte fSetFilePointer  bFreeLibrary wGetSystemTime ¢GetVersion  ÄGetCurrentThread  HLocalFree êGetFileAttributesW  aSetFileAttributesW  ?LoadLibraryW  pGetSystemDirectoryW ¯GetWindowsDirectoryW  ExpandEnvironmentStringsW .FindClose RemoveDirectoryW  EFindNextFileW 9FindFirstFileW   CreateDirectoryW  gMultiByteToWideChar ÀTerminateProcess  ¥SetUnhandledExceptionFilter  CLSIDFromString g CoTaskMemAlloc  h CoTaskMemFree  CoCreateGuid  xStringFromCLSID  CryptCATAdminReleaseContext  CryptCATAdminAcquireContext  CryptCATAdminEnumCatalogFromHash   CryptCATCatalogInfoFromContext  RtlNtStatusToDosError     §Ë[J       0   ˜e  ˜Y      §Ë[J5Vx
          ”e  ”Y   RSDS›Úž †žIK”FØTOv”}   blackbox_notestroot.pdb 

    -----------------------------------------------------------------------------------------------------------------------

    nice file this one is    manage-bde.wsf  but I question if I use the translation methods, is this really b=bitlocker d=drive e=encryption

    or is it e=extended db=database   I can take just about any file name, read it backwords.....use only the caps sometimes...and make an acronymn for a microsoft app

    <package>
    <job id="manage-bde">
    <script language="VBScript">

    'NOTE: manage-bde.wsf has been replaced. Please use the replacement tool,
    '      manage-bde.exe, to perform BitLocker Drive Encryption management
    '      operations. This script is provided as a wrapper for backwards
    '      compatibility only.

    strArgs = ""

    For I = 0 to WScript.Arguments.Count - 1
       strArgs = strArgs & " " & WScript.Arguments(I)
    Next

    strArgs = strArgs & " -legacy_Vista"

    Set objShell = WScript.CreateObject("WScript.Shell")

    Set objExecObject = objShell.Exec("%comspec% /c manage-bde.exe " & strArgs)

    Do While Not objExecObject.StdOut.AtEndOfStream
        WScript.StdOut.WriteLine objExecObject.StdOut.ReadLine()
    Loop

    Do While Not objExecObject.StdErr.AtEndOfStream
        WScript.StdErr.WriteLine objExecObject.StdErr.ReadLine()
    Loop

    </script>
    </job>
    </package>

     

    Sunday, November 07, 2010 7:48 PM
  • "bluemoon60fla" wrote in message news:3d620aa9-951d-4d5c-beed-b8c9c99ac40e...

    If you read my post you missed the part about "I can't get any AntiVirus to install properly".  Maybe some additional info would shed some light on the issue.

    1.  I already had a Toshiba Laptop that had Vista H. Prem, and it malfunctioned in Aug 2009 after an important realtek driver update ( rearrange the letters...read them backwards....translate...decode....encode....have some fun with the possibilities, use your imagination, or better yet think outside of the box)  Ohh did I say box??   blackbox.dll ( we'll talk about that later)   r....t.....l     run time library   realtek remote terminal  k=kernel  e=extended e=elevated a=access a= Drive A: (that would be the 16bit dos floppy drive) Oddly enough so did the remaining 3 pc's in my home....even when they never had "realtek"....definitely not my 10 year old Sony XP Home desktop...or the Sony Vaio Vista Home prem Laptop which could never get SP2. This is why I finally broke down and purchased from WALMART a $400 bare basic Toshiba in April 2010 with Windows 7 Home Premium.  Feel free to read my other threads on the issues I have brought up.  

    2.  I was told by Toshiba that if I didn't like their nice little "Value Added Package"  DRIVER TVALZ_O; I could perform a "clean install" using my windows 7 retail disk (purchased to install on one of the Vista Machines).  If if formatted the harddrive, and installed Win 7, all OEM would be gone for good.  So, using diskpart, delete all volumes, partitions, OEM factory partition, leaving me with 232GB of unallocated space on a 250GB harddrive. (The other mysterious 18GB has yet to be explained, but I am intelligent enough to know that even the conversion factor of kb to gb would not account for that large of a discrepancy)   Yet, I still have OEM reference in the registry, Windows Update still shoves TVALZ_O  at me repeatedly, and even installs itself when I have updates set to let me choose, or I hide it.

    3.  If Toshiba has  told the truth, the "Trial Norton" would be fully eradicated from my system, no need for a removal tool.

    4.  I first powered up the new laptop in a very secure location on govt land where not even cell phones get signal.  My first move was to copy down all of the Bios info.  There was no Floppy Drive in the boot options.  After shutting down, returning home (digital cable service, packaged with digital phone and high speed internet)  powered up machine, no wired connection, laptop connects to an "insecure" unknown wireless connection it finds (not mine, router unplugged).  Now Bios shows "floppy disk" as an option in boot drive choices, and it can't be disabled (USB, CDRom and HardDrive all have option to disable, but not floppy)  Magic.....isnt it?   ohhh, speaking of Magic....that would be the Magic USB cable for migwiz, and the 10 foot OOBE cable ....just a few more weird items I noticed while viewing the registry.

    5. Toshiba now refuses to assist me with any support, saying its Microsoft's problem, yet I can search Microsoft and find no mention of these configs in a standard Home premium OS.  What I can find is that Home Premium is not supposed to have BitLocker or multiple language pack capability, but funny, they are active on my PC.

     

     


    You would appear to have a thoroughly blitzed install of Windows - I seriously suggest that you acquire the proper Recovery disks, and use those, or use a genuine MS-produced Vista Home Premium disk fro a reformat/reinstall.
    I think you've been afflicted by a counterfeit.

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, November 07, 2010 9:30 PM
    Moderator
  • I don't understand why people respond to posts with irrelevant advice.  A Toshiba "Factory" recovery via media disks, or sending off to them for repair will not fix this PC.  I questioned them about that, and I was told I would receive back a PC configured the same way, with the "value added" corruption I have now, which is not removable or reconfigurable into a "standalone machine" configuration.  It will still be a NT Workstation running a virtual server with all the same garbage waiting to stage itself on every reboot.

    Secondly, I clearly stated that this PC I was discussing was a OEM install of Windows 7 Home Premium 32bit.  I did mention that I used to have a Toshiba Vista Home Premium Laptop, but it got bricked by the "apppatch" in Aug 2009.

    I have a supposed "genuine" MS produced Windows 7 disk (yes, its an upgrade, but according to the forums, you can use it for clean installs also) which I purchased at WALMART.  It has passed authentication several times, only to revert to "This copy is not genuine" after Microsoft Windows Updates are installed.

    WHAT WOULD BE MY NEED FOR A VISTA HOME PREMIUM DISK???

     

    WHY CAN'T SOMEONE JUST LOOK AT SOME REGISTRY CONFIGS AND TELL ME WHAT IS RUNNING ON THIS MACHINE?  YOU CAN'T GOOGLE IT AND GET ANY INFO WHEN THE IEAK IS BLOCKING THE RESULTS.

    WHAT ARE THESE COMPONENTS???

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Active Setup]

    [HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components]

    [HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    "Version"="8,0,7600,17136"
    "Locale"="*"

    [HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "Version"="8,0,7100,0"
    "Locale"="*"

    [HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    "Version"="12,0,7600,16667"
    "Locale"="EN"

    [HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    "Version"="6,1,7600,16644"
    "Locale"="en"

    [HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    "Version"="8,0,7600,17136"
    "Locale"="en"

    [HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

     

    Wednesday, November 10, 2010 10:13 PM
  • "bluemoon60fla" wrote in message news:08b034c6-8c90-4020-a09b-a2aa73fdc960...

    I don't understand why people respond to posts with irrelevant advice.  A Toshiba "Factory" recovery via media disks, or sending off to them for repair will not fix this PC.  I questioned them about that, and I was told I would receive back a PC configured the same way, with the "value added" corruption I have now, which is not removable or reconfigurable into a "standalone machine" configuration.  It will still be a NT Workstation running a virtual server with all the same garbage waiting to stage itself on every reboot.

     


    people respond to the facts - not to your assertions.
     
    FACT - you have an OEM install of Windows 7 on a Toshiba machine which will not validate, giving a 0xc004f012 error in the MGADiag report.
    FACT - your machine has had hardware problems since purchase (or a  least so you state)
    FACT - you have been messing with the software to a huge extent, and no-one here is ever going to be able to tell in what way.
    FACT - I got it wrong when I mentioned Vista - I should have said Win 7 (comes from posting on 20 different forums, and then getting a complex post!)
     
    Why did you not arrange for repair of the hardware problems by Toshiba?
    Where on earth did you get this 'It will still be a NT Workstation running a virtual server with all the same garbage waiting to stage itself on every reboot' from?? In no way is this either NT or a virtual server - and I know of nothing that could make it so, without actually installing a virtual server.
    .If you're referring to the 'extras' that Toshiba puts into the installation media, then your solution is at hand. Simply reformat and reinstall using your Walmart disk - and your COA Key - and activate by phone.
    That will still not solve your hardware problems - and will create some extra problems, as you will still have to install the drivers after the initial setup , and those you'll have to get from the Toshiba website.
    What makes you think  the IEAK is blocking Google results?
     
    is the only registry entry I can find anything for
    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, November 10, 2010 11:29 PM
    Moderator
  • If you want advice then don't yell, this is all volunteer and given the fact that we can't physicaly touch your computer we have to go on the information at hand.

    If you did a clean install with a genuine disk whether it was an upgrade or not and you problem is repeatable then I would suggest you start a no cost support incident with MS. No, I don't know what those individual registry entries mean but maybe they can help you. When you install windows to do a clean install you must select custom as opposed to upgrade, it appears from your post that you did perform a clean install so again, start a no-cost support incident.

    http://support.microsoft.com/gp/contactwga

    Wednesday, November 10, 2010 11:34 PM

  • Bluemoon60fla,

    I understand your situation. I too have the same "Backdoor/trojan" whatever and have been battling it for months...since February of this year. I also understand your frustration with trying to find a solution. Every time you start to explain what's going on you are greeted with disbelief, suspicion or the same old pat answers that do not apply.

    Over the past ten months this "Virus" has infect all my laptops (3,) 2 desktops and my windows home server. I am a Microsoft Partner and can tell you that all copies were legitimate. I have gone on to purchase several new hard drives, multiple new computers, both laptops and desktops, all of which became infected almost immediately. Factor in all the AV programs I purchased at B&M's (so I could have the real disks) and the multiple recovery disks i have purchased from the computer factories-HP, Dell, Asus, Sony and Toshiba- and you realize this thing has cost me thousands.

    You are not crazy...everything you describe is correct. Bluetooth and Bitlocker enabled and configured even on computers without them. Regarding your Cable boxes, look around and you'll find Infared remotes are also enabled. I would imagine that whenever you DO START to get anywhere with repairs on your next boot you've either been rolled back thru system restore, are denied access to your logon (either password incorrect or "No mapping between security ids") or you are greeted with "The System Administrator has disabled blah-blah," rendering your account useless, even though your a home user with no administrator.

    I can tell you that over the past several months I've come across several people with the same problems everywhere from Massachusetts to Germany.

    Quite a few, including myself, ended up dumping there old computers, getting all brand new setups, even changing out they're cable modem, only to be reinfected while doing a windows or anti-virus update.

    Somethings that I Do know:

    1) it does use bitlocker, essentialy to prevent you from reformating.

    2) Once you run a process, it "records" it and then runs a loop when you attempt to run it again. You think you are reformatting but it's just playing a video.

    3) it uses system restore to roll back changes it does not like

    4} Devices are on even when you have shut them off. I had to physically remove my wireless card to prevent it from communicating.

    5) If you have a playstation or home server it can reside there and will attack everything on your home network.

    6} You may notice a USB (cnnection) icon popping up when you have NO usb device connected. Click on it and you will discover the "USB Device" is DRIVE C!! This is because you are being connected to thru "239.255.255.250: 1900." The UPnP port! Essentialy your computer has become a USB Device!

    7) As mentioned, Bitlocker, Bluetooth and Infared remote are all configured and enabled even on systems and computers that do not support them (Such as Windows 7 Home Premium.)

    8) Check your computer accounts, you'll find "Unknowns," most likely you cannot access the Administrator account (even in safe mode) and your account will be list as "User/Domain" because you are now part of an unknown Domain! Again, even on systems that do not support Domains ( like 7Home Premium.)

    9) it appears to be able to reside in Routers and resist resets. I have the Linksys WRT610N, a real beauty but I can no longer use it. Resets don't work, can not update the firmware and am unable to set any controls (they just reset.)

    I know there's no solution here but the more of us who work on this, the quicker we'll find one.

    Thursday, November 11, 2010 8:46 PM
  • Hello mfbarry,

     

      If you feel you have a Virus or some other form of Malware, I recommend contacting<Removed by Moderator: Phone number and/or site link no longer in use>.

      PC Safety is a group at Microsoft that provide FREE support to users with Malware Infections. The best part is that if an infection is found, not only will they help you to remove it, they will submit a sample of it to our Anti-virus Engineers and it will them be added to a signature update for the anti-virus program Microsoft Security Essentials (and I believe they share the information with other anti-virus program makes).

    Thank you,


    Darin MS
    • Edited by Darin Smith MSOwner Tuesday, April 10, 2012 7:09 PM <Removed by Moderator: Phone number and/or site link no longer in use>
    Friday, November 12, 2010 7:31 PM
    Owner
  • Wow, let me say that you seem to have the abililty to see exactly what I do, and you can describe details that I left out exactly as they happen on all 5 of my pc's.  I have also spent hours, tons of money, and much head banging, with very little results.

    All I can say is, it is one strange coincidence that immediately after the US went "all digital" things starting going whacked on every pc I owned, and all 6 of the new laptops I purchased.  (5 of which were returned to the highly corrupt Geek Squad at Best Buy who I hear is making a great profit margin lately)

    Thanks for backing me up, I continue to research the matter and compile evidence.

    And to you others who posted, I have compiled at least 15 incidents with Microsoft Support, from PC Safety, Genuine Advantage, Windows 7 installation, configuration, blah blah blah....

    There has never been a satisfactory resolution to any of them, and PC Safety will not even acknowledge the possibility that my machines may have an infection. You can't even get anyone to review the configuration of the running services with you, to tell you what IS necessary on Windows 7 and what is NOT.

    Thursday, November 18, 2010 1:47 AM
  • And to you others who posted, I have compiled at least 15 incidents with Microsoft Support, from PC Safety, Genuine Advantage, Windows 7 installation, configuration, blah blah blah....

    There has never been a satisfactory resolution to any of them, and PC Safety will not even acknowledge the possibility that my machines may have an infection. You can't even get anyone to review the configuration of the running services with you, to tell you what IS necessary on Windows 7 and what is NOT.

    We have little knowledge and even less control of what is or isn't on your computers. Sorry to hear you are having problems and sorry that our suggestions haven't helped. Personaly, If I had suspicions of a virus or spyware I would delete the affected installations and start fresh. Insure you are using genuine media and scan any additional or removable drives to avoid a reinfection.

    Given the statements on possibility of virus or malware infection there is not much we can do to advise on WGA issues until that condition is repaired, however once it is repaired it is unlikely you would need our help.

    Let us know if there is anything we can do to help you with your WGA issue after your computer is virus and malware free.

    Friday, November 19, 2010 6:24 PM
  • I applaud you mfbarry, for acknowledging that something very odd is going on with windows in general.  And yes, it has manifested itself on all of my 5 pcs.  That would be my Sony Vaio Desktop purchased in 2001 which was running Windows XP Home, my Sony Vaio Laptop purchased in 2007, which was running Vista Home Prem, My Toshiba laptop purchased in Feb 2009 which was running Vista Home Prem, all of which are now totally corrupted with the same applications, configurations, drivers, etc.   I have owned my Sony Desktop for ten years, don't you think I know what files, applications, drivers and software were on it?  It did not have so called "Realtek" audio...which is nothing but a pseudo-name for Run Time Library.....and some major malfunction of windows.

    I am not a novice user, and I don't ever recall having troubles with any pc prior to Aug 2009. When black "dos" or command prompt boxes flit quickly across your screen (most users are oblivious and don't know what they are anyway) then if you have any expertise at all, you know something is malfunctioning.

    I have been a bookkeeper for 25 years, and most of that time was using a computer.  I have installed Quick Books on dozens of pc's for clients, and on my own.  I know what runs and what the process of install is.  Never before did the installation retrieve "temp" files from some hidden location.

    I am no expert on Windows 7 for sure, but has anyone at Microsoft realized the hundreds of thousands of posts related to abnormal behaviors?  Does anyone have an answer for the majority of them?  No, just some standard restore, use factory media to recover...whatever.

    Did it dawn on anyone that "Factory Media" is corruptable?  Did it occur to anyone that if something has so many people in a state of confused aggravation, it generates from a source so abstract that common resolutions won't fix it?

    Saturday, November 20, 2010 6:35 PM
  • “The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).”

    Ref:  Cleaning a Compromised System


    Carey Frisch
    Saturday, November 20, 2010 7:02 PM
  • Let me bang my head on the wall one more time.

    A Clean install involves re-formatting your hard drive.

    Your hard drive states it is a 250GB hard drive.  You put in your "Genuine" Windows 7 Home Premium Disk you purchased at Walmart, Anytown USA (Most would assume this to be a credible retailer of this product, please let me know if I am mistaken) You boot (or so you think you do) to the disk, work your way to the Install screen, choose "custom" and arrive at the screen where you choose your installation location.  Here you have info about your "hard disk", partitions, etc.  Okay....hmmm, why is it that I have a 250 GB hard drive but I can only use 232.9GB?  Whats on the other 17GB (allowing for the conversion of kb to GB, i don't think there would normally be a 17GB differential) So if I format only the available 232.9GB, and I have no access to the other space on the drive, do you consider this a "CLEAN INSTALL"??

    I do not.  I ask, how do you clean the entire drive?

    I choose use tools to repair computer, go to command prompt, and type in diskpart

    List disk.  Only one here, Disk 0, size 232GB

    again, where is the remaining 17GB?

    No way to format entire drive using diskpart

    So, how does one get a clean install when one can't clean the drive?

    Refer to recovery environment, X:\   well what is here?  who put this here?  it is "virtual" recovery

    can you edit it?  did it come from the "genuine" disk?  did it come from the mystery 17GB? How do know?

    Who has permissions on this?  Everyone? Anyone?  Trusted Installer?  what files should be listed here?  should they all have the same date?  should they have different dates?  can you delete them?  how do they get "write-protected"?

    what are "Super Hidden" files?  what about this "Ramdisk" situation in the BCD configuration

    my BCD says I will always load the "resumeobject"  Who owns it?  what if I don't want to resume it?

    If I delete the entry from BCD, I can't boot.  Now I must boot from disk, and magic!  its all back the way it was.......the entire registry goes back to square one.

    Who put mspatcha.dll on my pc? And what is this Delta business all about?  go read about it....is it part of the Wonderful New Secure Loveable Huggable Windows 7?

    http://msdn.microsoft.com/en-au/library/Bb267312

    partial text:

    Microsoft Corporation

    January 2006

    Note: This is pre-release documentation and subject to change in future releases.

    Microsoft Corporation

    January 2006

    Purpose

    PatchAPI is a differential compression library that can create much smaller compressed files than those produced by other methods. It has been used to deploy software updates for Microsoft Windows and in Windows Installer Patch (MSP) Files.
    Applies to:

       Microsoft® Windows XP
    ®    Windows 2000
    ®    Windows Server 2003
    ®    Windows Installer SDK    Windows Vista

    ®

    Getting the PatchAPI Components

    The PatchAPI includes the following files:

    • mspatcha.dll : Dynamic link library for applying deltas. This library is shipped with Windows XP, Windows 2000, Windows Server 2003, and Windows Vista. It can be found in the System32 directory.

    My lumpy head says an OEM can use Delta and mspatcha.dll to compress an entire OS onto the mystery 17GB  and then call on it at startup to stage and transform  into one fine Virtual Remote Server. and if we use software to create a "Tape Drive" or "Floppy Drive" scenario, we can make it "write protected" and no common user will ever figure out how to clean it

     

    I don't recall saying I have had a hardware problem since day one with this Toshiba

    What I said is that Windows 7 does not function  properly, and I can't keep it "Authentic" because whenever I get an update, it becomes "Ungenuine"

    this does not sound like hardware to me,l it sounds like something that came in the configuration of the machine's software is corrupt, and each time windows puts out a security update, the machine malfunctions because the security vulnerability is no longer exploitable and the pc therefore become "ungenuine" and non-functional. Yrour only alternative is to restore to a point where you did not have any security updates.  Now you can use your pc, but forget about being secure.

    The Tvalz updated listed as a "driver" is a bogus explanation of corrupt application....it is a software application, created by the OEM

    Thus the amazing AppPatch, Addins, Customization blah blah blah.....

    If Microsoft now acknowledges this massive amount of security holes, how do they expect anyone who is already a victim to fix it?  Do you think you actually get to install these security updates when your user name is "None Ordinary User" even when you are logged in as an administrator?  If you have no administrative rights, and have no control over the processes, apps, drivers, and config of your pc, how do you correctly install anything?

    Thank you

    Saturday, November 20, 2010 7:12 PM
  • Q.  I have a 250 GB hard drive but I can only use 232.9GB? 

    A.  Discrepancy Between Reported Capacity and Actual Capacity  and  Why does my hard drive report less capacity than indicated on the drive's label?

     

    A "clean install" is simple:  Boot from the Windows installation disc and when the setup menu appears, select the option to delete the existing partition(s), create a new partition, format the new partition and install Windows.


    Carey Frisch
    Saturday, November 20, 2010 8:25 PM
  • The discrepancy in size is normal as noted in the link Carey provided. Every OS has had security related patches and updates. Windows is the most widely used and therefore far more effort goes into exploiting the security issues. I can only go by my experience and my experience tells me that the vast majority of computers do not have non-genuine issues after patches. At this point there are only two avenues I can suggest to you.

    1. Contact the OEM and explain your probelm to them, explain your thoughts on the OEM provided drivers and applications.
    2. Start a no cost support incident at this address. http://support.microsoft.com/gp/contactwga

    HDD manufacturers measure HDD capacity differently than software and OS manufacturers do. They should advertise in a consistant manner with the rest of the industry but the responsibility for this discrepence does not reside with MS. There is nothing hidden within this 17 GB of missing drive space, it just does not exist. MS does create a hidden 100MB partition but they tell you this and they explain why (think drive encryption).

    Saturday, November 20, 2010 10:25 PM
  • yes, normally thats how it works, but why does it all come back?  lets simplify this even more

    Does windows 7 home premium, installed clean from the retail disk, formatting the entire harddrive ( assuming you actually are) have the following  ten minutes after you finish, when you have not hooked to the internet or installed anything else yet?:

     

    Twain.dll Client's 32-Bit Thunking Server

    -----------------------

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{FB4CDF30-A741-421d-BCFA-6CC530D053FB}]
    @="Microsoft.SQLLITE.MOBILE.OLEDB.3.0"
    "OLEDB_SERVICES"=dword:fffffffe

    [HKEY_CLASSES_ROOT\CLSID\{FB4CDF30-A741-421d-BCFA-6CC530D053FB}\InprocServer32]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
      00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,71,00,\
      6c,00,63,00,65,00,6f,00,6c,00,65,00,64,00,62,00,33,00,30,00,2e,00,64,00,6c,\
      00,6c,00,00,00
    "ThreadingModel"="Both"

    [HKEY_CLASSES_ROOT\CLSID\{FB4CDF30-A741-421d-BCFA-6CC530D053FB}\ProgID]
    @="Microsoft.SQLLITE.MOBILE.OLEDB.3.0"

    --------------------------------------

    How many CORE OS do we need on one Laptop???

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API]

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines]
    "CurrentVersion"="2.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\1.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\1.0\0]
    "Flags"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\1.0\0\CoreOS]
    "Version"="6.0.6000.16386"
    "DisplayName"="Windows Core OS Components"
    "Type"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\0]
    "Flags"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\0\CoreOS]
    "Version"="6.0.6000.16386"
    "DisplayName"="Windows Core OS Components"
    "Type"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\1]

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\1\CoreOS]
    "Version"="6.1.7600.16385"
    "DisplayName"="Windows Core OS Components"
    "Type"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Components]

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Components\CoreOS]
    "Version"="6.1.7600.16385"
    "DisplayName"="Windows Core OS Components"
    "Type"=dword:00000000

    ------------------------------------

    If this is standard Windows 7 config, someone needs to come up with a better word than "HACK"   to identify it in the registry, its not a pleasant find

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\usbstor]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\usbstor\054C00C1]
    "DeviceHackFlags"=dword:20000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\usbstor\05AC12xx]
    "DeviceHackFlags"=dword:00000020

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\usbstor\05AC13xx]
    "DeviceHackFlags"=dword:00000020

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\usbstor\05DCA431]
    "DeviceHackFlags"=dword:00000010
    --------------------------------------------------

    Is this correct?  Windows Defender   not found on clean install????? and where did it get copied from???????

     

    ----------------------------------------------------------------------------------
    Command:    c:\16467d9413c4da7c864c0320f079e1\MPSigStub.exe  WD /q
    Start time: 11/22/2010 4:19 AM (version 10.3.1781.0)

    ================================= CacheMpSigStub =================================

    Copied MpSigStub.exe to C:\Windows\system32\MpSigStub.exe

    =================================== ProductSearch ==================================

                 Microsoft Windows Defender (Windows 7):
         Status: Active                                
        Product: 6.1.7600.16385                        
         Engine: Not found                             
     Signatures: Not found                             

    ================================ PackageDiscovery ================================

                   AS FE:     
           Engine: 1.1.6402.0 
      AS base VDM: 1.95.0.0   
      AV base VDM: Not included
     AS delta VDM: 1.95.191.0 
     AV delta VDM: Not included

    ================================= MpUpdateEngine =================================

    Updated from c:\16467d9413c4da7c864c0320f079e1 (0x0)

    ================================= ValidateUpdate =================================

    MpSigStub successfully updated Microsoft Windows Defender (Windows 7) using the AS FE package.

                   Original:  Updated to:
           Engine: 0.0.0.0    1.1.6402.0
      AS base VDM: 0.0.0.0    1.95.0.0  
     AS delta VDM: 0.0.0.0    1.95.191.0

    Set DeltaUpdateFailure to 0
    Deleted c:\16467d9413c4da7c864c0320f079e1\mpasbase.vdm
    Deleted c:\16467d9413c4da7c864c0320f079e1\mpasdlta.vdm
    Deleted c:\16467d9413c4da7c864c0320f079e1\mpengine.dll
    End time: 11/22/2010 4:19 AM
    ----------------------------------------------------------------------------------

     

    Monday, November 22, 2010 7:59 PM