New
#1
Windows 7 Upgrade Genuine on upgrade but fails later
Recently upgraded from Windows 7Home to Pro. After a while I keep getting non genuine error page. MS support initially said it is Genuine and did a remote fix but error still returns. Next time MS support say its a known issue due to Malware that only their subscription service can remove. I have run a Malware check, using MS's own Malware checker and found 1 file called TrojanDropper win32/ Rotbrow.d. This has been removed. Norton have also done a deep clean and found nothing. Running scannow it tells me there are windows files it cannot repair but in the CBS.log there is no "Cannot repair" flagged up. Running MGADiag I get a list of tampered files. I have another machine with the Windows 7 Home on it and I've tried to replace the suspect files to no avail. If anyone can help I'd be obliged.
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0x8004FE21 Cached Online Validation Code: N/A, hr = 0xc004f012 Windows Product Key: *****-*****-KPGQV-TR48C-HTG63 Windows Product Key Hash: yrW7o3B10jiOtqj/nIyuxa6Aisw= Windows Product ID: 00371-619-7585003-85923 Windows Product ID Type: 5 Windows License Type: Retail Windows OS version: 6.1.7601.2.00010100.1.0.048 ID: {719E5BE0-D838-4507-B86D-E24B2DF62B13}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Professional Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.140706-1506 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003 File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003 File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003 File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003 File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003 File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003 File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003 File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003 File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003 File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100 Other data--> Office Details: <GenuineResults><MachineData><UGUID>{719E5BE0-D838-4507-B86D-E24B2DF62B13}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HTG63</PKey><PID>00371-619-7585003-85923</PID><PIDType>5</PIDType><SID>S-1-5-21-2646229403-13731723-905348964</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>WE167AA-ABU p6320uk</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>5.15</Version><SMBIOSVersion major="2" minor="6"/><Date>20100625000000.000000+000</Date></BIOS><HWID>5B6C3E07018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> Software licensing service version: 6.1.7601.17514 Name: Windows(R) 7, Professional edition Description: Windows Operating System - Windows(R) 7, RETAIL channel Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9 Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f Extended PID: 00371-00170-619-758500-01-2057-7601.0000-3642014 Installation ID: 001450922195845824590425046675855516002185180211947671 Processor Certificate URL: SpcService Web Service Machine Certificate URL: RacService Web Service Use License URL: UseLicenseService Web Service Product Key Certificate URL: PkcService Web Service Partial Product Key: HTG63 License Status: Licensed Remaining Windows rearm count: 1 Trusted time: 02/01/2015 09:55:53 Windows Activation Technologies--> HrOffline: 0x8004FE21 HrOnline: N/A HealthStatus: 0x000000000001EFF0 Event Time Stamp: 1:1:2015 13:23 ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Registered, Version: 7.1.7600.16395 HealthStatus Bitmask Output: Tampered File: %systemroot%\system32\sppobjs.dll Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui Tampered File: %systemroot%\system32\sppwinob.dll Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui Tampered File: %systemroot%\system32\drivers\spsys.sys HWID Data--> HWID Hash Current: MgAAAAEAAAABAAIAAQACAAAAAwABAAEA4nOkVxpSXH6AtM5wxDEMLAJMil8qIGzLXF0= OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC HPQOEM SLIC-CPC FACP HPQOEM SLIC-CPC HPET HPQOEM SLIC-CPC MCFG HPQOEM SLIC-CPC SLIC HPQOEM SLIC-CPC OEMB HPQOEM SLIC-CPC SSDT HPQOEM SLIC-CPC GSCI HPQOEM SLIC-CPC SSDT HPQOEM SLIC-CPC