W7 Pro 64, Problem with geniune and updates

E

err5ttres

New member
Local time
1:31 PM
Messages
9
I have a lenovo thinkcenter edge71 preloaded with Windows 7 Professional 64bit.

For the past couple of months I keep getting the popup that "windows is not genuine. Click here to sort it out online".

I do but nothing happens. System properties report windows as activated.

The major problem is that Windows Updates keep failing. I tried the various solutions (SURT, sfc, Rename SoftwareDistribution) but nothing seems to work. Error codes are 800401FD, 8E5E0408, 8000FFFF.

I need to try to repair this problem without having to reinstall windows if possible. I can supply any log files that are required.

Thanks.
 

My Computer My Computer

At a glance

Ultimate 64bit
Computer type
PC/Desktop
OS
Ultimate 64bit
latest results of sfc and surt logs. Hope they help
 

My Computer My Computer

At a glance

Ultimate 64bit
Computer type
PC/Desktop
OS
Ultimate 64bit
no help from anyone?
 

My Computer My Computer

At a glance

Ultimate 64bit
Computer type
PC/Desktop
OS
Ultimate 64bit
Please follow this tutorial and post an MGADiag report - then we can see what the problem is.

http://www.sevenforums.com/windows-updates-activation/234159-windows-genuine-activation-issue-posting-instructions.html

Ignore errors produced when clicking on the Copy button - they simply mean that the tool could not create the backup files for some reason. The data is still copied to the clipboard for pasting to your response.

Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine (or inside the battery compartment), but do NOT quote the Key on the sticker!
http://www.microsoft.com/en-us/howtotell/Hardware.aspx
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
The CheckSUR log is clear, apart from these warnings at the end...
Code: 
(w) Unable to open Event Log 0x000006B5 Application  OpenEventLog failed: 0x000006B5 - The interface is unknown.
.
(w) Unable to open Event Log 0x000006B5 System  OpenEventLog failed: 0x000006B5 - The interface is unknown.
.

The SFC scan is clear - but the background CBS log shows the following error...
Code: 
2013-08-12 16:48:10, Info                  CBS    Plan: Package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256, Update: ActiveX32, current: Resolved, pending: Default, start: Resolved, applicable: Staged, targeted: Staged, limit: Staged, selected: Default
2013-08-12 16:48:10, Info                  CBS    Perf: Resolve chain started.
2013-08-12 16:48:10, Info                  CSI    [EMAIL="0000030c@2013/8/12:13:48:10.747"]0000030c@2013/8/12:13:48:10.747[/EMAIL] CSI Transaction @0x189dd90 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [90]"TI1.30316386_2488333926:2/WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-08-12 16:48:30, Info                  CBS    Failed call to CryptCATAdminAddCatalog. [HRESULT = 0x8e5e0408 - JET_errFileAccessDenied]
2013-08-12 16:48:30, Info                  CBS    Failed to install catalog file [URL="file://\\?\C:\Windows\SoftwareDistribution\SelfUpdate\Packages\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256\update.cat"]\\?\C:\Windows\SoftwareDistribution\SelfUpdate\Packages\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256\update.cat[/URL] for package [HRESULT = 0x8e5e0408 - JET_errFileAccessDenied]
2013-08-12 16:48:30, Info                  CBS    Failed to install catalog for package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256 [HRESULT = 0x8e5e0408 - JET_errFileAccessDenied]
2013-08-12 16:48:30, Info                  CBS    Failed to stage package manifest. [HRESULT = 0x8e5e0408 - JET_errFileAccessDenied]
2013-08-12 16:48:30, Info                  CBS    Failed to add package. [HRESULT = 0x8e5e0408 - JET_errFileAccessDenied]
2013-08-12 16:48:30, Info                  CBS    Failed to persist package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256. [HRESULT = 0x8e5e0408 - JET_errFileAccessDenied]
2013-08-12 16:48:30, Info                  CBS    Failed to update states and store all resolved packages. [HRESULT = 0x8e5e0408 - JET_errFileAccessDenied]
2013-08-12 16:48:30, Info                  CSI    [EMAIL="0000030d@2013/8/12:13:48:30.465"]0000030d@2013/8/12:13:48:30.465[/EMAIL] CSI Transaction @0x189dd90 destroyed
2013-08-12 16:48:30, Info                  CBS    Perf: Resolve chain complete.
2013-08-12 16:48:30, Info                  CBS    Failed to resolve execution chain. [HRESULT = 0x8e5e0408 - JET_errFileAccessDenied]
2013-08-12 16:48:30, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x8e5e0408 - JET_errFileAccessDenied]
2013-08-12 16:48:30, Info                  CBS    WER: Generating failure report for package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256, status: 0x8e5e0408, failure source: Resolve, start state: Resolved, target state: Staged, client id: WindowsUpdateAgent
2013-08-12 16:48:30, Info                  CBS    Failed to query DisableWerReporting flag.  Assuming not set... [HRESULT = 0x80070002 - ERROR_FILE_NOT_FOUND]
2013-08-12 16:48:30, Info                  CBS    Failed to add %windir%\winsxs\pending.xml to WER report because it is missing.  Continuing without it...
2013-08-12 16:48:30, Info                  CBS    Failed to add %windir%\winsxs\pending.xml.bad to WER report because it is missing.  Continuing without it...

Historically, we've not had much success dealing with this type of CBS error short of a repair install - but freeing up the event log errors may help.

Please open an Elevated Command Prompt, and run the following commands.

ICACLS C:\Windows\System32\winevt
ICACLS C:\Windows\System32\winevt\logs
ICACLS C:\Windows\System32\winevt\logs\Application.evtx
ICACLS C:\Windows\System32\winevt\logs\System.evtx

Post the results....


Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
License is Windows 7 professional OA.

Result of commands are:
C:\Windows\system32>ICACLS C:\Windows\System32\winevt
C:\Windows\System32\winevt BUILTIN\Administrators:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT SERVICE\TrustedInstaller:(I)(CI)(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32\winevt\logs
C:\Windows\System32\winevt\logs BUILTIN\Administrators:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT SERVICE\TrustedInstaller:(I)(CI)(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32\winevt\logs\Application.evtx
C:\Windows\System32\winevt\logs\Application.evtx BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32\winevt\logs\System.evtx
C:\Windows\System32\winevt\logs\System.evtx BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>
Click to expand...

Result of MGDIAG is:
Code: 
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-MV8MH-98QJM-24367
Windows Product Key Hash: wgci5Gdejx4esg7++zTOe3LWF+4=
Windows Product ID: 55041-OEM-8992671-00437
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {753B57E5-9F0E-43C9-964E-262B08FFF415}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{753B57E5-9F0E-43C9-964E-262B08FFF415}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-24367</PKey><PID>55041-OEM-8992671-00437</PID><PIDType>2</PIDType><SID>S-1-5-21-4058086397-822210148-579945412</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>1607D9G</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>9QKT23AUS</Version><SMBIOSVersion major="2" minor="6"/><Date>20110607000000.000000+000</Date></BIOS><HWID>940F3F07018400FE</HWID><UserLCID>0408</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GTB Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-9Q   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700437-02-1033-7601.0000-0462011
Installation ID: 022225358985642713122401588734102890057762311273718142
Processor Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88338[/URL]
Machine Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88339[/URL]
Use License URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88341[/URL]
Product Key Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88340[/URL]
Partial Product Key: 24367
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 17/8/2013 8:15:00 πμ
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
 
HWID Data-->
HWID Hash Current: MAAAAAEAAgABAAIAAAABAAAAAgABAAEAonaGwU5hVHt86UTlznAMTxibzt4OVS5z
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   LENOVO  TC-9Q   
  FACP   LENOVO  TC-9Q   
  HPET   LENOVO  TC-9Q   
  MCFG   LENOVO  TC-9Q   
  SSDT   LENOVO  TC-9Q   
  SLIC   LENOVO  TC-9Q
 

My Computer My Computer

At a glance

Ultimate 64bit
Computer type
PC/Desktop
OS
Ultimate 64bit
Interesting report.
Had I seen that first, I would have suggested the following fix....

This may simply be caused by a bad set of Intel Rapid Storage Technology drivers -

Installing the Intel Rapid Storage Drivers
try downloading and installing them from here - https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=2101&DwnldID=22194

(you want the iata_enu.exe download)

Once complete, please reboot twice, then post another MGADiag report.


I think it's worth trying - it may be the best way of solving the problem anyhow, if it works.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
new mgadiag

Code: 
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-MV8MH-98QJM-24367
Windows Product Key Hash: wgci5Gdejx4esg7++zTOe3LWF+4=
Windows Product ID: 55041-OEM-8992671-00437
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {753B57E5-9F0E-43C9-964E-262B08FFF415}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{753B57E5-9F0E-43C9-964E-262B08FFF415}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-24367</PKey><PID>55041-OEM-8992671-00437</PID><PIDType>2</PIDType><SID>S-1-5-21-4058086397-822210148-579945412</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>1607D9G</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>9QKT23AUS</Version><SMBIOSVersion major="2" minor="6"/><Date>20110607000000.000000+000</Date></BIOS><HWID>940F3F07018400FE</HWID><UserLCID>0408</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GTB Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-9Q   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700437-02-1033-7601.0000-0462011
Installation ID: 010965665050494454241891732654465813300554205872979726
Processor Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88338[/URL]
Machine Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88339[/URL]
Use License URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88341[/URL]
Product Key Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88340[/URL]
Partial Product Key: 24367
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 17/8/2013 10:57:21 πμ
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys

HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEAonaGwQTfVHsijM5wDE8Ym87eDlUucw==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   LENOVO  TC-9Q   
  FACP   LENOVO  TC-9Q   
  HPET   LENOVO  TC-9Q   
  MCFG   LENOVO  TC-9Q   
  SSDT   LENOVO  TC-9Q   
  SLIC   LENOVO  TC-9Q
 

My Computer My Computer

At a glance

Ultimate 64bit
Computer type
PC/Desktop
OS
Ultimate 64bit
No change, unsurprisingly in view of the other errors.

We need to modify the permissions of the Event logs to give the service the proper access.

Please open an Elevated Command Prompt, and run the following commands

ICACLS C:\Windows\System32\winevt /grant "NT SERVICE\eventlog": (OI)(CI)(RX,W,DC)
ICACLS C:\Windows\System32\winevt\logs /grant "NT SERVICE\eventlog": (OI)(CI)(F)

Reboot, and run CheckSUR again - post the log, and run another MGADiag report and post that.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Code: 
C:\Users\Admin>ICACLS C:\Windows\System32\winevt /grant "NT SERVICE\eventlog": (
OI)(CI)(RX,W,DC)
Invalid parameter "NT SERVICE\eventlog:"
C:\Users\Admin>ICACLS C:\Windows\System32\winevt\logs /grant "NT SERVICE\eventlo
g": (OI)(CI)(F)
Invalid parameter "NT SERVICE\eventlog:"

Running SURT and will post log as soon as it finishes

finished

Code: 
=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 19.0
2013-08-17 13:21
Checking Windows Servicing Packages
Checking Package Manifests and Catalogs
Checking Package Watchlist
Checking Component Watchlist
Checking Packages
Checking Component Store
Summary:
Seconds executed: 395
 No errors detected
(w) Unable to open Event Log 0x000006B5 Application  OpenEventLog failed: 0x000006B5 - The interface is unknown.
.
(w) Unable to open Event Log 0x000006B5 System  OpenEventLog failed: 0x000006B5 - The interface is unknown.
.

and persist log just in case
Code: 
=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 19.0
2013-08-09 16:26
Checking Windows Servicing Packages
Checking Package Manifests and Catalogs
Checking Package Watchlist
Checking Component Watchlist
Checking Packages
Checking Component Store
Summary:
Seconds executed: 425
 No errors detected
(w) Unable to open Event Log 0x000006B5 Application  OpenEventLog failed: 0x000006B5 - The interface is unknown.
.
(w) Unable to open Event Log 0x000006B5 System  OpenEventLog failed: 0x000006B5 - The interface is unknown.
.

=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 19.0
2013-08-12 16:05
Checking Windows Servicing Packages
Checking Package Manifests and Catalogs
Checking Package Watchlist
Checking Component Watchlist
Checking Packages
Checking Component Store
Summary:
Seconds executed: 412
 No errors detected
(w) Unable to open Event Log 0x000006B5 Application  OpenEventLog failed: 0x000006B5 - The interface is unknown.
.
(w) Unable to open Event Log 0x000006B5 System  OpenEventLog failed: 0x000006B5 - The interface is unknown.
.

=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 19.0
2013-08-17 13:21
Checking Windows Servicing Packages
Checking Package Manifests and Catalogs
Checking Package Watchlist
Checking Component Watchlist
Checking Packages
Checking Component Store
Summary:
Seconds executed: 395
 No errors detected
(w) Unable to open Event Log 0x000006B5 Application  OpenEventLog failed: 0x000006B5 - The interface is unknown.
.
(w) Unable to open Event Log 0x000006B5 System  OpenEventLog failed: 0x000006B5 - The interface is unknown.
.
 
Last edited:

My Computer My Computer

At a glance

Ultimate 64bit
Computer type
PC/Desktop
OS
Ultimate 64bit

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
here you go. Are we getting anything useful from all this so far?

Code: 
Farbar Service Scanner Version: 17-08-2013
Ran by Admin (administrator) on 17-08-2013 at 16:04:05
Running from "C:\Users\Admin\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 

My Computer My Computer

At a glance

Ultimate 64bit
Computer type
PC/Desktop
OS
Ultimate 64bit
Bother - that shows nothing, but I'm not sure that it covers the normal Event services anyhow, so we'll have to check them manually.

Please open an Elevated Command Prompt, and run the following commands...
SC QC EVENTLOG
SC QUERYEX EVENTLOG
SC QC wecsvc
SC QUERYEX wecsvc
SC QC EVENTSYSTEM
SC QUERYEX EVENTSYSTEM

Post the results...

Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Code: 
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
C:\Windows\system32>SC QC EVENTLOG
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: EVENTLOG
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetw
orkRestricted
        LOAD_ORDER_GROUP   : Event Log
        TAG                : 0
        DISPLAY_NAME       : Windows Event Log
        DEPENDENCIES       :
        SERVICE_START_NAME : NT AUTHORITY\LocalService
C:\Windows\system32>SC QUERYEX EVENTLOG
SERVICE_NAME: EVENTLOG
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 5  (0x5)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :
C:\Windows\system32>SC QC wecsvc
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: wecsvc
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows Event Collector
        DEPENDENCIES       : HTTP
                           : Eventlog
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
C:\Windows\system32>SC QUERYEX wecsvc
SERVICE_NAME: wecsvc
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :
C:\Windows\system32>SC QC EVENTSYSTEM
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: EVENTSYSTEM
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : COM+ Event System
        DEPENDENCIES       : rpcss
        SERVICE_START_NAME : NT AUTHORITY\LocalService
C:\Windows\system32>SC QUERYEX EVENTSYSTEM
SERVICE_NAME: EVENTSYSTEM
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 456
        FLAGS              :
C:\Windows\system32>
 

My Computer My Computer

At a glance

Ultimate 64bit
Computer type
PC/Desktop
OS
Ultimate 64bit
You appear to be getting an Access Denied error on attempting to start the Eventlog service, for some reason.

I'll do some hunting and see if I can track down a test regime - shout if you haven't heard by Wednesday!
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Noel,

I decided to format since I need to have the computer ready by tomorrow afternoon.

Thanks for all the help.
 

My Computer My Computer

At a glance

Ultimate 64bit
Computer type
PC/Desktop
OS
Ultimate 64bit
Makes sense if you're in a hurry - sorry I couldn't tease some sense out of it!

Good luck
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
You must log in or register to reply here.
Back
Top