Not Running Genuine Windows Error 0x8004fe21
-
Sunday, May 06, 2012 8:26 PM
I'm running an activated Windows 7 Professional 64 Bit. Since today I get error 0x8004fe21 after each reboot.
Below is the MCADiag output.
Any help will be appreciated.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-7PJFF
Windows Product Key Hash: 9KppSy2RUX/a2DCWY1zpDBdVk0M=
Windows Product ID: 55041-091-3046796-86542
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {27B8EE88-82A2-4277-B355-835A60BB5F4C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-091-3046796-86542</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Input Error: There is no script engine for file extension ".vbs".
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 5:6:2012 09:13
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAAADAAAAAwABAAEAln0mUbMv1LWMAAx0Yj2u4GMSmpAW/mL+LnM=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT
All Replies
-
Sunday, May 06, 2012 8:54 PMModerator"geverl" wrote in message news:df9ec9ce-88b0-4c86-b933-60147560a24d...
I'm running an activated Windows 7 Professional 64 Bit. Since today I get error 0x8004fe21 after each reboot.
Below is the MCADiag output.
Any help will be appreciated.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-7PJFF
Windows Product Key Hash: 9KppSy2RUX/a2DCWY1zpDBdVk0M=
Windows Product ID: 55041-091-3046796-86542
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110117000000.000000+000</Date></BIOS
Licensing Data-->
Input Error: There is no script engine for file extension ".vbs".
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
You have multiple problems.Let's start with the easy one ;)The problem lies with the file integrity.This may simply be caused by a bad set of Intel Rapid Storage Technology drivers -Installing the Intel Rapid Storage Driverstry downloading and installing them from here -Once complete, please reboot twice, then post another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Sunday, May 06, 2012 9:12 PM
I've installed the latest Intel Rapid Storage Drivers.
Here's the new report:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-7PJFF
Windows Product Key Hash: 9KppSy2RUX/a2DCWY1zpDBdVk0M=
Windows Product ID: 55041-091-3046796-86542
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {27B8EE88-82A2-4277-B355-835A60BB5F4C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office
Diagnostics:
025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office
Details:
<GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-091-3046796-86542</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To
Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By
O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American
Megatrends
Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion
major="2"
minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W.
Europe Standard
Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product
GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft
Office Professional Edition
2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App
Id="15" Version="11" Result="100"/><App Id="16" Version="11"
Result="100"/><App Id="18" Version="11" Result="100"/><App
Id="19" Version="11" Result="100"/><App Id="1A" Version="11"
Result="100"/><App Id="1B" Version="11" Result="100"/><App
Id="44" Version="11"
Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Input Error: There is no script engine for file extension ".vbs".
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 5:6:2012 09:13
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAAADAAAAAwABAAEAln0mUbMv1LWMAAx0Yj2u4GMSmpAW/mL+LnM=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT -
Sunday, May 06, 2012 9:40 PMModerator"geverl" wrote in message news:77bcc919-c2d9-42d8-be36-82717a4b21c9...
I've installed the latest Intel Rapid Storage Drivers.
Here's the new report:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-7PJFF
Windows Product Key Hash: 9KppSy2RUX/a2DCWY1zpDBdVk0M=
Windows Product ID: 55041-091-3046796-86542
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
Licensing Data-->
Input Error: There is no script engine for file extension ".vbs".
OK - that seems to have failed for some reason - but that may be because of the other problem, so we'll work on that.Open an elevated Command Prompt window. To do so, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. Type the following command in the Command Prompt window, and press {ENTER}:
regsvr32 %systemroot%\system32\vbscript.dll
You should see the following message:
DllRegisterServer in vbscript.dll succeeded.
Now see if the problem persists.
Also, see the following article (slightly different error message, but still relevant)
CScript Error- Can't find script engine VBScript -alternate solution
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 4:36 AM
regsvr32 %systemroot%\system32\vbscript.dll reported success, but the MGADiag report was still the same.
The alternative approach from the article fails with the following error message: "Cannot import ... regfix.reg: Not all data was successfully written to the registry. Some keys are open by the system or other process."
I have rebooted and tried the regfix again, with the same result.
Here is the latest MGADiag report:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-7PJFF
Windows Product Key Hash: 9KppSy2RUX/a2DCWY1zpDBdVk0M=
Windows Product ID: 55041-091-3046796-86542
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {27B8EE88-82A2-4277-B355-835A60BB5F4C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-091-3046796-86542</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Input Error: There is no script engine for file extension ".vbs".Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 5:6:2012 09:13
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAAADAAAAAwABAAEAln0mUbMv1LWMAAx0Yj2u4GMSmpAW/mL+LnM=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT -
Monday, May 07, 2012 8:12 AMModerator"geverl" wrote in message news:bfc67cc9-e44a-4284-a46a-6069a45e801e...
regsvr32 %systemroot%\system32\vbscript.dll reported success, but the MGADiag report was still the same.
The alternative approach from the article fails with the following error message: "Cannot import ... regfix.reg: Not all data was successfully written to the registry. Some keys are open by the system or other process."
I have rebooted and tried the regfix again, with the same result.
Here is the latest MGADiag report:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-7PJFF
Windows Product Key Hash: 9KppSy2RUX/a2DCWY1zpDBdVk0M=
Windows Product ID: 55041-091-3046796-86542
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {27B8EE88-82A2-4277-B355-835A60BB5F4C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-091-3046796-86542</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Input Error: There is no script engine for file extension ".vbs".This sounds as if your anti-virus or other security software is blocking access, rather than anything else.Please list ALL current security/anti-malware software installed - and ALL previous Anti-viruses installed and removed since the time the machine was last formatted.Please also run the following command and post the results.REG QUERY HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 10:22 AM
I have used Microsoft Security Essentials since installation in Feb 2011.
I briefly installed (and completely removed) Avira Free Antivirus (https://www.avira.com/en/downloads) about a year ago.
The only AV installed/running is MSE and I have not installed any other security software apart from the standard Windows 7 firewall.
Here's the result from the command:
HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
(Default) REG_SZ C:\Windows\system32\vbscript.dll
ThreadingModel REG_SZ Both -
Monday, May 07, 2012 10:51 AMModerator
Did you run the Avira removal tool when you uninstalled it?
https://www.avira.com/en/download/product/avira-registrycleaner
Not doing so can leave stuff behind which can cause unforeseen problems later.
The query response looks normal.
please run the following commands and post the results...
REG QUERY HKLM\SOFTWARE\Classes\VBScript /S
REG QUERY HKLM\SOFTWARE\Classes\.vbs /S
REG QUERY HKLM\SOFTWARE\Classes\VBSFile /S
Here are some instructions to maike life easier
:)1) To open an Elevated Command Prompt Window
(the CP window), click on Start, All Programs, Accessories – then right-click on
Command Prompt, and select Run as Administrator. Accept the UAC
prompt.2) To run the commands easier, highlight the
block of commands, and right-click on the highlight – select Copy. In the CP
Windows, click on the black/white icon at top left – select Paste. The commands
will run but may not complete the last command, so hit the Enter Key
once.3) To copy the results... click on the
Black/White icon in the top left, and select Edit... 'Select All', and hit the
Enter key - then use Ctrl+V or r-click+Paste to paste it into your
response.Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
Monday, May 07, 2012 11:08 AM
I've now run the avira-registrycleaner and removed 3 keys
Results of
command1:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript
(Default) REG_SZ VB Script LanguageHKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript\CLSID
(Default) REG_SZ {B54F3741-5B07-11cf-A4B0-00AA004A55E8}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript\OLEScript
(Default) REG_NONEcommand2:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs
(Default) REG_SZ bfvbsfile
Content Type REG_SZ application/x-vbscriptHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs\PersistentHandler
(Default) REG_SZ {5e941d80-bf96-11cd-b579-08002b30bfeb}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs\ScriptEngine
(Default) REG_SZ VBScriptcommand3:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile
FriendlyTypeName REG_EXPAND_SZ @%SystemRoot%\System32\wshext.dll,-4802(Default) REG_SZ VBScript Script File
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\DefaultIcon
(Default) REG_EXPAND_SZ %SystemRoot%\System32\WScript.exe,2HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\ScriptEngine
(Default) REG_SZ VBScriptHKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\ScriptHostEncode
(Default) REG_SZ {85131631-480C-11D2-B1F9-00C04F86C324}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell
(Default) REG_SZ OpenHKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command
(Default) REG_EXPAND_SZ "%SystemRoot%\System32\Notepad.exe" %1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open\Command
(Default) REG_EXPAND_SZ "%SystemRoot%\System32\WScript.exe" "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open2
(Default) REG_EXPAND_SZ Open &with Command Prompt
MUIVerb REG_EXPAND_SZ @%SystemRoot%\System32\wshext.dll,-4511HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open2\Command
(Default) REG_EXPAND_SZ "%SystemRoot%\System32\CScript.exe" "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Print
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Print\Command
(Default) REG_EXPAND_SZ "%SystemRoot%\System32\Notepad.exe" /p %1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\ShellEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\ShellEx\DropHandler
(Default) REG_SZ {60254CA5-953B-11CF-8C96-00AA00B8708C}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\ShellEx\PropertySheetHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\ShellEx\PropertySheetHandlers\WSHProps
(Default) REG_SZ {60254CA5-953B-11CF-8C96-00AA00B8708C} -
Monday, May 07, 2012 11:50 AMModerator"geverl" wrote in message news:b3f0f5b8-4c90-42d8-951a-cdb7a7ce811f...
I've now run the avira-registrycleaner and removed 3 keys
command2:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs
(Default) REG_SZ bfvbsfile
Content Type REG_SZ application/x-vbscriptHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs\PersistentHandler
(Default) REG_SZ {5e941d80-bf96-11cd-b579-08002b30bfeb}Gotcha!Please run the following commands ( you MUST be in an Elevated Command prompt Windows for this)REG DELETE HKLM\SOFTWARE\Classes\.vbs /va /fREG ADD HKLM\SOFTWARE\Classes\.vbs /ve /t REG_SZ /d VBSfile
REG ADD HKLM\SOFTWARE\Classes\.vbs\PersistentHandler /t REG_SZ /d {5e941d80-bf96-11cd-b579-08002b30bfeb}then reboot and run another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 11:58 AM
Here's the new report:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-7PJFF
Windows Product Key Hash: 9KppSy2RUX/a2DCWY1zpDBdVk0M=
Windows Product ID: 55041-091-3046796-86542
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {27B8EE88-82A2-4277-B355-835A60BB5F4C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-091-3046796-86542</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-091-304679-03-1134-7600.0000-0292011
Installation ID: 016803140126104100153456950972883076959551791614483724
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7PJFF
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 07/05/2012 13:55:34Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 5:6:2012 09:13
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAAADAAAAAwABAAEAln0mUbMv1LWMAAx0Yj2u4GMSmpAW/mL+LnM=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT -
Monday, May 07, 2012 12:08 PMModerator
At least we seem to have fixed that problem! :)
there still remains the problem of the file mismatches - wecan try and solve them here if you like, but it is likely to take some considerable time and effort on both our parts. I'm happy to continue if you are.
If you'd rather try elswhere, I recommend that you contact WGA Support for assistance - I know that no-one else in these forums is likely to be able to solve the problem, and I've not seen a solution elsewhere.
WGA Support can be found here-North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4
Outside North America:
http://support.microsoft.com/contactus/?ws=support#tab0
Please let us know if (and how) MS manage to repair the
problem without a repair install of the OS - it would be useful for future
reference!Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
Monday, May 07, 2012 12:10 PMI'd prefer to solve the remaining problems here if that's OK with you.
-
Monday, May 07, 2012 1:03 PMModerator"geverl" wrote in message news:e779fda7-57f1-4997-9efc-09a8ad190b34...I'd prefer to solve the remaining problems here if that's OK with you.Good, goody ! :) - I've been hoping for a chance to have a really good look at this.Let's take a closer look at a few things, and try some of the more standard fixes first, just in case I've missed a clue along the way.please run the following commands and post the resultsNET START CRYTPSVCSC QC CRYPTSVCICACLS C:\Windows\slcext.* /TDIR C:\Windows\slcext.* /s(see my earlier post for details of the easy way to post the results!)Once that's done please run the standard disk checks - CHKDSK C: /R and SFC /SCANNOW in that order - from an elevated command prompt. Please upload (a copy of) the CBS.log file to your public SkyDrive and post the link in another response.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 1:11 PM
Results for
command1:
The requested service has already been started
command2:
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: CRYPTSVC
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME : NT Authority\NetworkServicecommand 3:
C:\Windows\System32\slcext.dll NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)C:\Windows\System32\en-US\slcext.dll.mui NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)C:\Windows\SysWOW64\slcext.dll NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\slcext.*
: Access is denied.
Successfully processed 3 files; Failed processing 1 filescommand 4:
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\System32
14/07/2009 03:41 18 432 slcext.dll
1 File(s) 18 432 bytesDirectory of C:\Windows\System32\en-US
14/07/2009 04:25 17 408 slcext.dll.mui
1 File(s) 17 408 bytesDirectory of C:\Windows\SysWOW64
14/07/2009 03:16 16 384 slcext.dll
1 File(s) 16 384 bytesDirectory of C:\Windows\SysWOW64\en-US
14/07/2009 04:03 17 408 slcext.dll.mui
1 File(s) 17 408 bytesDirectory of C:\Windows\winsxs\amd64_microsoft-windows-s..clientext.resources_3
1bf3856ad364e35_6.1.7600.16385_en-us_c2382769078e105914/07/2009 04:25 17 408 slcext.dll.mui
1 File(s) 17 408 bytesDirectory of C:\Windows\winsxs\amd64_microsoft-windows-security-spp-clientext_3
1bf3856ad364e35_6.1.7600.16385_none_28bbe77bcacffbe414/07/2009 03:41 18 432 slcext.dll
1 File(s) 18 432 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-s..clientext.resources_31b
f3856ad364e35_6.1.7600.16385_en-us_66198be54f309f2314/07/2009 04:03 17 408 slcext.dll.mui
1 File(s) 17 408 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-security-spp-clientext_31b
f3856ad364e35_6.1.7600.16385_none_cc9d4bf812728aae14/07/2009 03:16 16 384 slcext.dll
1 File(s) 16 384 bytesTotal Files Listed:
8 File(s) 139 264 bytes
0 Dir(s) 109 333 803 008 bytes free -
Monday, May 07, 2012 1:44 PMModerator"geverl" wrote in message news:e5dc047b-ecd4-4f22-8a47-b79bce40d3c3...
Results for
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\slcext.*
: Access is denied.
Successfully processed 3 files; Failed processing 1 filesAll those results look normal, except for the one above - and that may simply be because you're in a Domain??The systemprofile folder doesn't normally have any 'Application Data' subfolder anywhere, in a workgroup system; and it doesn't contain a mirror of the slcext file anyhow (that I can see, at least)Please run the following commands - post the resultsDIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local /SREG QUERY HKUREG QUERY HKU\S-1-5-20REG QUERY HKU\S-1-5-20\EnvironmentREG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20"ICACLS C:\Windows\ServiceProfiles\NetworkServiceICACLS C:\Windows\ServiceProfiles\NetworkService\NTUSER.DATAre you on a Domain-base installation or a normal independent Workgroup one?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 2:46 PM
The chkdsk took ages ...
Here's the output from SFC: https://skydrive.live.com/redir.aspx?cid=6c118079344ae475&resid=6C118079344AE475!122&parid=6C118079344AE475!116
I'm on a normal independent workgroup PC.
Outputs from
command 1:
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
11/07/2011 01:16 <DIR> .
11/07/2011 01:16 <DIR> ..
21/04/2012 12:43 <DIR> Google
03/05/2011 06:57 <DIR> Microsoft
03/05/2011 06:57 <DIR> Programs
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google
21/04/2012 12:43 <DIR> .
21/04/2012 12:43 <DIR> ..
02/02/2012 07:32 <DIR> CrashReports
21/04/2012 12:43 <DIR> Custom Buttons
11/07/2011 01:16 <DIR> GBScreensaver
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\CrashReports
02/02/2012 07:32 <DIR> .
02/02/2012 07:32 <DIR> ..
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Custom Buttons
21/04/2012 12:43 <DIR> .
21/04/2012 12:43 <DIR> ..
10/01/2012 03:43 1 946 toolbar.google.com_MXE8GT6B9RBHXCGLZ06L.xml
1 File(s) 1 946 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\GBScreensaver
11/07/2011 01:16 <DIR> .
11/07/2011 01:16 <DIR> ..
11/07/2011 01:16 0 network.log
1 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
01/02/2011 14:52 <DIR> OFFICE
03/05/2011 06:57 <DIR> Windows
03/05/2011 06:57 <DIR> Windows Photo Gallery
03/05/2011 06:57 <DIR> Windows Sidebar
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\OFFICE
01/02/2011 14:52 <DIR> .
01/02/2011 14:52 <DIR> ..
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
03/05/2011 06:57 <DIR> Burn
14/07/2009 06:54 <DIR> Caches
03/05/2011 06:57 <DIR> GameExplorer
03/05/2011 06:57 <DIR> Ringtones
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Burn
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
03/05/2011 14:30 <DIR> Burn
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn
03/05/2011 14:30 <DIR> .
03/05/2011 14:30 <DIR> ..
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
14/07/2009 06:54 <DIR> .
14/07/2009 06:54 <DIR> ..
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\GameExplorer
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Ringtones
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
03/05/2011 06:57 <DIR> Original Images
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery\Original Images
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows Sidebar
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
03/05/2011 14:30 <DIR> Gadgets
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows Sidebar\Gadgets
03/05/2011 14:30 <DIR> .
03/05/2011 14:30 <DIR> ..
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Programs
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
03/05/2011 06:57 <DIR> Common
0 File(s) 0 bytesDirectory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Programs\Common
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
0 File(s) 0 bytesTotal Files Listed:
2 File(s) 1 946 bytes
56 Dir(s) 109 284 474 880 bytes freecommand 2:
HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-20
HKEY_USERS\S-1-5-21-2099548595-4161321057-3812494868-1000
HKEY_USERS\S-1-5-21-2099548595-4161321057-3812494868-1000_Classes
HKEY_USERS\S-1-5-18command 3:
HKEY_USERS\S-1-5-20\AppEvents
HKEY_USERS\S-1-5-20\Console
HKEY_USERS\S-1-5-20\Control Panel
HKEY_USERS\S-1-5-20\Environment
HKEY_USERS\S-1-5-20\EUDC
HKEY_USERS\S-1-5-20\Keyboard Layout
HKEY_USERS\S-1-5-20\Network
HKEY_USERS\S-1-5-20\Printers
HKEY_USERS\S-1-5-20\Software
HKEY_USERS\S-1-5-20\Systemcommand 4:
HKEY_USERS\S-1-5-20\Environment
TEMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Tempcommand 5:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-20
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkServi
ce
Flags REG_DWORD 0x0
State REG_DWORD 0x0command 6:
C:\Windows\ServiceProfiles\NetworkService NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(
F)
BUILTIN\Administrators:(OI)(IO)(F)
BUILTIN\Administrators:(CI)(F)
NT AUTHORITY\SYSTEM:(OI)(IO)(F)
NT AUTHORITY\SYSTEM:(CI)(F)Successfully processed 1 files; Failed processing 0 files
command 7:
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)
NT AUTHORITY\NETWORK SERVIC
E:(I)(F)Successfully processed 1 files; Failed processing 0 files
-
Monday, May 07, 2012 3:34 PMModerator"geverl" wrote in message news:6e48d3af-400a-4dd9-95e4-3bd52b3f9a2e...
The chkdsk took ages ...
Here's the output from SFC: https://skydrive.live.com/redir.aspx?cid=6c118079344ae475&resid=6C118079344AE475!122&parid=6C118079344AE475!116
I'm on a normal independent workgroup PC.
Outputs from
All the command-line output looks OK, as far as it goes - there were a couple of errors relating to Oracle .NET files which SFC managed to fix.We need one more piece of data from that area - the hidden/system files and folders - and a couple of bits from elsewhereDIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local /S /asDIR "C:\Application Data" /s asDIR C:\ /AL /SIt may be a good idea to export to a text file and upload it, rather than post it here.There has to be (have been) something - probably in the registry - that's forced that Application Data folder.The trick is to find it.Please download RegScanner for x64 from http://www.nirsoft.net/utils/regscanner.htmlinstall it, and configure it to search only the HKLM hive.Do a search for 'Application Data' matching 'Registry item contains the specified string' (with all 'Look at' options ticked)Create an HTML report of all items found, and save it as an .mht fileUpload the mht file to your SkyDrive.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 3:50 PMThe files are uploaded.
-
Monday, May 07, 2012 4:18 PMModerator"geverl" wrote in message news:5c9c1793-262d-440e-8e24-bc9f071d444d...The files are uploaded.Ah - the Application Data folder is actually a Junction on your machine.03/05/2011 06:57 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]This junction does not exist on my machinesA number of other junctions were also created at the same time - which looks as if it was the time at which the OS was installed? and so is possibly an intended part of the installation (but I have no idea why!)This does seem very strange.The Registry report contains even less than I was expecting (you obviously don't have Office 2010 installed), and is clear of obvious errors.I need to do some research (and cook my dinner!) - back in a while.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 7:03 PMModerator"Noel D Paton" wrote in message news:752358aa-dadb-483a-85cf-d36578d3906c...I need to do some research (and cook my dinner!) - back in a while.Thinking about the problem brings me back to the IRST drivers again. It may be that the driver installer was affected by the lack of vbs ability. I would suggest trying the installation again.Once installed, reboot, and run another MGADiag report - post the results.Please also look in the Event Viewer and see if there are any related errors either for the installation, or over the past 24 hours while we've been attempting to solve the problem.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 7:34 PM
I've uploaded the system event error log for the past 24 hrs.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-7PJFF
Windows Product Key Hash: 9KppSy2RUX/a2DCWY1zpDBdVk0M=
Windows Product ID: 55041-091-3046796-86542
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {27B8EE88-82A2-4277-B355-835A60BB5F4C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-091-3046796-86542</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-091-304679-03-1134-7600.0000-0292011
Installation ID: 016803140126104100153456950972883076959551791614483724
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7PJFF
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 07/05/2012 21:29:17Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 5:6:2012 09:13
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAAADAAAAAwABAAEAln0mUbMv1LWMAAx0Yj2u4GMSmpAW/mL+LnM=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT -
Monday, May 07, 2012 7:48 PMI've also uploaded a 24h log of all errors (Windows, applications and services)
-
Monday, May 07, 2012 7:51 PMModerator"geverl" wrote in message news:d8e8ac03-ce23-4d54-ad0a-e628789e03b3...I've also uploaded a 24h log of all errors (Windows, applications and services)Interesting list - teh one most relevant is probably the one referring to the Cryptographics databasePlease read the following article and see if you can apply it.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 7:55 PM
When I try esentutl /p <%systemroot%>\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
I get "access denied" despite running it from an elevated command prompt.
-
Monday, May 07, 2012 8:00 PMModerator"geverl" wrote in message news:69e38323-8fd6-46a9-ae33-ae8e53e1b453...
When I try esentutl /p <%systemroot%>\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
I get "access denied" despite running it from an elevated command prompt.
That usually means that you've not properly stopped the service.try again - this time, once you've got the 'service stopped' message, typeSC QUERYEX CRYPTSVCand check that the response says 'stopped' for the State.If not, please post the result.otherwise, try the esentutl command again
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 8:02 PM
C:\Windows\system32>net stop cryptsvc
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
C:\Windows\system32>esentutl /p <%systemroot%>\System32\catroot2\{F750E6C3-38EE-
11D1-85E5-00C04FC295EE}\catdb
Access is denied.C:\Windows\system32>SC QUERYEX CRYPTSVC
SERVICE_NAME: CRYPTSVC
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :C:\Windows\system32>esentutl /p <%systemroot%>\System32\catroot2\{F750E6C3-38EE-
11D1-85E5-00C04FC295EE}\catdb
Access is denied. -
Monday, May 07, 2012 8:13 PMModerator"geverl" wrote in message news:4d7fce2f-33b5-4424-8e22-6e5785841230...
C:\Windows\system32>net stop cryptsvc
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
C:\Windows\system32>esentutl /p <%systemroot%>\System32\catroot2\{F750E6C3-38EE-
11D1-85E5-00C04FC295EE}\catdb
Access is denied.C:\Windows\system32>SC QUERYEX CRYPTSVC
SERVICE_NAME: CRYPTSVC
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :C:\Windows\system32>esentutl /p <%systemroot%>\System32\catroot2\{F750E6C3-38EE-
11D1-85E5-00C04FC295EE}\catdb
Access is denied.Ah - I get the same response in my VM, despite Administrators having Full permissionsI see what the problem is.....the command should beesentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 8:26 PM
Unfortunately, Windows does not create a new catroot2 folder.
C:\Windows\system32>net stop cryptsvc
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
C:\Windows\system32>esentutl /g %systemroot%\System32\catroot2\{F750E6C3-38EE-11
D1-85E5-00C04FC295EE}\catdbExtensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.1
Copyright (C) Microsoft Corporation. All Rights Reserved.Error: Access to source database 'C:\Windows\System32\catroot2\{F750E6C3-38EE-11
D1-85E5-00C04FC295EE}\catdb' failed with Jet error -1811.Operation terminated with error -1811 (JET_errFileNotFound, File not found) afte
r 0.0 seconds.- Edited by geverl Monday, May 07, 2012 8:27 PM
-
Monday, May 07, 2012 8:33 PMModerator"geverl" wrote in message news:a36754f6-da7c-431b-a7a6-a1f82d622f81...
Unfortunately, Windows does not create a new catroot2 folder.
C:\Windows\system32>net stop cryptsvc
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
C:\Windows\system32>esentutl /g %systemroot%\System32\catroot2\{F750E6C3-38EE-11
D1-85E5-00C04FC295EE}\catdbExtensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.1
Copyright (C) Microsoft Corporation. All Rights Reserved.Error: Access to source database 'C:\Windows\System32\catroot2\{F750E6C3-38EE-11
D1-85E5-00C04FC295EE}\catdb' failed with Jet error -1811.Operation terminated with error -1811 (JET_errFileNotFound, File not found) afte
r 0.0 seconds.
please run the following commandICACLS C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdbpost the results
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 8:35 PM
C:\Windows\system32>ICACLS C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5
-00C04FC295EE}\catdb
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: The s
ystem cannot find the file specified.
Successfully processed 0 files; Failed processing 1 files -
Monday, May 07, 2012 8:59 PMModerator"geverl" wrote in message news:dd63772d-6597-4b0a-a9e4-f07fdcba9de4...
C:\Windows\system32>ICACLS C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5
-00C04FC295EE}\catdb
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: The s
ystem cannot find the file specified.
Successfully processed 0 files; Failed processing 1 filesIt may be simplest to just rename the entire catroot2 folder.To do that you will need to switch off the Windows Update client service as well, then rename the folder (do not delete it yet!) to catroot2.old (you can do that in Explorer)reboot- or does your first comment mean that you already tried that and the folder is not recreated on the reboot?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 9:06 PM
Yes, I tried that, but without a reboot, as that was not requested in the article.
I've now stopped Windows Update, renamed the folder again to catroot2.old and rebooted, with the same result: Windows does not create a new catroot2 folder.
- Edited by geverl Monday, May 07, 2012 9:06 PM
-
Monday, May 07, 2012 9:13 PM
I can also not install the latest version of Windows Security Essentials, as it fails with error code 0x80070643.
I'll get some sleep now, maybe we'll be luckier tomorrow.
- Edited by geverl Monday, May 07, 2012 9:16 PM
-
Monday, May 07, 2012 9:22 PMModerator"geverl" wrote in message news:76c5d821-2182-4bfc-8004-702d43933223...
I can also not install the latest version of Windows Security Essentials, as it fails with error code 0x80070643.
I'll get some sleep now, maybe we'll be luckier tomorrow.
Try method 8 from the following article - I suspect that's the one most likely to work.(I agree - my eyes are turning square!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 9:30 PM
According to method 8, my certificates should be fine.
Some validation dates are slightly different, but that should not matter I guess.
-
Monday, May 07, 2012 9:54 PMModerator"geverl" wrote in message news:9e7e1063-0cd9-428a-8b2d-79c7697fcde8...
According to method 8, my certificates should be fine.
Some validation dates are slightly different, but that should not matter I guess.
Hmm - I just did the renaming operation on my VM, and it took a couple of minutes before the catroot2 folder re-appeared, and then a couple more minutes before it had finished rebuilding the database.please run the following commands -ICACLS C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}ICACLS C:\Windows\System32\catroot2ICACLS C:\Windows\System32post the results.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 07, 2012 10:29 PMModerator"Noel D Paton" wrote in message news:6c66a737-0343-49ec-be2b-064e85c2d7ef...please run the following commands -ICACLS C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}ICACLS C:\Windows\System32\catroot2ICACLS C:\Windows\System32post the results.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothPlease also run RegScanner again, and set the search forFind String: bf (tick case sensitive)Look at : Data (untick all other options)tick 'Scan the following base Keys'Highlight only 'HKEY_LOCAL_MACHINE'run the search, then order by the 'Data' columnHighlight ALL entries where the Data entry starts with'bf' (without the quotes!)and do an HTML export of Selected items - save as mht, and upload to your SkyDrive.This may be residues of a virus/malware infestation - I'm hoping that if it is, it follows the same format as your other problem with the vbs association.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Tuesday, May 08, 2012 4:27 AM
You are right, catroot2 has indeed been created:
C:\Windows\system32>ICACLS C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5
-00C04FC295EE}
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} NT SERVICE\C
ryptSvc:(OI)(CI)(F)
NT SERVICE\T
rustedInstaller:(F)
NT SERVICE\T
rustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY
\SYSTEM:(F)
NT AUTHORITY
\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Admi
nistrators:(F)
BUILTIN\Admi
nistrators:(I)(OI)(CI)(IO)(F)
BUILTIN\User
s:(RX)
BUILTIN\User
s:(I)(OI)(CI)(IO)(GR,GE)
NT AUTHORITY
\NETWORK SERVICE:(F)
CREATOR OWNE
R:(I)(OI)(CI)(IO)(F)Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32\catroot2
C:\Windows\System32\catroot2 NT SERVICE\CryptSvc:(OI)(CI)(F)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32
C:\Windows\System32 NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)Successfully processed 1 files; Failed processing 0 files
The registry scan results are uploaded.
-
Tuesday, May 08, 2012 7:47 AMModerator"geverl" wrote in message news:29c61a2e-a60e-4e63-bcf2-6d39f4c2de2f...
You are right, catroot2 has indeed been created:
The registry scan results are uploaded.
The registry results are interesting!affected filetypes are.asp ASP.css.jsThese problems seem to be related to a piece of software that uses 'bflang2' and 'bfproject' extenstions (BlueFish??), which may have been installed on 17 March - although the affected filetypes were only modified on 2nd May.The fact that all these filetypes are internet-related immediately makes me very suspicious of malware brought in from a website somewhere (although it's also possible that they are there as part of a piece of security software)Please download and install Malwarebytes Anti-malware www.malwarebytes.org and update it, and run a full scan (DO NOT enable the Real-Time protection option!) in your main account, and Quick scans in any other user accounts.Delete everything it finds
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Tuesday, May 08, 2012 9:25 AM
7 files were found and removed (cf. uploaded log).
-
Tuesday, May 08, 2012 10:12 AMModerator"geverl" wrote in message news:0018ad84-f8da-4ca5-8d60-d3c21c8ec6f7...
7 files were found and removed (cf. uploaded log).
According to the log, you didn't remove them - you can delete most of them manually, except possible the first (which is probably the one most worth removing).I see that there were no registry entries found - which surprises me a little.please run the following commands and upload the results.REG QUERY HKLM\SOFTWARE\Classes\.asp /s
REG QUERY HKLM\SOFTWARE\Classes\.css /S
REG QUERY HKLM\SOFTWARE\Classes\.js /S
I have to go out for most of the day now - back later.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Edited by Noel D PatonMicrosoft Community Contributor, Moderator Tuesday, May 08, 2012 10:16 AM fumble-fingers!
-
Tuesday, May 08, 2012 10:17 AM
I saved the log before launching the removal, which required a reboot.
REG QUERY gives me an "invalid syntax" error.
-
Tuesday, May 08, 2012 10:26 AMModerator
It certainly shouldn't do so - especially as almost identical queries have worked in the past.
Can you look for the entries in Regedit, and check that they exist?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
Tuesday, May 08, 2012 10:28 AM
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.asp /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp
(Default) REG_SZ bfaspfile
Content Type REG_SZ text/x-aspHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\PersistentHandler
(Default) REG_SZ {eec97550-47a9-11cf-b952-00aa0051fe20}
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.css /SHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.css
PerceivedType REG_SZ text
(Default) REG_SZ bfcssfile
Content Type REG_SZ text/cssHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.css\PersistentHandler
(Default) REG_SZ {eec97550-47a9-11cf-b952-00aa0051fe20}
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.js /SHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js
(Default) REG_SZ bfjsfile
Content Type REG_SZ application/javascriptHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\OpenWithList
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\PersistentHandler
(Default) REG_SZ {5e941d80-bf96-11cd-b579-08002b30bfeb}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\ScriptEngine
(Default) REG_SZ JScript -
Tuesday, May 08, 2012 6:23 PMModerator"geverl" wrote in message news:c1a66c06-63a3-485f-afde-70dcc78c1afa...
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.asp /s
Interesting results - I need to think on them, but I don't believe that these are the cause of the problem (but I will craft a repair anyhow, just in case)I'll be back later. Time for an early night for a change, I think!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 6:33 AM
I don't know whether that's of any use, but I've uploaded a screen shot of the latest Windows Update actions.
-
Wednesday, May 09, 2012 9:38 AMModerator"geverl" wrote in message news:1ddf479b-c1a0-44f5-92f3-8ad0e27854aa...
I don't know whether that's of any use, but I've uploaded a screen shot of the latest Windows Update actions.
Ouch - that looks painful! However, I'm not too surprised by it - recommended updates will always fail in a 'non-genuine' system, and if your problem extends further than the WGA/WAT system (as it may if you have multiple problems resulting from malware), then it may be affecting WU as well.Do you have BlueFish installed at all? - this will almost certainly break it, if soplease run the following commands, then reboot, and post a new MGADiag report.REG DELETE HKLM\SOFTWARE\Classes\.asp /va /fREG ADD HKLM\SOFTWARE\Classes\.asp /ve /t REG_SZ /d aspfile
REG ADD HKLM\SOFTWARE\Classes\.asp\PersistentHandler /t REG_SZ /d {eec97550-47a9-11cf-b952-00aa0051fe20}REG DELETE HKLM\SOFTWARE\Classes\.css /va /fREG ADD HKLM\SOFTWARE\Classes\.css /ve /t REG_SZ /d CSSfileREG ADD HKLM\SOFTWARE\Classes\.css /v "Content type" /t REG_SZ /d text/cssREG ADD HKLM\SOFTWARE\Classes\.css /v "Perceived Type"/t REG_SZ /d text
REG ADD HKLM\SOFTWARE\Classes\.css\PersistentHandler /t REG_SZ /d {eec97550-47a9-11cf-b952-00aa0051fe20}REG DELETE HKLM\SOFTWARE\Classes\.js /va /fREG ADD HKLM\SOFTWARE\Classes\.js /ve /t REG_SZ /d JSFileREG ADD HKLM\SOFTWARE\Classes\.js\PersistentHandler /t REG_SZ /d {5e941d80-bf96-11cd-b579-08002b30bfeb}
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 9:52 AM
Do you mean http://bluefish.openoffice.nl/index.html, which I tried out some time ago and then removed it?
Here's the latest MGADiag report (after successful execution of the commands and reboot):
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-7PJFF
Windows Product Key Hash: 9KppSy2RUX/a2DCWY1zpDBdVk0M=
Windows Product ID: 55041-091-3046796-86542
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {27B8EE88-82A2-4277-B355-835A60BB5F4C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-091-3046796-86542</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-091-304679-03-1134-7600.0000-0292011
Installation ID: 016803140126104100153456950972883076959551791614483724
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7PJFF
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 09/05/2012 11:49:38Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 5:6:2012 09:13
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAAADAAAAAwABAAEAln0mUbMv1LWMAAx0Yj2u4GMSmpAW/mL+LnM=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT -
Wednesday, May 09, 2012 10:10 AMModerator"geverl" wrote in message news:e60e65bd-62ce-4a91-b533-87a560b4c5b0...
Do you mean http://bluefish.openoffice.nl/index.html, which I tried out some time ago and then removed it?
Here's the latest MGADiag report (after successful execution of the commands and reboot):
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-7PJFF
Windows Product Key Hash: 9KppSy2RUX/a2DCWY1zpDBdVk0M=
Windows Product ID: 55041-091-3046796-86542
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
Yep - that's the one.It looks like the uninstall didn't work very well :(In that case, we'll also remove the other references we've already found.(there's no change in the report yet, as you've probably noticed)REG QUERY HKLM\SOFTWARE\Classes\.bflang2 /sREG QUERY HKLM\SOFTWARE\Classes\.bfproject /sREG DELETE HKLM\SOFTWARE\Classes\.bflang2REG DELETE HKLM\SOFTWARE\Classes\.bfprojectplease post the results - this will allow us to track down other residuals (and act as backup in case of need <g>)also, please run RegScanner, with the following searchesIn all cases, use the following settingsMatching: Registry item contains the specified stringLook at: (tick all)Scan the following base keys: HKEY_LOCAL_MACHINEthe search items arebfvbsfilebfaspfilebfcssfilebfjsfilebfprojectbflang2save the output (if any) and upload to your Skydrive
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 10:21 AM
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.bflang2 /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bflang2
Content Type REG_SZ application/x-bluefish-language2
(Default) REG_SZ bflang2file
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.bfproject /sHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfproject
Content Type REG_SZ application/x-bluefish-project
(Default) REG_SZ bfprojectfile
C:\Windows\system32>REG DELETE HKLM\SOFTWARE\Classes\.bflang2
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bflang2
(Yes/No)? y
The operation completed successfully.C:\Windows\system32>REG DELETE HKLM\SOFTWARE\Classes\.bfproject
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfproje
ct (Yes/No)? y
The operation completed successfully.The reg scan results are uploaded (RegScan.txt).
-
Wednesday, May 09, 2012 10:45 AMModerator"geverl" wrote in message news:a6c7129e-3f47-44bb-90bf-916a704836ce...
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.bflang2 /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bflang2
Content Type REG_SZ application/x-bluefish-language2
(Default) REG_SZ bflang2file
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.bfproject /sHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfproject
Content Type REG_SZ application/x-bluefish-project
(Default) REG_SZ bfprojectfile
C:\Windows\system32>REG DELETE HKLM\SOFTWARE\Classes\.bflang2
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bflang2
(Yes/No)? y
The operation completed successfully.C:\Windows\system32>REG DELETE HKLM\SOFTWARE\Classes\.bfproject
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\. bfproje
ct (Yes/No)? y
The operation completed successfully.The reg scan results are uploaded (RegScan.txt).
OK - I don't really want to go any further down this route at the moment, as the essential problem appears not to be related (it sounds as if you have sufficient skills to to the rest yourself anyhow - but leave it until we've sorted the WGA problem, please!)FWIW, I just installed BlueFish on my VM, and although I did get these two entries, I did not get the changes in the other Classes we've seen here.This would imply that the changes were made by something else, either in or with, BlueFish - possibly an optional component. Did you install any such thing?I'm going to play a bit, and see if there's anything smacks me in the face - back later.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 10:54 AMModerator"geverl" wrote in message news:a6c7129e-3f47-44bb-90bf-916a704836ce...
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.bflang2 /s
The reg scan results are uploaded (RegScan.txt).
While I think of it - let's make sure that the changes went as planned....please runREG QUERY HKLM\SOFTWARE\Classes\.asp /sREG QUERY HKLM\SOFTWARE\Classes\.vbs /sREG QUERY HKLM\SOFTWARE\Classes\.css /sREG QUERY HKLM\SOFTWARE\Classes\.js /spost the results.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 1:08 PM
I can't say for sure, but think I just did a normal install of Bluefish.
Here are the results:
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.asp /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp
(Default) REG_SZ aspfileHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\PersistentHandler
(Default) REG_SZ {eec97550-47a9-11cf-b952-00aa0051fe20}
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.vbs /sHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs
(Default) REG_SZ VBSfileHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs\PersistentHandler
(Default) REG_SZ {5e941d80-bf96-11cd-b579-08002b30bfeb}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs\ScriptEngine
(Default) REG_SZ VBScript
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.css /sHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.css
(Default) REG_SZ CSSfile
Content type REG_SZ text/css
Perceived Type REG_SZ textHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.css\PersistentHandler
(Default) REG_SZ {eec97550-47a9-11cf-b952-00aa0051fe20}
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\.js /sHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js
(Default) REG_SZ JSFileHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\OpenWithList
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\PersistentHandler
(Default) REG_SZ {5e941d80-bf96-11cd-b579-08002b30bfeb}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\ScriptEngine
(Default) REG_SZ JScript -
Wednesday, May 09, 2012 1:34 PMModerator"geverl" wrote in message news:09f2e332-07e2-4386-b149-78e805fd6d57...
I can't say for sure, but think I just did a normal install of Bluefish.
There's two minor errors there still - I don't think it means anything, but best to remove themREG DELETE HKLM\SOFTWARE\Classes\.vbs\ScriptEngineREG DELETE HKLM\SOFTWARE\Classes\.js\ScriptEngineI'm not sure where they appeared from - I thought I'd removed them with my earlier amendments .It may be worth checking the proper locations for these entriesREG QUERY HKLM\SOFTWARE\Classes\JSFile /SREG QUERY HKLM\SOFTWARE\Classes\VBSFile /Spost the results - it may be a good idea to upload them to your SkyDrive, as it could be lengthy.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 1:43 PM
I've uploaded the results (reg1.txt and reg2.txt).
I don't know if it's related, but just to let you know, I've been unable to create manual restore points for some time. When I try to it shows the "Creating a restore point..." message box for ages and then fails. I couldn't find any solution for this on the web.
-
Wednesday, May 09, 2012 2:17 PMModerator"geverl" wrote in message news:acf071d5-5719-4ce8-b455-d87e8672de00...
I've uploaded the results (reg1.txt and reg2.txt).
I don't know if it's related, but just to let you know, I've been unable to create manual restore points for some time. When I try to it shows the "Creating a restore point..." message box for ages and then fails. I couldn't find any solution for this on the web.
I'm not certain either :) I know that System Restore used to use scripting to a large extent - I wouldn't be surprised if it was related to the vbscript problem that we've hopefully solved. I would suggest disabling SR, rebooting, and then re-enabling it and rebooting again. See if it behaves any better then.The only error there is a missing entry - run the following command to fix thatREG ADD HKLM\SOFTWARE\Classes\JSFile\DefaultIcon /ve /t REG_SZ /d %SystemRoot%\System32\WScript.exe,3I can't see that having any effect - but please run another MGADiag report (only post it if it shows any significant changes - no point in making this thread any longer than it already is!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 2:43 PM
I disabled SR, rebooted, re-enabled it and rebooted again: no change, SR still fails with the same error (cf. screen shot).
I ran the REG ADD command, the MGADiag report is still unchanged.
-
Wednesday, May 09, 2012 3:54 PMModerator"geverl" wrote in message news:578e7a52-4862-4f4b-bf53-881aa2ca1b43...
I disabled SR, rebooted, re-enabled it and rebooted again: no change, SR still fails with the same error (cf. screen shot).
I ran the REG ADD command, the MGADiag report is still unchanged.
I've not seen a good solution to that error in a quick search - but the responses to the following may be instructiveNET START VSSSC QUERYEX VSSSC QC VSSSC SDSHOW VSSI'm also looking for more clues in your Event Viewer logs -a couple of Windows Updates refer to an 0x8000ffff error - see here (it's for Vista, but should also work in Win7)There appears to be an Apache service of some kind running - and failing with the error"httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.0.10 for ServerName"BitLocker appears to be having problems - but I know absolutely nothing about BL.Bonjour is having problems - but then I've never seen an installation where it didn't have problems of one kind or another. Apple software may work on apples - but it doesn't work on anything else.The ones that concern me are the huge number of CAPI2 errors "The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032." - do these still occur? - please upload the latest 24hour event log so we can check.The DCOM errors appear to be caused by the ATI/AMD Catalyst drivers - updating them may be a good idea.The Kernel-Processor-Power problems can be caused by a mis-set feature in Windows (I can't remember the details - I'll have to search for them), or by disabling SpeedStep in the BIOS.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 4:39 PM
C:\Windows\system32>NET START VSS
The service is starting or stopping. Please try again later.
C:\Windows\system32>SC QUERYEX VSSSERVICE_NAME: VSS
TYPE : 10 WIN32_OWN_PROCESS
STATE : 3 STOP_PENDING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 4320
FLAGS :C:\Windows\system32>SC QC VSS
[SC] QueryServiceConfig SUCCESSSERVICE_NAME: VSS
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystemC:\Windows\system32>SC SDSHOW VSS
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)Regarding the KB946414 link above: the 3 keys do not exist in the registry.
A new 24h event log is uploaded (Event Log 9.5.12.evtx).
-
Wednesday, May 09, 2012 5:27 PMModerator"geverl" wrote in message news:1f997e5a-9116-486c-ab04-0bb3992d0f42...
C:\Windows\system32>NET START VSS
The service is starting or stopping. Please try again later.
C:\Windows\system32>SC QUERYEX VSSSERVICE_NAME: VSS
TYPE : 10 WIN32_OWN_PROCESS
STATE : 3 STOP_PENDING
Regarding the KB946414 link above: the 3 keys do not exist in the registry.
A new 24h event log is uploaded (Event Log 9.5.12.evtx).
That would probably explain the System Restore/VSS problem, if the service is locked into a 'stopping but not stopped' state.Please run the command (elevated)vssadmin list writersand post the results -it may give some details while I see if I can come up with a viable 'fix'
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 5:50 PM
This has now been running for ages and never returns:
C:\Windows\system32>vssadmin list writers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.Waiting for responses.
These may be delayed if a shadow copy is being prepared. -
Wednesday, May 09, 2012 6:23 PMModerator"geverl" wrote in message news:6a47f6a4-830e-48bf-910e-93049493c5ca...
This has now been running for ages and never returns:
C:\Windows\system32>vssadmin list writers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.Waiting for responses.
These may be delayed if a shadow copy is being prepared.I'm not too surprised :(I've uploaded a file to my SkyDrive - 'register VSS dlls.txt'download it and save it.rename it or copy it so that the file extension becomes .BATthen right-click on the bat file, and select Run as Administrator.This will bring up a lot of 'success' messages - and may bring up some failure messages.We can ignore the success messages, but need any failure ones (just the filename)once complete, reboot.Wait 10 minutesthen see if VSS works by starting and stopping the service.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 6:29 PMPardon my ignorance, but is there a way for me to find your SkyDrive (I'm not used to SkyDrive)?
-
Wednesday, May 09, 2012 6:42 PMModerator"Noel D Paton" wrote in message news:599511e4-7beb-460b-b789-835d21c47fcf..."geverl" wrote in message news:6a47f6a4-830e-48bf-910e-93049493c5ca...
This has now been running for ages and never returns:
C:\Windows\system32>vssadmin list writers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.Waiting for responses.
These may be delayed if a shadow copy is being prepared.I'm not too surprised :(I've uploaded a file to my SkyDrive - 'register VSS dlls.txt'download it and save it.rename it or copy it so that the file extension becomes .BATthen right-click on the bat file, and select Run as Administrator.This will bring up a lot of 'success' messages - and may bring up some failure messages.We can ignore the success messages, but need any failure ones (just the filename)once complete, reboot.Wait 10 minutesthen see if VSS works by starting and stopping the service.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothSorry - my fault!!forgot to post the link.....
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Edited by Noel D PatonMicrosoft Community Contributor, Moderator Wednesday, May 09, 2012 6:44 PM simplify link
-
Wednesday, May 09, 2012 6:52 PM
Here are the errors (I'll now reboot and wait 10 minutes):
D:\Users\Asterix\Desktop>"register VSS dlls.bat"
D:\Users\Asterix\Desktop>net stop "System Event Notification Service"
The System Event Notification Service service is stopping.
A system error has occurred.System error 997 has occurred.
Overlapped I/O operation is in progress.
The System Event Notification Service service was stopped successfully.
D:\Users\Asterix\Desktop>net stop "Microsoft Software Shadow Copy Provider"
The Microsoft Software Shadow Copy Provider service is not started.More help is available by typing NET HELPMSG 3521.
D:\Users\Asterix\Desktop>net stop "Volume Shadow Copy"
The Volume Shadow Copy service is stopping........
The Volume Shadow Copy service could not be stopped. -
Wednesday, May 09, 2012 6:56 PMModerator"geverl" wrote in message news:375b2cb0-c18b-40c7-95b5-e0eb3b5be856...
Here are the errors (I'll now reboot and wait 10 minutes):
D:\Users\Asterix\Desktop>"register VSS dlls.bat"
So far, as expected.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 7:04 PMOwner
Ignorance?!? No, not at all.
You have been able to keep up with Noel while he is in full (track down every error and kill it) troubleshooting mode. That is no small feat, in my opinion.
I think it's more likely that Noel was just preoccupied thinking about the problem and forgot to provide a link.
I did some digging through the forums and I think I found Noel's public Skydrive folder:
https://skydrive.live.com/?cid=936736bb8fceb92f&sc=documents&uc=1&id=936736BB8FCEB92F!115#
Thanks,
Darin MS
- Edited by Darin Smith MSOwner Wednesday, May 09, 2012 7:07 PM
-
Wednesday, May 09, 2012 7:06 PM
C:\Windows\system32>net start vss
The Volume Shadow Copy service is starting.
The Volume Shadow Copy service was started successfully.
C:\Windows\system32>net stop vss
The Volume Shadow Copy service is stopping.
The Volume Shadow Copy service was stopped successfully. -
Wednesday, May 09, 2012 7:09 PMThanks a lot, Noel has now provided the link.
-
Wednesday, May 09, 2012 7:15 PMModerator"Darin Smith MS" wrote in message news:58b4a714-0d72-4330-8c80-72e49dd99ea2...
Ignorance?!? No, not at all.
You have been able to keep up with Noel while he is in full (track down every error and kill it) troubleshooting mode. That is no small feat, in my opinion.
Darin MS
I need to get a life! :)You are quite right, though.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 7:17 PMModerator"geverl" wrote in message news:5b2268ec-5150-4b86-9345-1612099f7719...
C:\Windows\system32>net start vss
The Volume Shadow Copy service is starting.
The Volume Shadow Copy service was started successfully.
C:\Windows\system32>net stop vss
The Volume Shadow Copy service is stopping.
The Volume Shadow Copy service was stopped successfully.Yay! - we have (some kind of) lift-off!Now see if you can create a System restore point.- and just in case, please post another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 7:24 PM
I think we're still grounded.
Unfortunately nothing has changed with regards to the SR creation or the MGADiag report.
-
Wednesday, May 09, 2012 7:35 PMModerator"geverl" wrote in message news:6fa90c31-096e-4ace-8cfa-d4d3560e4358...
I think we're still grounded.
Unfortunately nothing has changed with regards to the SR creation or the MGADiag report.
OK - now please run the commandvssadmin list writersagain and post the results.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 7:44 PM
No change, before and after reboot:
C:\Windows\system32>vssadmin list writers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.Waiting for responses.
These may be delayed if a shadow copy is being prepared. -
Wednesday, May 09, 2012 7:57 PMModerator"geverl" wrote in message news:d297f823-c8ed-4c54-a833-47e72a8790fa...
No change, before and after reboot:
C:\Windows\system32>vssadmin list writers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.Waiting for responses.
These may be delayed if a shadow copy is being prepared.ouch.does the VSS still stop and start?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 09, 2012 8:00 PM
no:
C:\Windows\system32>net stop vss
The Volume Shadow Copy service is stopping........
The Volume Shadow Copy service could not be stopped. -
Wednesday, May 09, 2012 8:14 PMModerator"geverl" wrote in message news:8b0cf323-206f-4db2-a536-7edfba819e05...
no:
C:\Windows\system32>net stop vss
The Volume Shadow Copy service is stopping........
The Volume Shadow Copy service could not be stopped.Yeurrgh!I need to think about this.back tomorrow - but it'll probably be late (around 5pm BST) unless I can fiddle a little free time during the day.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Thursday, May 10, 2012 1:24 PMModerator"Noel D Paton" wrote in message news:f7cb1575-5a41-4b00-9204-12efb6ec734b..."geverl" wrote in message news:8b0cf323-206f-4db2-a536-7edfba819e05...
no:
C:\Windows\system32>net stop vss
The Volume Shadow Copy service is stopping........
The Volume Shadow Copy service could not be stopped.Yeurrgh!I need to think about this.back tomorrow - but it'll probably be late (around 5pm BST) unless I can fiddle a little free time during the day.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothLet's go back to the original problem for the moment.I have a sneaky suspicion that the problem is caused by those junctions in the SysWOW64 folder. They do not exist on any of my installationsso let's get rid of them....RD "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data"RD "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History"RD "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files"Once complete, reboot and run another MGADiag report.Also, please check running in all accounts! - it looks like you have the Administrator account enabled? if so, test that as well.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Thursday, May 10, 2012 2:39 PM
I do not have the Administrator account enabled.
I've executed the 3 commands and rebooted.
The MGADiag report has not changed.
-
Thursday, May 10, 2012 3:23 PMModerator
At some point, you almost have to have done - the user folders exist for it, where they wouldn't if it had never been active. (another clue?)
OK - there's a boatload of related Junctions that should be removed anyhow even if they aren't likely to be a cause....
RD C:\Windows\SysWOW64\config\systemprofile\Application Data
RD C:\Windows\SysWOW64\config\systemprofile\Cookies
RD "C:\Windows\SysWOW64\config\systemprofile\Local Settings"
RD C:\Windows\SysWOW64\config\systemprofile\My Documents
RD C:\Windows\SysWOW64\config\systemprofile\NetHood
RD C:\Windows\SysWOW64\config\systemprofile\PrintHood
RD C:\Windows\SysWOW64\config\systemprofile\Recent
RD C:\Windows\SysWOW64\config\systemprofile\SendTo
RD C:\Windows\SysWOW64\config\systemprofile\Start Menu
RD C:\Windows\SysWOW64\config\systemprofile\Templates
RD "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data"
RD C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History
RD "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files"Again - please test when complete.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
Thursday, May 10, 2012 3:45 PMDone. Still no change in the MGADiag report.
-
Thursday, May 10, 2012 4:12 PMModerator
OK - I'll go back into thinking mode for a while.
Please do feel free to contact WGA support of help if you feel inclined - I won't be insulted (disappointed, maybe - but I've already learned a lot from this thread, which always mitigates!).
back later - more likely tomorrow, unless I have a brainstorm.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
Friday, May 11, 2012 9:51 AMModerator"geverl" wrote in message news:db31d985-04b8-4d6b-ab69-d44e9e400dd1...Done. Still no change in the MGADiag report.Hmmm - I missed a set :(RD "C:\Windows\SysWOW64\config\systemprofile\Documents\My Music"RD "C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures"RD "C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos"still thinking :)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Friday, May 11, 2012 10:10 AMModerator"Noel D Paton" wrote in message news:17ba815a-a8a1-4fc2-9679-bca4d234dd5b...
OK - I'll go back into thinking mode for a while.
Please do feel free to contact WGA support of help if you feel inclined - I won't be insulted (disappointed, maybe - but I've already learned a lot from this thread, which always mitigates!).
back later - more likely tomorrow, unless I have a brainstorm.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
please run the following commands and post the results.ICACLS C:\Windows\SysWOW64\config\systemprofileICACLS C:\Windows\SysWOW64\config\systemprofile\AppDataRD C:\Windows\SysWOW64\config\systemprofile\DocumentsDIR C:\Windows\SysWOW64\config\systemprofile\AppDataDIR C:\Windows\SysWOW64\config\systemprofile\AppData\LocalDIR C:\Windows\SysWOW64\config\systemprofile\AppData /asDIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local /as
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Friday, May 11, 2012 4:00 PM
C:\Windows\system32>ICACLS C:\Windows\SysWOW64\config\systemprofile
C:\Windows\SysWOW64\config\systemprofile BUILTIN\Administrators:(I)(OI)(IO)(F)
BUILTIN\Administrators:(I)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(CI)(F)
Asterix-PC\Asterix:(I)(OI)(CI)(F)Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\SysWOW64\config\systemprofile\AppData
C:\Windows\SysWOW64\config\systemprofile\AppData BUILTIN\Administrators:(I)(OI)(
IO)(F)
BUILTIN\Administrators:(I)(CI)(
F)
NT AUTHORITY\SYSTEM:(I)(OI)(IO)
(F)
NT AUTHORITY\SYSTEM:(I)(CI)(F)
Asterix-PC\Asterix:(I)(OI)(CI)(
F)Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>RD C:\Windows\SysWOW64\config\systemprofile\Documents
Access is denied.C:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile\AppData
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData
10/05/2012 16:30 <DIR> Local
06/10/2011 11:10 <DIR> Roaming
0 File(s) 0 bytes
2 Dir(s) 109 269 164 032 bytes freeC:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
10/05/2012 16:30 <DIR> .
10/05/2012 16:30 <DIR> ..
21/04/2012 12:43 <DIR> Google
03/05/2011 06:57 <DIR> Microsoft
03/05/2011 06:57 <DIR> Programs
0 File(s) 0 bytes
5 Dir(s) 109 269 200 896 bytes freeC:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile\AppData /as
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData
14/07/2009 06:55 <DIR> .
14/07/2009 06:55 <DIR> ..
06/10/2011 11:12 <DIR> LocalLow
0 File(s) 0 bytes
3 Dir(s) 109 269 200 896 bytes freeC:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local /
as
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
File Not Found
-
Friday, May 11, 2012 4:24 PMModerator"geverl" wrote in message news:4b18adb0-dea3-4b1b-a0b2-8a8e03fbfd36...
C:\Windows\system32>RD C:\Windows\SysWOW64\config\systemprofile\Documents
Access is denied.C:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
10/05/2012 16:30 <DIR> ..
10/05/2012 16:30 <DIR> ...
21/04/2012 12:43 <DIR> Google
03/05/2011 06:57 <DIR> Microsoft
03/05/2011 06:57 <DIR> Programs
0 File(s) 0 bytes
5 Dir(s) 109 269 200 896 bytes freeI've highlighted the problems, above -please run the following commands.DIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local\MicrosoftRD C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google /sRD C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Programs /sRD C:\Windows\SysWOW64\config\systemprofile\Documents /spost the results.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Friday, May 11, 2012 4:27 PM
C:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local\M
icrosoft
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft
03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
01/02/2011 14:52 <DIR> OFFICE
03/05/2011 06:57 <DIR> Windows
03/05/2011 06:57 <DIR> Windows Photo Gallery
03/05/2011 06:57 <DIR> Windows Sidebar
0 File(s) 0 bytes
6 Dir(s) 109 259 427 840 bytes freeC:\Windows\system32>RD C:\Windows\SysWOW64\config\systemprofile\AppData\Local\G
oogle /s
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google, Are you sure (Y/N
)? yC:\Windows\system32>RD C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Pr
ograms /s
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Programs, Are you sure (Y
/N)? yC:\Windows\system32>RD C:\Windows\SysWOW64\config\systemprofile\Documents /s
C:\Windows\SysWOW64\config\systemprofile\Documents, Are you sure (Y/N)? y -
Friday, May 11, 2012 5:00 PMModerator"geverl" wrote in message news:154b6272-1f8d-4629-a121-6b392be4bd2b...
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft
03/05/2011 06:57 <DIR> ..
03/05/2011 06:57 <DIR> ...
01/02/2011 14:52 <DIR> OFFICE
03/05/2011 06:57 <DIR> Windows
03/05/2011 06:57 <DIR> Windows Photo Gallery
03/05/2011 06:57 <DIR> Windows Sidebar
0 File(s) 0 bytes
6 Dir(s) 109 259 427 840 bytes freeI didn't expect that one!DIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\WindowsDIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows /asRD /Q C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\OFFICERD /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery"RD /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows Sidebar"
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Friday, May 11, 2012 5:02 PM
C:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local\M
icrosoft\Windows
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\W
indows03/05/2011 06:57 <DIR> .
03/05/2011 06:57 <DIR> ..
03/05/2011 06:57 <DIR> Burn
10/05/2012 16:42 <DIR> Caches
03/05/2011 06:57 <DIR> GameExplorer
03/05/2011 06:57 <DIR> Ringtones
0 File(s) 0 bytes
6 Dir(s) 109 252 886 528 bytes freeC:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local\M
icrosoft\Windows /as
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\W
indows14/07/2009 06:54 <DIR> History
14/07/2009 06:54 <DIR> Temporary Internet Files
0 File(s) 0 bytes
2 Dir(s) 109 252 886 528 bytes freeC:\Windows\system32>RD /Q C:\Windows\SysWOW64\config\systemprofile\AppData\Loca
l\Microsoft\OFFICEC:\Windows\system32>RD /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Loca
l\Microsoft\Windows Photo Gallery"
The directory is not empty.C:\Windows\system32>RD /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Loca
l\Microsoft\Windows Sidebar"
The directory is not empty. -
Friday, May 11, 2012 5:12 PMModerator"geverl" wrote in message news:0ee5813d-fdc6-40e4-9d9c-6acd7a7997b5...
C:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local\M
icrosoft\Windows
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows
03/05/2011 06:57 <DIR> ..
03/05/2011 06:57 <DIR> ...
03/05/2011 06:57 <DIR> Burn
10/05/2012 16:42 <DIR> Caches
03/05/2011 06:57 <DIR> GameExplorer
03/05/2011 06:57 <DIR> Ringtones
0 File(s) 0 bytes
6 Dir(s) 109 252 886 528 bytes free
C:\Windows\system32>RD /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Loca
l\Microsoft\Windows Photo Gallery"
The directory is not empty.C:\Windows\system32>RD /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Loca
l\Microsoft\Windows Sidebar"
The directory is not empty.My fault (trying to be clever!)RD /Q /S "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery"RD /Q /S "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows Sidebar"RD /Q /S C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\BurnRD /Q /S C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\GameExplorerRD /Q /S C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\RingtonesDIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Cachesthen reboot and see if MGADiag shows any changes (I doubt it)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Friday, May 11, 2012 5:22 PM
No change in the MGADiag report.
C:\Windows\system32>RD /Q /S "C:\Windows\SysWOW64\config\systemprofile\AppData\L
ocal\Microsoft\Windows Photo Gallery"C:\Windows\system32>RD /Q /S "C:\Windows\SysWOW64\config\systemprofile\AppData\L
ocal\Microsoft\Windows Sidebar"C:\Windows\system32>RD /Q /S C:\Windows\SysWOW64\config\systemprofile\AppData\Lo
cal\Microsoft\Windows\BurnC:\Windows\system32>RD /Q /S C:\Windows\SysWOW64\config\systemprofile\AppData\Lo
cal\Microsoft\Windows\GameExplorerC:\Windows\system32>RD /Q /S C:\Windows\SysWOW64\config\systemprofile\AppData\Lo
cal\Microsoft\Windows\RingtonesC:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile\AppData\Local\M
icrosoft\Windows\Caches
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\W
indows\Caches10/05/2012 16:42 <DIR> .
10/05/2012 16:42 <DIR> ..
10/05/2012 16:42 16 384 cversions.1.db
10/05/2012 16:42 193 632 {6AF0698E-D558-4F6E-9B3C-3716689AF493}.1.ver
0x0000000000000001.db
2 File(s) 210 016 bytes
2 Dir(s) 109 252 128 768 bytes free -
Friday, May 11, 2012 6:18 PMModerator"geverl" wrote in message news:ec87b6a7-92b4-4ec1-96eb-5882cc4dc244...
No change in the MGADiag report.
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
10/05/2012 16:42 <DIR> ..
10/05/2012 16:42 <DIR> ...
10/05/2012 16:42 16 384 cversions.1.db
10/05/2012 16:42 193 632 {6AF0698E-D558-4F6E-9B3C-3716689AF493}.1.ver
0x0000000000000001.db
Not sure about the significance of those two files - any idea what you were doing at that time?In view of the problems we've had with this area, it would be a good idea to go back to the registry and check a few things there.Please use RegScanner to look for any items containing the following phrasessyswow64\configbluefishexport anything found to MHT and upload to your SkyDrive
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Friday, May 11, 2012 6:30 PM
Apart from doing what you asked me to, I did not make any system changes at that time.
I've put the results in RegScan12.5.12.txt and RegScan12.5.12_2.txt.
-
Friday, May 11, 2012 8:16 PMModerator"geverl" wrote in message news:78051e80-cdcf-4d5b-8e3d-e39a07110381...
Apart from doing what you asked me to, I did not make any system changes at that time.
I've put the results in RegScan12.5.12.txt and RegScan12.5.12_2.txt.
Thanks -The first set of results are normalThe second set show nothing that can't be let alone.Let's go back and check a sample of the 'mismatched' filesICACLS C:\Windows\System32\slcext.* /TICACLS C:\Windows\SysWOW64\slcext.* /Tdir C:\windows\slcext*.* /sSC QUERY type= service >%userprofile%\Documents\serviceslist.txtYou'll need to upload the serviceslist.txt file to your SkyDrive - mine came out at 30KB.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Friday, May 11, 2012 8:25 PM
The serviceslist.txt file is uploaded with a size of 30KB.
C:\Windows\system32>ICACLS C:\Windows\System32\slcext.* /T
C:\Windows\System32\slcext.dll NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)C:\Windows\System32\en-US\slcext.dll.mui NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)Successfully processed 2 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\SysWOW64\slcext.* /T
C:\Windows\SysWOW64\slcext.dll NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)C:\Windows\SysWOW64\config\systemprofile\Application Data\slcext.*: Access is de
nied.
Successfully processed 1 files; Failed processing 1 filesC:\Windows\system32>dir C:\windows\slcext*.* /s
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\windows\System32
14/07/2009 03:41 18 432 slcext.dll
1 File(s) 18 432 bytesDirectory of C:\windows\System32\en-US
14/07/2009 04:25 17 408 slcext.dll.mui
1 File(s) 17 408 bytesDirectory of C:\windows\SysWOW64
14/07/2009 03:16 16 384 slcext.dll
1 File(s) 16 384 bytesDirectory of C:\windows\SysWOW64\en-US
14/07/2009 04:03 17 408 slcext.dll.mui
1 File(s) 17 408 bytesDirectory of C:\windows\winsxs\amd64_microsoft-windows-s..clientext.resources_3
1bf3856ad364e35_6.1.7600.16385_en-us_c2382769078e105914/07/2009 04:25 17 408 slcext.dll.mui
1 File(s) 17 408 bytesDirectory of C:\windows\winsxs\amd64_microsoft-windows-security-spp-clientext_3
1bf3856ad364e35_6.1.7600.16385_none_28bbe77bcacffbe414/07/2009 03:41 18 432 slcext.dll
1 File(s) 18 432 bytesDirectory of C:\windows\winsxs\x86_microsoft-windows-s..clientext.resources_31b
f3856ad364e35_6.1.7600.16385_en-us_66198be54f309f2314/07/2009 04:03 17 408 slcext.dll.mui
1 File(s) 17 408 bytesDirectory of C:\windows\winsxs\x86_microsoft-windows-security-spp-clientext_31b
f3856ad364e35_6.1.7600.16385_none_cc9d4bf812728aae14/07/2009 03:16 16 384 slcext.dll
1 File(s) 16 384 bytesTotal Files Listed:
8 File(s) 139 264 bytes
0 Dir(s) 109 261 074 432 bytes free -
Friday, May 11, 2012 9:07 PMModerator"geverl" wrote in message news:80432006-baed-47ef-b7b1-d999a0664093...
The serviceslist.txt file is uploaded with a size of 30KB.
C:\Windows\SysWOW64\config\systemprofile\Application Data\slcext.*: Access is de
nied.
Successfully processed 1 files; Failed processing 1 filesWTH???I thought we'd got rid of that?There has to be something in the file system pointing to that position stillPerhaps another CHKDSK is called for.CHKDSK C: /Fthis time - we can hope that the free space is still OKPlease post the results from Event Viewer (Wininit event in the Windows Application logs)once complete, please run the following commandsICACLS C:\Windows\SysWOW64\slcext.* /TDIR C:\Windows\SysWOW64\config\systemprofile /asDIR C:\Windows\SysWOW64\config\systemprofile /ahDIR C:\Windows\SysWOW64\config\systemprofile /alDIR C:\Windows\SysWOW64\config\systemprofileDIR C:\Windows\System32 /AL S
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Friday, May 11, 2012 9:39 PM
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 3)...
731136 file records processed. File verification completed.
957 large file records processed. 0 bad file records processed. 2 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)...
855358 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)...
731136 file SDs/SIDs processed. Cleaning up 92 unused index entries from index $SII of file 0x9.
Cleaning up 92 unused index entries from index $SDH of file 0x9.
Cleaning up 92 unused security descriptors.
Security descriptor verification completed.
62112 data files processed. CHKDSK is verifying Usn Journal...
36553248 USN bytes processed. Usn Journal verification completed.
Windows has checked the file system and found no problems.
204799999 KB total disk space.
97019808 KB in 384940 files.
187048 KB in 62113 indexes.
0 KB in bad sectors.
841171 KB in use by the system.
65536 KB occupied by the log file.
106751972 KB available on disk.
4096 bytes in each allocation unit.
51199999 total allocation units on disk.
26687993 allocation units available on disk.
Internal Info:
00 28 0b 00 58 d2 06 00 c9 df 0b 00 00 00 00 00 .(..X...........
d7 04 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 ....<...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Windows has finished checking your disk.
Please wait while your computer restarts.
C:\Windows\system32>ICACLS C:\Windows\SysWOW64\slcext.* /T
C:\Windows\SysWOW64\slcext.dll NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)C:\Windows\SysWOW64\config\systemprofile\Application Data\slcext.*: Access is de
nied.
Successfully processed 1 files; Failed processing 1 filesC:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile /as
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile
14/07/2009 06:55 <DIR> AppData
03/05/2011 06:57 <JUNCTION> Application Data [C:\Windows\system32\config
\systemprofile\AppData\Roaming]
03/05/2011 06:57 <JUNCTION> My Documents [C:\Windows\system32\config\sys
temprofile\Documents]
03/05/2011 06:57 <JUNCTION> Start Menu [C:\Windows\system32\config\syste
mprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
4 Dir(s) 109 287 616 512 bytes freeC:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile /ah
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile
03/05/2011 06:57 <JUNCTION> Application Data [C:\Windows\system32\config
\systemprofile\AppData\Roaming]
03/05/2011 06:57 <JUNCTION> My Documents [C:\Windows\system32\config\sys
temprofile\Documents]
03/05/2011 06:57 <JUNCTION> Start Menu [C:\Windows\system32\config\syste
mprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
3 Dir(s) 109 287 616 512 bytes freeC:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile /al
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile
03/05/2011 06:57 <JUNCTION> Application Data [C:\Windows\system32\config
\systemprofile\AppData\Roaming]
03/05/2011 06:57 <JUNCTION> My Documents [C:\Windows\system32\config\sys
temprofile\Documents]
03/05/2011 06:57 <JUNCTION> Start Menu [C:\Windows\system32\config\syste
mprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
3 Dir(s) 109 287 616 512 bytes freeC:\Windows\system32>DIR C:\Windows\SysWOW64\config\systemprofile
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile
11/05/2012 18:26 <DIR> .
11/05/2012 18:26 <DIR> ..
03/05/2011 14:30 <DIR> Contacts
03/05/2011 14:30 <DIR> Desktop
03/05/2011 14:30 <DIR> Downloads
03/05/2011 14:30 <DIR> Favorites
03/05/2011 14:30 <DIR> Links
03/05/2011 14:30 <DIR> Music
03/05/2011 14:30 <DIR> Pictures
03/05/2011 14:30 <DIR> Saved Games
03/05/2011 14:30 <DIR> Searches
03/05/2011 14:30 <DIR> Videos
0 File(s) 0 bytes
12 Dir(s) 109 287 616 512 bytes freeC:\Windows\system32>DIR C:\Windows\System32 /AL S
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\System32
Directory of C:\Windows\System32File Not Found
-
Friday, May 11, 2012 10:00 PMModerator"geverl" wrote in message news:b5a7f262-2fb3-4181-9bf5-942ce59a6393...
Checking file system on C:
The type of the file system is NTFS.
Directory of C:\Windows\SysWOW64\config\systemprofile
14/07/2009 06:55 <DIR> AppData
03/05/2011 06:57 <JUNCTION> Application Data [C:\Windows\system32\config
\systemprofile\AppData\Roaming]
03/05/2011 06:57 <JUNCTION> My Documents [C:\Windows\system32\config\sys
temprofile\Documents]
03/05/2011 06:57 <JUNCTION> Start Menu [C:\Windows\system32\config\syste
mprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
4 Dir(s) 109 287 616 512 bytes freeFile Not Found
This is worrying - perhaps we'd better have another look at malware.All the Junctions are back in place.Download TDSSKiller from http://support..kaspersky.com/faq/?qid=208283363follow their instructions for use.See what it finds.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Friday, May 11, 2012 10:10 PM469 objects processed, 0 threats.
-
Friday, May 11, 2012 10:19 PMModerator"geverl" wrote in message news:c4ad95e1-ce42-4eea-98c8-0333cfc582f2...469 objects processed, 0 threats.OKPlease download Junction from http://technet.microsoft.com/en-us/sysinternals/bb896768extract the executable to the C:\Windows\System32 folderthen run the commandjunction -s c:\windowsI get 6 'Access Denied' errors - and nothing else.If you have anything else, either post the results, or upload them (depending on how many)Then I'll have to have a think ( and sleep!) again.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Friday, May 11, 2012 10:24 PM
C:\Windows\system32>junction -s c:\windows
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.comFailed to open \\?\c:\windows\System32\Microsoft\Protect\Recovery\Recovery.dat:
Access is denied.Failed to open \\?\c:\windows\System32\Microsoft\Protect\Recovery\Recovery.dat.L
OG1: Access is denied.Failed to open \\?\c:\windows\System32\Microsoft\Protect\Recovery\Recovery.dat.L
OG2: Access is denied.Failed to open \\?\c:\windows\System32\Microsoft\Protect\Recovery\Recovery.dat{7
f69ff24-507a-11e0-93a4-0025229344e5}.TM.blf: Access is denied.Failed to open \\?\c:\windows\System32\Microsoft\Protect\Recovery\Recovery.dat{7
f69ff24-507a-11e0-93a4-0025229344e5}.TMContainer00000000000000000001.regtrans-ms
: Access is denied.Failed to open \\?\c:\windows\System32\Microsoft\Protect\Recovery\Recovery.dat{7
f69ff24-507a-11e0-93a4-0025229344e5}.TMContainer00000000000000000002.regtrans-ms
: Access is denied.\\?\c:\windows\SysWOW64\config\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\\?\c:\windows\SysWOW64\config\systemprofile\My Documents: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Documents
Substitute Name: C:\Windows\system32\config\systemprofile\Documents\\?\c:\windows\SysWOW64\config\systemprofile\Start Menu: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Mic
rosoft\Windows\Start Menu
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Mic
rosoft\Windows\Start Menu -
Friday, May 11, 2012 11:14 PMModerator"geverl" wrote in message news:d2368e39-e7b3-4dd3-a4be-eec542396870...
\\?\c:\windows\SysWOW64\config\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\\?\c:\windows\SysWOW64\config\systemprofile\My Documents: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Documents
Substitute Name: C:\Windows\system32\config\systemprofile\Documents\\?\c:\windows\SysWOW64\config\systemprofile\Start Menu: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Mic
rosoft\Windows\Start Menu
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Mic
rosoft\Windows\Start MenuLet's see if we have more luck using junction to delete the offending links.junction -d "c:\windows\SysWOW64\config\systemprofile\Start Menu"junction -d "c:\windows\SysWOW64\config\systemprofile\My Documents"junction -d "c:\windows\SysWOW64\config\systemprofile\Application"ICACLS C:\Windows\SysWOW64\slcext.* /Tpost the results, then reboot, and runICACLS C:\Windows\SysWOW64\slcext.* /TDIR C:\Windows\SysWOW64 /AL /Spost those results - I plan on being in bed by then.catch you tomorrow!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Saturday, May 12, 2012 7:20 AM
C:\Windows\system32>junction -d "c:\windows\SysWOW64\config\systemprofile\Start
Menu"Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.comDeleted c:\windows\SysWOW64\config\systemprofile\Start Menu.
C:\Windows\system32>junction -d "c:\windows\SysWOW64\config\systemprofile\My Doc
uments"Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.comDeleted c:\windows\SysWOW64\config\systemprofile\My Documents.
C:\Windows\system32>junction -d "c:\windows\SysWOW64\config\systemprofile\Applic
ation"Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.comError deleting c:\windows\SysWOW64\config\systemprofile\Application: The system
cannot find the file specified.
C:\Windows\system32>ICACLS C:\Windows\SysWOW64\slcext.* /T
C:\Windows\SysWOW64\slcext.dll NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)C:\Windows\SysWOW64\config\systemprofile\Application Data\slcext.*: Access is de
nied.
Successfully processed 1 files; Failed processing 1 files===============
Reboot
===============
C:\Windows\system32>ICACLS C:\Windows\SysWOW64\slcext.* /T
C:\Windows\SysWOW64\slcext.dll NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)C:\Windows\SysWOW64\config\systemprofile\Application Data\slcext.*: Access is de
nied.
Successfully processed 1 files; Failed processing 1 filesC:\Windows\system32>DIR C:\Windows\SysWOW64 /AL /S
Volume in drive C has no label.
Volume Serial Number is 8AB7-BD92Directory of C:\Windows\SysWOW64\config\systemprofile
03/05/2011 06:57 <JUNCTION> Application Data [C:\Windows\system32\config
\systemprofile\AppData\Roaming]
0 File(s) 0 bytesTotal Files Listed:
0 File(s) 0 bytes
1 Dir(s) 109 293 813 760 bytes free -
Saturday, May 12, 2012 9:42 AMModerator"geverl" wrote in message news:a1bab080-73ee-4fea-a0b0-10e37ae75ad8...
Error deleting c:\windows\SysWOW64\config\systemprofile\Application: The system
cannot find the file specified.C:\Windows\SysWOW64\config\systemprofile\Application Data\slcext.*: Access is de
nied.
Successfully processed 1 files; Failed processing 1 filesBother, must have typo'd this one.junction -d "c:\windows\SysWOW64\config\systemprofile\Application Data"once done, reboot and run another MGADiag report
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Saturday, May 12, 2012 9:50 AM
C:\Windows\system32>junction -d "c:\windows\SysWOW64\config\systemprofile\Applic
ation Data"Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.comDeleted c:\windows\SysWOW64\config\systemprofile\Application Data.
C:\Windows\system32>ICACLS C:\Windows\SysWOW64\slcext.* /T
C:\Windows\SysWOW64\slcext.dll NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)C:\Windows\SysWOW64\en-US\slcext.dll.mui NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)Successfully processed 2 files; Failed processing 0 files
The MGADiag report is unchanged.
-
Saturday, May 12, 2012 10:25 AMModerator"geverl" wrote in message news:23515497-7b15-4e8d-ab24-c5dfde85796d...
C:\Windows\system32>junction -d "c:\windows\SysWOW64\config\systemprofile\Applic
ation Data"Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.comDeleted c:\windows\SysWOW64\config\systemprofile\Application Data.
C:\Windows\system32>ICACLS C:\Windows\SysWOW64\slcext.* /T
C:\Windows\SysWOW64\slcext.dll NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)C:\Windows\SysWOW64\en-US\slcext.dll.mui NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)Successfully processed 2 files; Failed processing 0 files
The MGADiag report is unchanged.
At least we're not getting the access denied error any more!please run the following - let's see if there's any more odd junctions/symlinks floating around still, and if there's any references to the latest removals in the registry.junction -s C:\WindowsDIR C:\Windows\slcext* /s(you'll need to upload the results to your SkyDrive )run RegScanner, and see if you can find any references toSysWOW64\configScan the following base keys: (highlight all)Look at: (tick all)Matching: Registry item contains the specified string(untick everything else)I get 15 entries there (three Google, and 12 MRU) - you will probably need to upload the report to SkyDrive.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Saturday, May 12, 2012 10:33 AM
res12.5.12_1.txt
-
Saturday, May 12, 2012 11:54 AMModerator"geverl" wrote in message news:4b8c79c5-14bc-44b5-b3d8-dc375a19e1a9...
res12.5.12_1.txt
That all looks normal now :)Please try the following -Recreate the Licensing Store
1) Click Start button.
2) Type: CMD.exe into the 'Search programs and files' field
3) Right-Click on CMD.exe and select Run as Administrator
4) Type: net stop sppsvc (It may ask you if you are sure, select yes)
Note: the Software Protection service may not be running, this is ok.
5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
6) Type: rename tokens.dat tokens.bar
7) Type: cd %windir%\system32
8) Type: net start sppsvc
9) Type: slui.exe
10) After a couple of seconds Windows Activation dialog will appear. You will be asked to re-activate and/or re-enter your product Key - enter the Key from your sticker, and wait for activation to complete, or a full error message (the sin) which you should quote in full!
Reboot and Post back with a new MGADiag report
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Saturday, May 12, 2012 12:07 PM
The report has changed: MGADIag Report 12.5.12.txt
It did not ask for my product key, it just said that the activation was successful.
-
Saturday, May 12, 2012 12:45 PMI have now entered my product key and fully activated Windows, given that the MGADiag report indicated that it had only activated the 30 day trial period.
-
Saturday, May 12, 2012 5:24 PMModerator"geverl" wrote in message news:09abcbd8-e71a-4693-8fbb-2573ac1a1508...I have now entered my product key and fully activated Windows, given that the MGADiag report indicated that it had only activated the 30 day trial period.Please post another MGADiag report (in the forum)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Saturday, May 12, 2012 5:28 PM
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-JJD36
Windows Product Key Hash: xYDT9ADGqg7zMUT6R3nz0Qd/RJk=
Windows Product ID: 55041-090-8366291-86085
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {27B8EE88-82A2-4277-B355-835A60BB5F4C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-090-8366291-86085</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-090-836629-03-1134-7601.0000-1332012
Installation ID: 018186094665924003636475299986356261780436842511527280
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: JJD36
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 12/05/2012 19:28:15Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 5:6:2012 09:13
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAAADAAAAAwABAAEAln0mUbMv1LWMAAx0Yj2u4GMSmpAW/mL+LnM=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT -
Saturday, May 12, 2012 5:47 PMModerator"geverl" wrote in message news:c6a7f3b1-199a-4655-8501-85fbbb0a85cc...
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-JJD36
Windows Product Key Hash: xYDT9ADGqg7zMUT6R3nz0Qd/RJk=
Windows Product ID: 55041-090-8366291-86085
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
7File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100It's still the same error :(However, the report is significantly different to the one you started out with.This report has a Volume License Key, which appears to be genuine. (ending JJD36)Your original report had a different Volume License Key, ending 7PJFF.What happened there?Please try (yet again!) installing a new set of IRST drivers - let's see if that has the desired effect now.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Saturday, May 12, 2012 5:58 PM
I installed the wrong product key by mistake.
The 7PJFF one is for the 64 Bit Win 7 Pro that is installed on the PC.
The JJd36 is for 32 Bit Win 7 Pro. I'm wondering why it was accepted for activation.
Shall I recreate the licensing store and activate with the correct product key?
Here's the MGADiag report after reinstalling the IRST drivers and rebooting:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-JJD36
Windows Product Key Hash: xYDT9ADGqg7zMUT6R3nz0Qd/RJk=
Windows Product ID: 55041-090-8366291-86085
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {27B8EE88-82A2-4277-B355-835A60BB5F4C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-090-8366291-86085</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-090-836629-03-1134-7601.0000-1332012
Installation ID: 018186094665924003636475299986356261780436842511527280
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: JJD36
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 12/05/2012 19:55:10Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 5:6:2012 09:13
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAAADAAAAAwABAAEAln0mUbMv1LWMAAx0Yj2u4GMSmpAW/mL+LnM=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT -
Saturday, May 12, 2012 6:07 PMModerator"geverl" wrote in message news:e7cd387c-4363-4152-9dd8-e540f2dbc74c...
I installed the wrong product key by mistake.
The 7PJFF one is for the 64 Bit Win 7 Pro that is installed on the PC.
The JJd36 is for 32 Bit Win 7 Pro. I'm wondering why it was accepted for activation.
Shall I recreate the licensing store and activate with the correct product key?
Here's the MGADiag report after reinstalling the IRST drivers and rebooting:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-JJD36
Windows Product Key Hash: xYDT9ADGqg7zMUT6R3nz0Qd/RJk=
Windows Product ID: 55041-090-8366291-86085
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
All Keys are bit-agnostic - they work on both 32- and 64- bit installs.Still no change in the report.I am seriously running out of ideas, here!I'll have to do some deeper diving into the registry, and I'm not that comfortable there, so it may be a day or so before I can come back with anything sensible.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Sunday, May 13, 2012 10:39 PMModerator"geverl" wrote in message news:77bcc919-c2d9-42d8-be36-82717a4b21c9...
I've installed the latest Intel Rapid Storage Drivers.
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office
Details:
<GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-091-3046796-86542</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To
Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By
O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American
Megatrends
Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion
major="2"
minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W..
Europe Standard
Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product
GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft
Office Professional Edition
2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App
Id="15" Version="11" Result="100"/><App Id="16" Version="11"
Result="100"/><App Id="18" Version="11" Result="100"/><App
Id="19" Version="11" Result="100"/><App Id="1A" Version="11"
Result="100"/><App Id="1B" Version="11" Result="100"/><App
Id="44" Version="11"
Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Input Error: There is no script engine for file extension ".vbs".
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 5:6:2012 09:13
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
Gillesin an elevated Command prompt, run the following commandregsvr32.exe wintrust.dllrebootrun another MGADiag report - post the results.(sorry about the mis-post just now!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Sunday, May 13, 2012 10:53 PM
How do you know my first name?
There's no change in the report.
-
Monday, May 14, 2012 2:33 AM Unfortunately, your Windows 7 Professional installation is hopelessly corrupt. Please back-up your personal files and proceed with a "clean install" of the Windows 7 Professional operating system.
Carey Frisch
- Marked As Answer by geverl Tuesday, May 29, 2012 8:09 PM
-
Monday, May 14, 2012 11:05 AMNoel, do you share Carey's opinion that I should do a clean install or do you think there's another solution?
-
Monday, May 14, 2012 11:45 AMModerator"geverl" wrote in message news:fd987b95-c282-431c-a004-4854f4cc4765...Noel, do you share Carey's opinion that I should do a clean install or do you think there's another solution?I very rarely share Carey's opinion about anything :)I'm 90%+ certain that there is a solution without a clean install - at worst a repair install should fix it.It may be that we have really come to the end of the road in this instance, as at the moment I can see no specific reason for the problem - all the correct files appear to be in the correct places with the correct permissions. The only thing we haven't done really is a full registry comparison and a re-registration of all dll's involved - the former is really beyond my skills, and the latter is a nightmare :)FWIW, I tracked a run of MGADiag yesterday - and 58 dll's were involved merely starting the the tool, let alone running the detection!Every dll I've tried unregistering has either refused (because it's not the right type), not given any error in MGADiag, or listed every protected file. Your list excludes two files from the WAT Update, and I have no current idea why that should be the case.You may want to try uninstalling the WAT Update (KB971033) and rebooting - then and attempt validation at www.microsoft.com/genuine/validateWhat happens?then post another MGADiag report.Note that even if the above removes the non-genuine notification, it doesn't necessarily mean that the problem is solved - merely that it's been hidden.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 14, 2012 12:03 PM
I've uninstalled KB971033 and rebooted. I downloaded and started WindowsActivationUpdate.exe from www.microsoft.com/genuine/validate. It says: "Update installation failed. Error information - 0x8000FFFF
But the tampered files have disappeared from the MGADiag report:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-JJD36
Windows Product Key Hash: xYDT9ADGqg7zMUT6R3nz0Qd/RJk=
Windows Product ID: 55041-090-8366291-86085
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {27B8EE88-82A2-4277-B355-835A60BB5F4C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{27B8EE88-82A2-4277-B355-835A60BB5F4C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-090-8366291-86085</PID><PIDType>6</PIDType><SID>S-1-5-21-2099548595-4161321057-3812494868</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110117000000.000000+000</Date></BIOS><HWID>BAE43007018400FE</HWID><UserLCID>046E</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B84B64A2945BD00</Val><Hash>AkEyx1BqRAP9Ee8F3oqDlSkMieU=</Hash><Pid>73931-640-1556515-57763</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-090-836629-03-1134-7601.0000-1332012
Installation ID: 018186094665924003636475299986356261780436842511527280
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: JJD36
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 14/05/2012 14:03:06Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:13:2012 14:39
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAAADAAAAAwABAAEAln0mUbMv1LWMAAx0Yj2u4GMSmpAW/mL+LnM=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT -
Monday, May 14, 2012 6:48 PMModerator
I knew that the Tampered em now shows as being genuineystwould disappear - they will only ever show when the WATupdate is installed.
The File Mismatches, however, are still present (ignore the first four lines, they simply show that the WAT Update is no longer installed)
What IS interesting is that the system now shows as being genuine, despite the file mismatches.
Are you stil lgetting a non-genuine notification??
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
Monday, May 14, 2012 6:51 PMNo, but when I try to install Microsoft Security Essentials, it still fails claiming that it can only be installed on a genuine Windows system.
-
Monday, May 14, 2012 8:05 PMModerator"geverl" wrote in message news:c8e58e31-465b-4564-86f7-23a540316d7d...No, but when I try to install Microsoft Security Essentials, it still fails claiming that it can only be installed on a genuine Windows system.That's interesting! - although I don't think that it illuminates the issue at all.I think we are at that stage where a choice has to be made - continue with the troubleshooting or attempt a repair install.It's your decision.For details of how to do a repair install, see this tutorial...
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Monday, May 14, 2012 8:09 PM
From my perspective that's very simple: if you tell me that all hope's lost, I'll try a repair install. Otherwise, I'm happy to continue troubleshooting if you are. But then again I'll also understand if you tell me that enough is enough.
-
Monday, May 14, 2012 8:28 PMModerator"geverl" wrote in message news:d202aad6-d37b-4a46-bdc1-6055f72002e6...
From my perspective that's very simple: if you tell me that all hope's lost, I'll try a repair install. Otherwise, I'm happy to continue troubleshooting if you are. But then again I'll also understand if you tell me that enough is enough.
Not lost - merely mislaid! <g>(and thanks for the vote of support) - Anytime you've had enough, just shout, and we'll call it a day.I need to play a little and see how may ways I can find to screw the report - back tomorrow.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 16, 2012 1:21 PMModerator"Noel D Paton" wrote in message news:3d1666c7-4d51-49ed-bf57-40ac01309dcb..."geverl" wrote in message news:d202aad6-d37b-4a46-bdc1-6055f72002e6...
From my perspective that's very simple: if you tell me that all hope's lost, I'll try a repair install. Otherwise, I'm happy to continue troubleshooting if you are. But then again I'll also understand if you tell me that enough is enough.
Not lost - merely mislaid! <g>(and thanks for the vote of support) - Anytime you've had enough, just shout, and we'll call it a day.I need to play a little and see how may ways I can find to screw the report - back tomorrow.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothNo - I haven't forgotten you :)Lets have a look elsewhere in the registry
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /S
You'll need to upload that - it runs to 26KB on a default install!
(this is an area I've not been into before - so it'll take a while to make any sense).
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 16, 2012 1:27 PMMine is only 11KB: reg16.5.12.txt
-
Wednesday, May 16, 2012 2:11 PMModerator"geverl" wrote in message news:8bb7d246-da2a-420f-b732-eacfc218e695...Mine is only 11KB: reg16.5.12.txt- actually so is mine when I use the command, rather than export from regedit :)There's no difference from my default install with a Retail disk - and only one change from my 'live' (OEM) one -so I don't think there's anything to be gained by following down that route.(back indo hunt mode - see you later!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 16, 2012 3:32 PMModerator"Noel D Paton" wrote in message news:b6c196b1-241a-49be-bfcd-20d4aff88e4d..."geverl" wrote in message news:8bb7d246-da2a-420f-b732-eacfc218e695...Mine is only 11KB: reg16.5.12.txt- actually so is mine when I use the command, rather than export from regedit :)There's no difference from my default install with a Retail disk - and only one change from my 'live' (OEM) one -so I don't think there's anything to be gained by following down that route.(back indo hunt mode - see you later!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothSomething just happened elsewhere which gave me an idea.....Please open Windows Explorer, and navigate to the C:\Windows folder.in the Search box (top right) typesize:emptywait for the list to complete (could be a few minutes) - how many files are found? (I get 10)Are any of type 'Application' or 'DLL File' ?If so, please list them
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Wednesday, May 16, 2012 3:35 PM127 files, no applications or DLLs
-
Saturday, May 19, 2012 1:54 PMModerator"geverl" wrote in message news:57715660-f4f9-487f-8ed5-ed7da61b043e...127 files, no applications or DLLsLet's see what else you have installed on the machine - please download and install Belarc Advisor (www.belarc.com) and run it.This will produce a large report in HTML which can be saved from IE as a *.txt file (which doesn't look pretty, but can at least be edited easily - so please remove the Software Licenses section!) then upload it to your SkyDrive.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Saturday, May 19, 2012 2:06 PM
I've edited and uploaded the HTML file ((Asterix-PC).html).
-
Saturday, May 19, 2012 5:07 PMModerator"geverl" wrote in message news:1882d9b5-a247-4633-aec4-ad0bc3c2b268...
I've edited and uploaded the HTML file ((Asterix-PC).html).
I can see nothing there that's likely to have caused your problems.[back into hunt mode]
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Saturday, May 19, 2012 8:18 PMModerator"Noel D Paton" wrote in message news:17f18f88-4def-4a8a-924b-296f371f9c88..."geverl" wrote in message news:1882d9b5-a247-4633-aec4-ad0bc3c2b268...
I've edited and uploaded the HTML file ((Asterix-PC).html).
I can see nothing there that's likely to have caused your problems.[back into hunt mode]
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothGoing back over the thread, I find I missed something -Please open Windows Explorer, and navigate to the C:\Windows folder.in the Search box (top right) typesize:emptywait for the list to complete (could be a few minutes) - how many files are found? (I get 10)Are any of type 'Application' or 'DLL File' or 'MUI File' ?If so, please list them (I missed the MUI file possibility last time).
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Saturday, May 19, 2012 8:36 PMModerator"Noel D Paton" wrote in message news:b8953c7d-987d-4e65-9f74-a473470dde4a...Going back over the thread, I find I missed something -Please open Windows Explorer, and navigate to the C:\Windows folder.in the Search box (top right) typesize:emptywait for the list to complete (could be a few minutes) - how many files are found? (I get 10)Are any of type 'Application' or 'DLL File' or 'MUI File' ?If so, please list them (I missed the MUI file possibility last time).
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothAlso please run the following commands - you'll probably need to save and upload the output to your SKyDrivedir C:\Windows\sl*.* /sdir C:\Windows\spp*.* /s
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Saturday, May 19, 2012 9:00 PM
There are no MUI files in c:\windows
The output from the 2 commands is in 19.5.12.txt.
-
Sunday, May 20, 2012 6:25 PMModerator"geverl" wrote in message news:efea5e6c-5465-4219-9d0f-a03223aa726b...
There are no MUI files in c:\windows
The output from the 2 commands is in 19.5.12.txt.
Nothing there out of the ordinary.I'm struggling here to find anything that can reproduce anything like your problem.You should consider a repair install at least - back up your data first, just in case, if you decide on that option!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth -
Sunday, May 20, 2012 6:45 PM
I'm planning to do a repair install next Sunday.
Do you have experience with this procedure?
How likely is it that I will have to reinstall many if not most of my applications and their specific settings?
-
Sunday, May 20, 2012 6:57 PMModerator"geverl" wrote in message news:012bd1bf-5938-4718-a1ff-5b9e671ac549...
I'm planning to do a repair install next Sunday.
Do you have experience with this procedure?
How likely is it that I will have to reinstall many if not most of my applications and their specific settings?
With a repair install, and a little luck, you won't have to reinstall anything other than the Windows updates, and your anti-virus.See here for one of the best set of instructions I know.....
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked As Answer by Darin Smith MSOwner Friday, May 25, 2012 9:29 PM
- Unmarked As Answer by geverl Tuesday, May 29, 2012 8:15 PM
-
Friday, May 25, 2012 5:29 PM
I'm getting ready to do a repair install.
In http://www.sevenforums.com/tutorials/3413-repair-install.html?ltr=R it says
- If you changed the default location of a user account's profile folder, then you will need to change it back to the default C:\Users location first.
- If you moved the default location of a user folder, then you will need to change it back to the default C:\Users\(user-name) location first.
Here I see a major problem, given that all my documents, pictures, videos, music files etc. i.e. my My Music, My Documents, My Pictures and My Videos folders are on my large D: partition, whereas Windows 7 is installed on the C: partition. Given that we are talking hundreds of GB, it is not possible to move these files to the C: partition (and it would completely invalidate the purpose of creating a separate data partition in the first place).
Is there an acceptable solution to this problem?
- Edited by geverl Friday, May 25, 2012 5:32 PM
-
Friday, May 25, 2012 5:43 PMModerator
Simply switch the defaults back to where they should be without copying the data - that will preserve the current files ( although possibly not the metadata)
This is one of the big problems with using unsupported changes to the file structure. :(
My experience doesn't extend this far - so I can't really help.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
Saturday, May 26, 2012 9:44 AM
I've switched the defaults back without copying, which seems to have worked fine.
But when I try to do a repair install, it spends a long time to "check compatibility" and then fails with the following error:
The following issues are preventing Windows from upgrading. Cancel the upgrade, complete each task, and then restart the upgrade to continue.
An error prevented a required compliance check from completing. Cancel the installation and try upgrading again.Now how funny and useful is that message?
I cannot even do a repair install!
-
Saturday, May 26, 2012 10:19 AMModerator "geverl" wrote in message news:d2361463-056e-4529-aef4-485595aad382...
I've switched the defaults back without copying, which seems to have worked fine.
But when I try to do a repair install, it spends a long time to "check compatibility" and then fails with the following error:
The following issues are preventing Windows from upgrading. Cancel the upgrade, complete each task, and then restart the upgrade to continue.
An error prevented a required compliance check from completing. Cancel the installation and try upgrading again.Now how funny and useful is that message?
I cannot even do a repair install!
I have to admit I have no idea what causes that message.I would suggest posting for assistance in a more appropriate forum - either1) Windows Answers Win 7 System Repair - http://answers.microsoft.com/en-us/windows/forum/windows_7-systemor2) SevenForums - (I think this is the e right one to pick...) http://www.sevenforums.com/installation-setup/
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked As Answer by geverl Tuesday, May 29, 2012 8:13 PM
-
Tuesday, May 29, 2012 8:13 PM
Carey,
Unfortunately you were right.
After 2 days of work and a clean reinstall, I'm operational again.
To say that I am disappointed by the lacking ability of my "professional" OS to communicate with human beings would be a major understatement.
It seems like the problem was due to my dual boot installation with GRUB 1.99 in the MBR.
Cheers,
Gilles
-
Tuesday, May 29, 2012 8:15 PM
Noel,
Many thanks for your relentless efforts to help.
Your pointing me to the sevenforums site finally gave me at least a probable explanation for what had gone wrong.
Cheers,
Gilles
-
Wednesday, May 30, 2012 10:03 AMModerator"geverl" wrote in message news:c62a00e8-9a68-4ad5-a70a-51824554a7cb...
Noel,
Many thanks for your relentless efforts to help.
Your pointing me to the sevenforums site finally gave me at least a probable explanation for what had gone wrong.
Cheers,
Gilles
You're welcome - I don't recall GRUB being mentioned in our thread here, or I may have given up earlier :)I would tend to think in terms of third-party boot managers when dual-booting Windows and *nix because of historical problems in a conventional dual-boot situation with the two - but have no personal experience of *nix anyhow, so can't honestly advise.Good Luck with the 'new computers' :)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
