locked
Windows 7 not genuine RRS feed

  • Question

  • I have installed win7 pro on my acer netbook using my action pack software download, but I keep getting a message popping up saying windows is not genuine.  I've checked vi control panel/system and that says it is genuine but I still get the message.  Looking at other forums, I downloaded your diagnostics report and got the following:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-VMMYH-2J78H-WXPYT
    Windows Product Key Hash: JHgrVs0yf+TJyvBQaOXJfn3mnyw=
    Windows Product ID: 00371-835-1599936-85843
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {B998E99F-273B-4895-BA49-A9F4B8223577}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\slc.dll[Hr = 0x800b0100]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B998E99F-273B-4895-BA49-A9F4B8223577}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WXPYT</PKey><PID>00371-835-1599936-85843</PID><PIDType>5</PIDType><SID>S-1-5-21-1262617658-2480145169-778998756</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>AOHAPPY2</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>V1.04</Version><SMBIOSVersion major="2" minor="6"/><Date>20110426000000.000000+000</Date></BIOS><HWID>95600E00018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-835-159993-00-2057-7601.0000-0082012
    Installation ID: 003062151603415566757404281202952113070124547101877691
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: WXPYT
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 24/01/2012 17:01:41

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0000000000000100
    Event Time Stamp: 1:24:2012 09:29
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui


    HWID Data-->
    HWID Hash Current: LAAAAAAAAQABAAIAAAABAAAAAgABAAEAJJTE2QYqICl8r/QoxPL2C7KzXDM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  ACRPRDCT
      FACP   ACRSYS  ACRPRDCT
      HPET   ACRSYS  ACRPRDCT
      BOOT   ACRSYS  ACRPRDCT
      MCFG   ACRSYS  ACRPRDCT
      WDAT   INSYDE  INSYDE 
      SLIC   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT

    Please advise.

    Tuesday, January 24, 2012 5:09 PM

Answers

  • "Darin Smith MS" wrote in message news:51778be3-6ba4-46f1-9fc4-cabeb145a9c0...

    Accuman: I'm going to leave this thread marked as Unanswered for now (so you and Noel can continue troubleshooting that odd file) but once you are done, would you click the "Mark as Answered" button under the post that you think resolved the issue?

     

    Thank you!


    Darin MS
     
    Decisions, decisions <g>
     
    Actually Darin, we now have each others’ email addies, so can continue off-forum, unless you actually want us cluttering up the list?
    I may round things off in the thread by summarising the action taken – but I’m also asking around elsewhere about the peculiar way that SFC reacted during the thread. If you (or MS) have any ideas on that subject, I’d be grateful.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by Accuman Friday, January 27, 2012 11:41 AM
    Thursday, January 26, 2012 10:30 PM
    Moderator

All replies

  • Use System Restore to recover to a date prior to when this error appeared. 

    If that fails then use the System File Checker:

    Click Start, type 'cmd' in the Search/Run box, and right click on the CMD icon at the top of the results pane.  Select Run as Administrator.  When the cmd window opens type 'sfc /scannow' at the prompt and hit Enter.  When the scan completes close the cmd window. 


    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Tuesday, January 24, 2012 6:06 PM
    Answerer
  • Thanks Colin.  I don't want to restore because this has been happening for some time and I'm not sure how much I'll lose.  I've just run the scan and it said verification 100% but then said windows resource protection could not perform the requested operation.
    Tuesday, January 24, 2012 8:14 PM
  • "Accuman" wrote in message news:6845fea4-52ab-4adb-a4b2-4bbbab323f95...
    Thanks Colin.  I don't want to restore because this has been happening for some time and I'm not sure how much I'll lose.  I've just run the scan and it said verification 100% but then said windows resource protection could not perform the requested operation.
     
    Please post a new MGADiag report  - things may have changed
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, January 24, 2012 8:28 PM
    Moderator
  • Looks the same to me:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-VMMYH-2J78H-WXPYT
    Windows Product Key Hash: JHgrVs0yf+TJyvBQaOXJfn3mnyw=
    Windows Product ID: 00371-835-1599936-85843
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {B998E99F-273B-4895-BA49-A9F4B8223577}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\slc.dll[Hr = 0x800b0100]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B998E99F-273B-4895-BA49-A9F4B8223577}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WXPYT</PKey><PID>00371-835-1599936-85843</PID><PIDType>5</PIDType><SID>S-1-5-21-1262617658-2480145169-778998756</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>AOHAPPY2</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>V1.04</Version><SMBIOSVersion major="2" minor="6"/><Date>20110426000000.000000+000</Date></BIOS><HWID>95600E00018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-835-159993-00-2057-7601.0000-0082012
    Installation ID: 003062151603415566757404281202952113070124547101877691
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: WXPYT
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 25/01/2012 09:07:25

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0000000000000100
    Event Time Stamp: 1:24:2012 09:29
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui


    HWID Data-->
    HWID Hash Current: LAAAAAAAAQABAAIAAAABAAAAAgABAAEAJJTE2QYqICl8r/QoxPL2C7KzXDM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  ACRPRDCT
      FACP   ACRSYS  ACRPRDCT
      HPET   ACRSYS  ACRPRDCT
      BOOT   ACRSYS  ACRPRDCT
      MCFG   ACRSYS  ACRPRDCT
      WDAT   INSYDE  INSYDE 
      SLIC   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT

     

    Wednesday, January 25, 2012 9:11 AM
  • "Accuman" wrote in message news:cf03c8f5-1443-4dd8-b817-07dbe68fbbb8...

    Looks the same to me:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-VMMYH-2J78H-WXPYT
    Windows Product Key Hash: JHgrVs0yf+TJyvBQaOXJfn3mnyw=
    Windows Product ID: 00371-835-1599936-85843
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048

    File Scan Data-->
    File Mismatch: C:\Windows\system32\slc.dll[Hr = 0x800b0100]


    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui

     

    Please run the following commands in a Command Prompt window – they may show us what the problem is.
    ICACLS C:\Windows\System32\slc.dll
    ICACLS C:\Windows\System32\en-us\slc.dll.mui
    ICACLS C:\Windows\SysWOW64\slc.dll
    ICACLS C:\Windows\SysWOW64\en-us\slc.dll.mui
    Copy/paste the results to your response.
    (to copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.)
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, January 25, 2012 12:10 PM
    Moderator
  • Thanks Noel, output is as follows:

     

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>ICACLS c:\windows\system32\slc.dll
    c:\windows\system32\slc.dll NT SERVICE\TrustedInstaller:(F)
                                BUILTIN\Administrators:(RX)
                                NT AUTHORITY\SYSTEM:(RX)
                                BUILTIN\Users:(RX)

    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>ICACLS c:\windows\system32\en-us\slc.dll.mui
    c:\windows\system32\en-us\slc.dll.mui NT SERVICE\TrustedInstaller:(F)
                                          BUILTIN\Administrators:(RX)
                                          NT AUTHORITY\SYSTEM:(RX)
                                          BUILTIN\Users:(RX)

    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>ICACLS c:\windows\SysWOW64\slc.dll
    c:\windows\SysWOW64\slc.dll: The system cannot find the path specified.
    Successfully processed 0 files; Failed processing 1 files

    C:\Windows\system32>ICACLS c:\windows\syswow64\en-us\slc.dll.mui
    c:\windows\syswow64\en-us\slc.dll.mui: The system cannot find the path specified
    .
    Successfully processed 0 files; Failed processing 1 files

    C:\Windows\system32>

     

    What is SysWOW64?

    Thursday, January 26, 2012 9:11 AM
  • "Accuman" wrote in message news:e89a84e1-cfeb-4719-bae5-adf40908b9c9...

    Thanks Noel, output is as follows: <snip>

    What is SysWOW64?

    In your case SysWOW64 doesn’t exist – it’s only present in 64-bit installations (yours is 32-bit). Effectively it’s the 64-bit version of the System32 folder.
    The output is as expected (which leaves me none the wiser as to what the problem actually is)
    Please check the version numbers of the two files found – and the exact file size in bytes
     
    slc.dll should be v6.1.7600.16385  and 30720 bytes
    slc.dll.mui should be (unversioned –dated 14/7/2009) and 54784 bytes
     
    Please also check the Owner of the two files (it should be TrustedInstaller), by click on the Advanced button in the Security tab of Properties, and then the Owner tab of the resulting popup.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 26, 2012 10:55 AM
    Moderator
  • Noel,

    Thanks for your continued help.

    slc.dll is owned by TrustedInstaller, but is 35840 bytes and created on 14/07/2009, updated on 09/08/2011.  How do I find the version number?

    slc.dll.mui is also owned by TrustedInstaller and is 54784 bytes, but is created and updated on the 21/11/2010.

    Thursday, January 26, 2012 11:31 AM
  • "Accuman" wrote in message news:54301cf6-b91e-4eda-b204-047144e8dcd8...

    Noel,

    Thanks for your continued help.

    slc.dll is owned by TrustedInstaller, but is 35840 bytes and created on 14/07/2009, updated on 09/08/2011.  How do I find the version number?

    slc.dll.mui is also owned by TrustedInstaller and is 54784 bytes, but is created and updated on the 21/11/2010.

    (damn! I keep thinking x64 instead of x86!)
    Ahah!
    now we get to it :)
    The Version number is on the Details tab of the Properties window (right-click on the file, select Properties)
    The file SLC.DLL is wrong – the question then becomes why didn’t SFC fix it?
     
    Try this – it may work
    In an Admin Command Prompt, type
    SFC /SCANFILE=C:\Windows\System32\slc.dll
     
    What result do you get?
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 26, 2012 12:27 PM
    Moderator
  • It didn't like that much:

     

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>SFC /SCANFILE=C:\Windows\System32\slc.dll


    Windows Resource Protection could not perform the requested operation.

    C:\Windows\system32>

    Thursday, January 26, 2012 1:07 PM
  • Also, there's no version number on the details tab.  File Version and Product Version are just blank.
    Thursday, January 26, 2012 1:09 PM
  • "Accuman" wrote in message news:870a08f3-9ff1-44ae-a67c-b0b8f5c7a2b1...
    Also, there's no version number on the details tab.  File Version and Product Version are just blank.
     
    OK
    BACK THINGS UP FIRST!!
    Create a System Restore point as well.
    Do a Search in the C:\Windows folder (and below) for files named SLC.DLL (make sure that you have Hidden Files and Protected System files enabled in Folder Options) – you should find a number of copies. If you only find that one, then you have a different problem so post back without going any further!
     
    then reboot.
     
    In an Admin Command Prompt window:-
     
    TAKEOWN /F C:\windows\System32\slc.dll   /A
    ICACLS C:\Windows\System32\slc.dll /grant Administrators:(F)
    REN C:\Windows\System32\slc.dll slc.old
    SFC /SCANFILE=C:\Windows\System32\slc.dll
     
    With any lick that will then replace the file .
    If not, COPY the file from the folder
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-client_31bf3856ad364e35_6.1.7601.17514_none_98a45ba609e1caf5
     
    or if that doesn’t exist, folder
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-client_31bf3856ad364e35_6.1.7600.16385_none_967347de0cf3475b
     
    If that doesn’t work either, then rename the slc.old file back to slc.dll and post back.
     
    run
    ICACLS C:\Windows\System32\SLC.dll
     
    and copy the results to your reply
     
    Once complete, post back with results, and a new MGADiag report.
    Also with the results
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 26, 2012 1:44 PM
    Moderator
  • Noel,

    The search came up with other versions, so I went ahead:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>takeown /F c:\windows\system32\slc.dll /A

    SUCCESS: The file (or folder): "c:\windows\system32\slc.dll" now owned by the ad
    ministrators group.

    C:\Windows\system32>icacls c:\windows\system32\slc.dll /grant Administrators:(F)

    processed file: c:\windows\system32\slc.dll
    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>REN c:\windows\system32\slc.dll slc.old

    C:\Windows\system32>sfc \SCANFILE=c:\windows\system32\slc.dll

    Microsoft (R) Windows (R) Resource Checker Version 6.0
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    Scans the integrity of all protected system files and replaces incorrect version
    s with
    correct Microsoft versions.

    SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>]
        [/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>
    ]

    /SCANNOW        Scans integrity of all protected system files and repairs files
    with
                    problems when possible.
    /VERIFYONLY     Scans integrity of all protected system files. No repair operati
    on is
                    performed.
    /SCANFILE       Scans integrity of the referenced file, repairs file if problems
     are
                    identified. Specify full path <file>
    /VERIFYFILE     Verifies the integrity of the file with full path <file>.  No re
    pair
                    operation is performed.
    /OFFBOOTDIR     For offline repair specify the location of the offline boot dire
    ctory
    /OFFWINDIR      For offline repair specify the location of the offline windows d
    irectory

    e.g.

            sfc /SCANNOW
            sfc /VERIFYFILE=c:\windows\system32\kernel32.dll
            sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDI
    R=d:\windows
            sfc /VERIFYONLY

    C:\Windows\system32>sfc /scanfile=c:\windows\system32\sfc.dll


    Windows Resource Protection did not find any integrity violations.

    C:\Windows\system32>icacls c:\windows\system32\slc.dll
    c:\windows\system32\slc.dll: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    C:\Windows\system32>icacls c:\windows\system32\slc.dll
    c:\windows\system32\slc.dll BUILTIN\Administrators:(I)(F)
                                NT AUTHORITY\SYSTEM:(I)(F)
                                BUILTIN\Users:(I)(RX)
                                NT AUTHORITY\Authenticated Users:(I)(M)

    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>

     

    After that I ran the MGADIAG report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-VMMYH-2J78H-WXPYT
    Windows Product Key Hash: JHgrVs0yf+TJyvBQaOXJfn3mnyw=
    Windows Product ID: 00371-835-1599936-85843
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {B998E99F-273B-4895-BA49-A9F4B8223577}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B998E99F-273B-4895-BA49-A9F4B8223577}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WXPYT</PKey><PID>00371-835-1599936-85843</PID><PIDType>5</PIDType><SID>S-1-5-21-1262617658-2480145169-778998756</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>AOHAPPY2</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>V1.04</Version><SMBIOSVersion major="2" minor="6"/><Date>20110426000000.000000+000</Date></BIOS><HWID>95600E00018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-835-159993-00-2057-7601.0000-0082012
    Installation ID: 003062151603415566757404281202952113070124547101877691
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: WXPYT
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 26/01/2012 14:22:18

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 1:24:2012 09:29
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAAAAQABAAIAAAABAAAAAgABAAEAJJTE2QYqICl8r/QoxPL2C7KzXDM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  ACRPRDCT
      FACP   ACRSYS  ACRPRDCT
      HPET   ACRSYS  ACRPRDCT
      BOOT   ACRSYS  ACRPRDCT
      MCFG   ACRSYS  ACRPRDCT
      WDAT   INSYDE  INSYDE 
      SLIC   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT

    Have you fixed it?

    Thursday, January 26, 2012 2:23 PM
  • "Accuman" wrote in message news:9770d50c-4cba-42aa-9176-a960c08ad5b8...

    Noel,

    The search came up with other versions, so I went ahead:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>takeown /F c:\windows\system32\slc.dll /A

    SUCCESS: The file (or folder): "c:\windows\system32\slc.dll" now owned by the ad
    ministrators group.

    C:\Windows\system32>icacls c:\windows\system32\slc.dll /grant Administrators:(F)

    processed file: c:\windows\system32\slc.dll
    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>REN c:\windows\system32\slc.dll slc.old

    C:\Windows\system32>sfc /scanfile=c:\windows\system32\sfc.dll


    Windows Resource Protection did not find any integrity violations.

    C:\Windows\system32>icacls c:\windows\system32\slc.dll
    c:\windows\system32\slc.dll: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    C:\Windows\system32>icacls c:\windows\system32\slc.dll
    c:\windows\system32\slc.dll BUILTIN\Administrators:(I)(F)
                                NT AUTHORITY\SYSTEM:(I)(F)
                                BUILTIN\Users:(I)(RX)
                                NT AUTHORITY\Authenticated Users:(I)(M)

    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>

     

     
    DAMN! – I coulda sworn that I corrected that typo!  :)
    (done now – well done for doing it yourself!)
     
    I have no idea why the (proper) SFC command didn’t find a problem – perhaps a look at the CBS.log would show it.
     
    From where did you copy the file? (looks like you edited the output a bit?)
     
    Lookin’ good!
    Now we need to correct the permissions and ownership on the file that you copied across
     
    ICACLS C:\windows\System32\slc.dll  /grant Administrators:(F)
    ICACLS C:\windows\System32\slc.dll /grant Users:(RX)
    ICACLS C:\windows\System32\slc.dll /grant SYSTEM:(RX)
    ICACLS C:\windows\System32\slc.dll /grant “NT SERVICE\TrustedInstaller”:(F)
    ICACLS C:\windows\System32\slc.dll /remove “NT AUTHORITY\Authenticated Users”
     
    Then post back with a new
    ICACLS /F C:\windows\System32\slc.dll
    so we can check that it’s OK before we change the ownership
    (may be a good idea to run another MGADiag report for your own comfort at that time!)
     
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 26, 2012 3:09 PM
    Moderator
  • Noel,

    No, I didn't edit the output, just copied the file in filemanager rather than typing all the blurb.

    Here's the output:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>icacls c:\windows\system32\slc.dll /grant Administrators:(F)

    processed file: c:\windows\system32\slc.dll
    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>icacls c:\windows\system32\slc.dll /grant Users:(RX)
    processed file: c:\windows\system32\slc.dll
    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>icacls c:\windows\system32\slc.dll /grant SYSTEM:(RX)
    processed file: c:\windows\system32\slc.dll
    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>icacls c:\windows\system32\slc.dll /grant "NT SERVICE\Truste
    dInstaller":(F)
    processed file: c:\windows\system32\slc.dll
    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>icacls c:\windows\system32\slc.dll /remove "NT AUTHORITY\Aut
    henticated Users"
    processed file: c:\windows\system32\slc.dll
    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>icacls /F c:\windows\system32\slc.dll
    First parameter must be a file name pattern or "/?"

    ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
        stores the DACLs for the files and folders that match the name
        into aclfile for later use with /restore. Note that SACLs,
        owner, or integrity labels are not saved.

    ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile
                     [/C] [/L] [/Q]
        applies the stored DACLs to files in directory.

    ICACLS name /setowner user [/T] [/C] [/L] [/Q]
        changes the owner of all matching names. This option does not
        force a change of ownership; use the takeown.exe utility for
        that purpose.

    ICACLS name /findsid Sid [/T] [/C] [/L] [/Q]
        finds all matching names that contain an ACL
        explicitly mentioning Sid.

    ICACLS name /verify [/T] [/C] [/L] [/Q]
        finds all files whose ACL is not in canonical form or whose
        lengths are inconsistent with ACE counts.

    ICACLS name /reset [/T] [/C] [/L] [/Q]
        replaces ACLs with default inherited ACLs for all matching files.

    ICACLS name [/grant[:r] Sid:perm[...]]
           [/deny Sid:perm [...]]
           [/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q]
           [/setintegritylevel Level:policy[...]]

        /grant[:r] Sid:perm grants the specified user access rights. With :r,
            the permissions replace any previouly granted explicit permissions.
            Without :r, the permissions are added to any previously granted
            explicit permissions.

        /deny Sid:perm explicitly denies the specified user access rights.
            An explicit deny ACE is added for the stated permissions and
            the same permissions in any explicit grant are removed.

        /remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With
            :g, it removes all occurrences of granted rights to that Sid. With
            :d, it removes all occurrences of denied rights to that Sid.

        /setintegritylevel [(CI)(OI)]Level explicitly adds an integrity
            ACE to all matching files.  The level is to be specified as one
            of:
                L[ow]
                M[edium]
                H[igh]
            Inheritance options for the integrity ACE may precede the level
            and are applied only to directories.

        /inheritance:e|d|r
            e - enables inheritance
            d - disables inheritance and copy the ACEs
            r - remove all inherited ACEs


    Note:
        Sids may be in either numerical or friendly name form. If a numerical
        form is given, affix a * to the start of the SID.

        /T indicates that this operation is performed on all matching
            files/directories below the directories specified in the name.

        /C indicates that this operation will continue on all file errors.
            Error messages will still be displayed.

        /L indicates that this operation is performed on a symbolic link
           itself versus its target.

        /Q indicates that icacls should supress success messages.

        ICACLS preserves the canonical ordering of ACE entries:
                Explicit denials
                Explicit grants
                Inherited denials
                Inherited grants

        perm is a permission mask and can be specified in one of two forms:
            a sequence of simple rights:
                    N - no access
                    F - full access
                    M - modify access
                    RX - read and execute access
                    R - read-only access
                    W - write-only access
                    D - delete access
            a comma-separated list in parentheses of specific rights:
                    DE - delete
                    RC - read control
                    WDAC - write DAC
                    WO - write owner
                    S - synchronize
                    AS - access system security
                    MA - maximum allowed
                    GR - generic read
                    GW - generic write
                    GE - generic execute
                    GA - generic all
                    RD - read data/list directory
                    WD - write data/add file
                    AD - append data/add subdirectory
                    REA - read extended attributes
                    WEA - write extended attributes
                    X - execute/traverse
                    DC - delete child
                    RA - read attributes
                    WA - write attributes
            inheritance rights may precede either form and are applied
            only to directories:
                    (OI) - object inherit
                    (CI) - container inherit
                    (IO) - inherit only
                    (NP) - don't propagate inherit
                    (I) - permission inherited from parent container

    Examples:

            icacls c:\windows\* /save AclFile /T
            - Will save the ACLs for all files under c:\windows
              and its subdirectories to AclFile.

            icacls c:\windows\ /restore AclFile
            - Will restore the Acls for every file within
              AclFile that exists in c:\windows and its subdirectories.

            icacls file /grant Administrator:(D,WDAC)
            - Will grant the user Administrator Delete and Write DAC
              permissions to file.

            icacls file /grant *S-1-1-0:(D,WDAC)
            - Will grant the user defined by sid S-1-1-0 Delete and
              Write DAC permissions to file.

    C:\Windows\system32>icacls c:\windows\systyem32\slc.dll
    c:\windows\systyem32\slc.dll: The system cannot find the path specified.
    Successfully processed 0 files; Failed processing 1 files

    C:\Windows\system32>icacls c:\windows\system32\slc.dll
    c:\windows\system32\slc.dll NT SERVICE\TrustedInstaller:(F)
                                NT AUTHORITY\SYSTEM:(RX)
                                BUILTIN\Users:(RX)
                                BUILTIN\Administrators:(F)
                                BUILTIN\Administrators:(I)(F)
                                NT AUTHORITY\SYSTEM:(I)(F)
                                BUILTIN\Users:(I)(RX)
                                NT AUTHORITY\Authenticated Users:(I)(M)

    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-VMMYH-2J78H-WXPYT
    Windows Product Key Hash: JHgrVs0yf+TJyvBQaOXJfn3mnyw=
    Windows Product ID: 00371-835-1599936-85843
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {B998E99F-273B-4895-BA49-A9F4B8223577}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B998E99F-273B-4895-BA49-A9F4B8223577}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WXPYT</PKey><PID>00371-835-1599936-85843</PID><PIDType>5</PIDType><SID>S-1-5-21-1262617658-2480145169-778998756</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>AOHAPPY2</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>V1.04</Version><SMBIOSVersion major="2" minor="6"/><Date>20110426000000.000000+000</Date></BIOS><HWID>95600E00018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-835-159993-00-2057-7601.0000-0082012
    Installation ID: 003062151603415566757404281202952113070124547101877691
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: WXPYT
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 26/01/2012 15:32:54

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 1:26:2012 15:07
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAAAAQABAAIAAAABAAAAAgABAAEAJJTE2QYqICl8r/QoxPL2C7KzXDM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  ACRPRDCT
      FACP   ACRSYS  ACRPRDCT
      HPET   ACRSYS  ACRPRDCT
      BOOT   ACRSYS  ACRPRDCT
      MCFG   ACRSYS  ACRPRDCT
      WDAT   INSYDE  INSYDE 
      SLIC   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT

     

    Thursday, January 26, 2012 3:33 PM
  • "Accuman" wrote in message news:064f11bf-b5b8-4224-8ad5-3ec2878cc44c...

    Noel,

    No, I didn't edit the output, just copied the file in filemanager rather than typing all the blurb.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-VMMYH-2J78H-WXPYT
    Windows Product Key Hash: JHgrVs0yf+TJyvBQaOXJfn3mnyw=
    Windows Product ID: 00371-835-1599936-85843
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048

     

    Duh! – I need a break from the screen!
    another typo crept in and stayed!
     
    Still lookin’ good, anyhow, at least as far as MGADiag goes.
    The Permissions are confusing me though – the entry for Authenticated Users should have gone completely, I thought, but perhaps not, since it’s an inherited permission.
    If you want, you can go into the Security settings>Advanced, and remove ALL the Inherited permissions sets from the GUI, and post another ICACLS report.
     
    Otherwise I think we’ve done as much as we can, and your system is properly activated again.
    I see you validated at some point this afternoon? – if not, please go to www.microsoft.com/genuine/validate to make sure. Assuming it passes we can sign off on the WGA part of your problem.
     
    As far as SFC is concerned, then there is a definite problem on your system – I have no idea how to fix that (or even how to start!). I would suggest trying the Answers forums for that, at http://answers.microsoft.com/en-us/windows/forum/windows_7-system  - hopefully someone there can advise.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 26, 2012 3:50 PM
    Moderator
  • Thanks.

    Latest report:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>icacls c:\windows\system32\slc.dll
    c:\windows\system32\slc.dll NT SERVICE\TrustedInstaller:(F)
                                NT AUTHORITY\SYSTEM:(RX)
                                BUILTIN\Users:(RX)
                                BUILTIN\Administrators:(F)

    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>

    What is SFC?  Do I need to worry about it?

     

    Thursday, January 26, 2012 4:14 PM
  • "Accuman" wrote in message news:e8c9a97e-942b-4491-98a3-164f75022ce4...

    Thanks.

    Latest report:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>icacls c:\windows\system32\slc.dll
    c:\windows\system32\slc.dll NT SERVICE\TrustedInstaller:(F)
                                NT AUTHORITY\SYSTEM:(RX)
                                BUILTIN\Users:(RX)
                                BUILTIN\Administrators:(F)

    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>

    What is SFC?  Do I need to worry about it?

     

    SFC is the System File Checker – and it that’s screwed, then your chances of fixing system problems become that much smaller (as we’ve found out!) http://support.microsoft.com/kb/929833
     
    From what I’ve seen, some of the main controlling manifest files in your WinSxS folder may be missing or corrupted – which is why it couldn’t replace the SLC.DLL file as it should have done. Like I say, I have no real idea of where to start in diagnosis and cure of this problem :(
     
     
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 26, 2012 4:23 PM
    Moderator
  • OK, thanks for all your help.

     

    I've just rerun scannow and then tried the findstr command from the kb:

    This was the output:

    2012-01-17 01:05:33, Error                 CSI    00000009 (F) [SR] Component not found: Microsoft-Windows-Security-SPP-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral[gle=0x80004005]
    2012-01-19 13:32:23, Error                 CSI    00000009 (F) [SR] Component not found: Microsoft-Windows-Security-SPP-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral[gle=0x80004005]
    2012-01-24 09:29:33, Error                 CSI    00000009 (F) [SR] Component not found: Microsoft-Windows-Security-SPP-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral[gle=0x80004005]
    2012-01-24 19:01:23, Info                  CSI    00000009 [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:01:23, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2012-01-24 19:01:28, Info                  CSI    0000000c [SR] Verify complete
    2012-01-24 19:01:29, Info                  CSI    0000000d [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:01:29, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2012-01-24 19:03:24, Info                  CSI    0000005b [SR] Verify complete
    2012-01-24 19:03:25, Info                  CSI    0000005c [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:03:25, Info                  CSI    0000005d [SR] Beginning Verify and Repair transaction
    2012-01-24 19:03:33, Info                  CSI    0000005f [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:14{7}]"dwm.exe" from store
    2012-01-24 19:03:34, Info                  CSI    00000061 [SR] Verify complete
    2012-01-24 19:03:35, Info                  CSI    00000062 [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:03:35, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
    2012-01-24 19:03:42, Info                  CSI    00000065 [SR] Verify complete
    2012-01-24 19:03:43, Info                  CSI    00000066 [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:10:48, Info                  CSI    00000131 [SR] Beginning Verify and Repair transaction
    2012-01-24 19:10:57, Info                  CSI    00000133 [SR] Verify complete
    2012-01-24 19:10:58, Info                  CSI    00000134 [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:10:58, Info                  CSI    00000135 [SR] Beginning Verify and Repair transaction
    2012-01-24 19:11:05, Info                  CSI    00000137 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:14{7}]"slc.dll" from store
    2012-01-24 19:11:09, Info                  CSI    00000139 [SR] Verify complete
    2012-01-24 19:11:10, Info                  CSI    0000013a [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:11:10, Info                  CSI    0000013b [SR] Beginning Verify and Repair transaction
    2012-01-24 19:11:31, Info                  CSI    0000013e [SR] Verify complete
    2012-01-24 19:11:32, Info                  CSI    0000013f [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:11:32, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
    2012-01-24 19:11:41, Info                  CSI    00000142 [SR] Verify complete
    2012-01-24 19:11:42, Info                  CSI    00000143 [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:11:42, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
    2012-01-24 19:11:51, Info                  CSI    00000146 [SR] Verify complete
    2012-01-24 19:11:52, Info                  CSI    00000147 [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:11:52, Info                  CSI    00000148 [SR] Beginning Verify and Repair transaction
    2012-01-24 19:11:58, Info                  CSI    0000014a [SR] Verify complete
    2012-01-24 19:11:59, Info                  CSI    0000014b [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:11:59, Info                  CSI    0000014c [SR] Beginning Verify and Repair transaction
    2012-01-24 19:12:06, Info                  CSI    0000014f [SR] Verify complete
    2012-01-24 19:12:07, Info                  CSI    00000150 [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:12:07, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
    2012-01-24 19:12:14, Info                  CSI    00000153 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"themeui.dll" from store
    2012-01-24 19:12:16, Info                  CSI    00000155 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:32{16}]"themeservice.dll" from store
    2012-01-24 19:12:18, Info                  CSI    00000157 [SR] Verify complete
    2012-01-24 19:12:19, Info                  CSI    00000158 [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:12:19, Info                  CSI    00000159 [SR] Beginning Verify and Repair transaction
    2012-01-24 19:12:24, Info                  CSI    0000015b [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"uxtheme.dll" from store
    2012-01-24 19:12:26, Info                  CSI    0000015d [SR] Verify complete
    2012-01-24 19:12:27, Info                  CSI    0000015e [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:12:27, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
    2012-01-24 19:12:38, Info                  CSI    00000161 [SR] Verify complete
    2012-01-24 19:12:39, Info                  CSI    00000162 [SR] Verifying 100 (0x00000064) components
    2012-01-24 19:15:46, Info                  CSI    000001ac [SR] Beginning Verify and Repair transaction
    2012-01-24 19:15:50, Info                  CSI    000001ae [SR] Verify complete
    2012-01-24 19:15:51, Info                  CSI    000001af [SR] Repairing 5 components
    2012-01-24 19:15:51, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
    2012-01-24 19:15:51, Info                  CSI    000001b2 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:32{16}]"themeservice.dll" from store
    2012-01-24 19:15:52, Info                  CSI    000001b4 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:14{7}]"slc.dll" from store
    2012-01-24 19:15:52, Info                  CSI    000001b6 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"uxtheme.dll" from store
    2012-01-24 19:15:52, Info                  CSI    000001b8 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:14{7}]"dwm.exe" from store
    2012-01-24 19:15:53, Info                  CSI    000001ba [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"themeui.dll" from store
    2012-01-24 19:15:53, Info                  CSI    000001bc [SR] Repair complete
    2012-01-24 19:15:53, Info                  CSI    000001bd [SR] Committing transaction
    2012-01-26 13:06:32, Error                 CSI    00000009 (F) [SR] Component not found: Microsoft-Windows-Security-SPP-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral[gle=0x80004005]
    2012-01-26 13:12:21, Error                 CSI    0000000b (F) [SR] Component not found: Microsoft-Windows-Security-SPP-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral[gle=0x80004005]
    2012-01-26 14:09:41, Info                  CSI    00000009 [SR] Verifying 1 components
    2012-01-26 14:09:41, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2012-01-26 14:09:41, Info                  CSI    0000000c [SR] Verify complete
    2012-01-26 16:14:39, Info                  CSI    00000009 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:16:19, Info                  CSI    00000058 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:16:28, Info                  CSI    0000005a [SR] Verify complete
    2012-01-26 16:16:29, Info                  CSI    0000005b [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:16:29, Info                  CSI    0000005c [SR] Beginning Verify and Repair transaction
    2012-01-26 16:16:37, Info                  CSI    0000005e [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:14{7}]"dwm.exe" from store
    2012-01-26 16:16:39, Info                  CSI    00000060 [SR] Verify complete
    2012-01-26 16:16:40, Info                  CSI    00000061 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:16:40, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:16:50, Info                  CSI    00000064 [SR] Verify complete
    2012-01-26 16:16:51, Info                  CSI    00000065 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:16:51, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:16:58, Info                  CSI    00000068 [SR] Verify complete
    2012-01-26 16:16:58, Info                  CSI    00000069 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:24:52, Info                  CSI    0000014e [SR] Beginning Verify and Repair transaction
    2012-01-26 16:24:59, Info                  CSI    00000150 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"themeui.dll" from store
    2012-01-26 16:25:01, Info                  CSI    00000152 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:32{16}]"themeservice.dll" from store
    2012-01-26 16:25:02, Info                  CSI    00000154 [SR] Verify complete
    2012-01-26 16:25:03, Info                  CSI    00000155 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:25:03, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:25:08, Info                  CSI    00000158 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"uxtheme.dll" from store
    2012-01-26 16:25:10, Info                  CSI    0000015a [SR] Verify complete
    2012-01-26 16:25:11, Info                  CSI    0000015b [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:25:11, Info                  CSI    0000015c [SR] Beginning Verify and Repair transaction
    2012-01-26 16:25:22, Info                  CSI    0000015e [SR] Verify complete
    2012-01-26 16:25:23, Info                  CSI    0000015f [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:25:23, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:25:33, Info                  CSI    00000163 [SR] Verify complete
    2012-01-26 16:25:34, Info                  CSI    00000164 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:25:34, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:25:42, Info                  CSI    00000167 [SR] Verify complete
    2012-01-26 16:25:43, Info                  CSI    00000168 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:25:43, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:25:58, Info                  CSI    0000016b [SR] Verify complete
    2012-01-26 16:25:58, Info                  CSI    0000016c [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:25:58, Info                  CSI    0000016d [SR] Beginning Verify and Repair transaction
    2012-01-26 16:26:11, Info                  CSI    0000016f [SR] Verify complete
    2012-01-26 16:26:12, Info                  CSI    00000170 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:26:12, Info                  CSI    00000171 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:26:17, Info                  CSI    00000173 [SR] Verify complete
    2012-01-26 16:26:18, Info                  CSI    00000174 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:26:18, Info                  CSI    00000175 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:26:21, Info                  CSI    00000177 [SR] Verify complete
    2012-01-26 16:26:22, Info                  CSI    00000178 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:26:22, Info                  CSI    00000179 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:26:29, Info                  CSI    0000017b [SR] Verify complete
    2012-01-26 16:26:30, Info                  CSI    0000017c [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:26:30, Info                  CSI    0000017d [SR] Beginning Verify and Repair transaction
    2012-01-26 16:26:36, Info                  CSI    0000017f [SR] Verify complete
    2012-01-26 16:26:37, Info                  CSI    00000180 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:26:37, Info                  CSI    00000181 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:26:44, Info                  CSI    00000183 [SR] Verify complete
    2012-01-26 16:26:45, Info                  CSI    00000184 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:26:45, Info                  CSI    00000185 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:26:49, Info                  CSI    00000187 [SR] Verify complete
    2012-01-26 16:26:50, Info                  CSI    00000188 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:26:50, Info                  CSI    00000189 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:26:59, Info                  CSI    0000018b [SR] Verify complete
    2012-01-26 16:27:00, Info                  CSI    0000018c [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:27:00, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
    2012-01-26 16:27:29, Info                  CSI    0000018f [SR] Verify complete
    2012-01-26 16:27:30, Info                  CSI    00000190 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:27:30, Info                  CSI    00000191 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:27:41, Info                  CSI    00000193 [SR] Verify complete
    2012-01-26 16:27:42, Info                  CSI    00000194 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:27:42, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:27:49, Info                  CSI    00000197 [SR] Verify complete
    2012-01-26 16:27:50, Info                  CSI    00000198 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:27:50, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:27:53, Info                  CSI    0000019b [SR] Verify complete
    2012-01-26 16:27:54, Info                  CSI    0000019c [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:27:54, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
    2012-01-26 16:27:58, Info                  CSI    0000019f [SR] Verify complete
    2012-01-26 16:27:59, Info                  CSI    000001a0 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:27:59, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:28:04, Info                  CSI    000001a3 [SR] Verify complete
    2012-01-26 16:28:04, Info                  CSI    000001a4 [SR] Verifying 100 (0x00000064) components
    2012-01-26 16:28:04, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:28:14, Info                  CSI    000001a7 [SR] Verify complete
    2012-01-26 16:28:15, Info                  CSI    000001a8 [SR] Verifying 64 (0x00000040) components
    2012-01-26 16:28:15, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
    2012-01-26 16:28:19, Info                  CSI    000001ab [SR] Verify complete
    2012-01-26 16:28:19, Info                  CSI    000001ac [SR] Repairing 4 components
    2012-01-26 16:28:19, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
    2012-01-26 16:28:19, Info                  CSI    000001af [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:32{16}]"themeservice.dll" from store
    2012-01-26 16:28:20, Info                  CSI    000001b1 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"uxtheme.dll" from store
    2012-01-26 16:28:20, Info                  CSI    000001b3 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:14{7}]"dwm.exe" from store
    2012-01-26 16:28:21, Info                  CSI    000001b5 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"themeui.dll" from store
    2012-01-26 16:28:21, Info                  CSI    000001b7 [SR] Repair complete
    2012-01-26 16:28:21, Info                  CSI    000001b8 [SR] Committing transaction
    2012-01-26 16:28:21, Info                  CSI    000001bc [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
    2012-01-26 16:28:21, Info                  CSI    000001bd [SR] Repairing 4 components
    2012-01-26 16:28:21, Info                  CSI    000001be [SR] Beginning Verify and Repair transaction
    2012-01-26 16:28:21, Info                  CSI    000001c0 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:32{16}]"themeservice.dll" from store
    2012-01-26 16:28:22, Info                  CSI    000001c2 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"uxtheme.dll" from store
    2012-01-26 16:28:22, Info                  CSI    000001c4 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:14{7}]"dwm.exe" from store
    2012-01-26 16:28:23, Info                  CSI    000001c6 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"themeui.dll" from store
    2012-01-26 16:28:23, Info                  CSI    000001c8 [SR] Repair complete

    I cut out a lot of the repetitive verification lines because my response was too long for this forum.  Does that mean it's working now or do I still have an issue?

    Thursday, January 26, 2012 4:49 PM
  • "Accuman" wrote in message news:1af4bf5b-ce08-4c21-ba44-1a3666ad0048...

    OK, thanks for all your help.

     

    I've just rerun scannow and then tried the findstr command from the kb:

    This was the output:

    2012-01-24 19:11:05, Info CSI 00000137 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:14{7}]"slc.dll" from store

    I cut out a lot of the repetitive verification lines because my response was too long for this forum.  Does that mean it's working now or do I still have an issue?

    Ouch!
     
    Please run another MGADiag report – it’s overwritten the file we put there!
     
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 26, 2012 5:25 PM
    Moderator
  • After sending the last report, I rebooted and reran sfc scannow.  It said there were no issues now.

    Here is the MGADIAG report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-VMMYH-2J78H-WXPYT
    Windows Product Key Hash: JHgrVs0yf+TJyvBQaOXJfn3mnyw=
    Windows Product ID: 00371-835-1599936-85843
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {B998E99F-273B-4895-BA49-A9F4B8223577}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{B998E99F-273B-4895-BA49-A9F4B8223577}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WXPYT</PKey><PID>00371-835-1599936-85843</PID><PIDType>5</PIDType><SID>S-1-5-21-1262617658-2480145169-778998756</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>AOHAPPY2</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>V1.04</Version><SMBIOSVersion major="2" minor="6"/><Date>20110426000000.000000+000</Date></BIOS><HWID>95600E00018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00170-835-159993-00-2057-7601.0000-0082012
    Installation ID: 003062151603415566757404281202952113070124547101877691
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: WXPYT
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 26/01/2012 18:45:32

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 1:26:2012 15:07
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAAAAQABAAIAAAABAAAAAgABAAEAJJTE2QYqICl8r/QoxPL2C7KzXDM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  ACRPRDCT
      FACP   ACRSYS  ACRPRDCT
      HPET   ACRSYS  ACRPRDCT
      BOOT   ACRSYS  ACRPRDCT
      MCFG   ACRSYS  ACRPRDCT
      WDAT   INSYDE  INSYDE 
      SLIC   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT
      SSDT   ACRSYS  ACRPRDCT


    I don't know what I'm looking at, but I hope this is now all sorted.

    Thanks again for all your assistance.

    Thursday, January 26, 2012 6:48 PM
  • The Diagnostic Report looks good to me. 

    And you say you no longer get any Non-Genuine error (or any other issue or error)?  If so, I think your problem has been fixed. Noel, do you concur?

     

    (What a marathon thread! Thank you Noel for sticking with it)

     

    Darin


    Darin MS

    Thursday, January 26, 2012 6:52 PM
  • "Accuman" wrote in message news:da2ddc89-2d57-4c97-b259-6073b3c87b89...

    After sending the last report, I rebooted and reran sfc scannow.  It said there were no issues now.

    Here is the MGADIAG report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-VMMYH-2J78H-WXPYT
    Windows Product Key Hash: JHgrVs0yf+TJyvBQaOXJfn3mnyw=
    Windows Product ID: 00371-835-1599936-85843
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.048


    I don't know what I'm looking at, but I hope this is now all sorted.

    Thanks again for all your assistance.

    That looks OK!
     
    Now I’m *really* confused, because of the problems running SFC earlier – unless a faulty SLC.DLL leads to problems with SFC.
     
    Other problems with your CBS report seem to have involved the Windows Themes files – had you perhaps installed some non-standard themes??
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 26, 2012 6:55 PM
    Moderator
  • "Darin Smith MS" wrote in message news:5990e30a-fcd3-45e3-99da-1daafa41c0d8...

    The Diagnostic Report looks good to me.

    And you say you no longer get any Non-Genuine error (or any other issue or error)?  If so, I think your problem has been fixed. Noel, do you concur?

     

    (What a marathon thread! Thank you Noel for sticking with it)

     

    Darin


    Darin MS

     
     
    It was an interesting thread – I learned a lot through it, so thanks are due more to Accuman than to me :)
     
     
    Actually.....
    @Accuman – can you please zip up the SLC.OLD file  that we created, and send it to me at ngsATcrashfixpcDOTcoDOTuk (make the obvious changes) – I’d like to see if I can make any sense of why it’s different to the normal file.
    It may be that is was infected by a virus of some kind and the AV failed to properly restore the original file – which begs the question of what happened back in September and November. If you have AV logs going back that far, is there anything there?
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 26, 2012 7:04 PM
    Moderator
  • Strange, I bought the machine in December and gave it to my wife for Christmas.  After Christmas, I installed Windows 7 Pro from scratch, but left it fairly vanilla.  I never installed any themes, just the Acer standard stuff on top of Windows 7.  I did have some issues changing it from starter to Pro.  Can't remember what they were to be honest, but I remember it was painful and suddenly just started working after a reboot, even though it had been complaining of all sorts of things.

    Thanks for all your help.

    I'll email the file now.

    Thursday, January 26, 2012 7:45 PM
  • "Accuman" wrote in message news:5ee9c03b-4aa7-459a-af54-ce18d8de72e4...

    Strange, I bought the machine in December and gave it to my wife for Christmas.  After Christmas, I installed Windows 7 Pro from scratch, but left it fairly vanilla.  I never installed any themes, just the Acer standard stuff on top of Windows 7.  I did have some issues changing it from starter to Pro.  Can't remember what they were to be honest, but I remember it was painful and suddenly just started working after a reboot, even though it had been complaining of all sorts of things.

    Thanks for all your help.

    I'll email the file now.

     
    You’re very welcome – it’s been a good training experience for me.
     
    FWIW, I just uploaded the file to VirusTotal – and got a single hit as Trojan.Malware.Win32.xPack.i from ByteHero.
     
    This is an AV I’ve never heard of before, which seems to work purely on Heuristic detections, so I have no idea how reliable such a detection is – but it does confirm at least that this is a strange file.
     
    It would definitely be worth scanning your system with an online scanner of some kind!
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 26, 2012 8:21 PM
    Moderator
  • Accuman: I'm going to leave this thread marked as Unanswered for now (so you and Noel can continue troubleshooting that odd file) but once you are done, would you click the "Mark as Answered" button under the post that you think resolved the issue?

     

    Thank you!


    Darin MS
    Thursday, January 26, 2012 10:20 PM
  • "Darin Smith MS" wrote in message news:51778be3-6ba4-46f1-9fc4-cabeb145a9c0...

    Accuman: I'm going to leave this thread marked as Unanswered for now (so you and Noel can continue troubleshooting that odd file) but once you are done, would you click the "Mark as Answered" button under the post that you think resolved the issue?

     

    Thank you!


    Darin MS
     
    Decisions, decisions <g>
     
    Actually Darin, we now have each others’ email addies, so can continue off-forum, unless you actually want us cluttering up the list?
    I may round things off in the thread by summarising the action taken – but I’m also asking around elsewhere about the peculiar way that SFC reacted during the thread. If you (or MS) have any ideas on that subject, I’d be grateful.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by Accuman Friday, January 27, 2012 11:41 AM
    Thursday, January 26, 2012 10:30 PM
    Moderator
  • "Noel D Paton" wrote in message news:84ee877f-ffe2-4e7d-8159-f6d2f2c7bd60...
     
    FWIW, I just uploaded the file to VirusTotal – and got a single hit as Trojan.Malware.Win32.xPack.i from ByteHero.
     
    It would definitely be worth scanning your system with an online scanner of some kind!
     
     
     
    I just inserted the file into a VM – and it refuses to boot, because it depends on another DLL file – ‘sl2.dll’
    I suspect that this file is the true SLC.DLL file (it’s a common tactic of malware to rename a system file, and put heir file in it’s place, to inject code into the system)
    Could you please email me the SL2.DLL file (which can then be deleted)? – zipped, if possible.
     
    Thanks!
     
    {edit} Probable confirmation of this behaviour - I renamed the properl slc.dll file in the VM to SL2.dll, and then inserted teh dodgy fil ein place - this now boots normally
    {/edit}

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, January 27, 2012 11:54 AM
    Moderator
  • Just sent.  I'll wait for your feedback before deleting them.  AVG didn't spot anything.
    Friday, January 27, 2012 12:29 PM
  • "Accuman" wrote in message news:cedf1bf3-24f5-41a4-8dff-a14bec79f163...
    Just sent.  I'll wait for your feedback before deleting them.  AVG didn't spot anything.
     
     
    Thanks
    The VirusTotal reports are here
     
    and
     
    The signing date on the MUI file is later than the release date of Win7 – so there’s definitely something odd about it, even if it has the same size as the proper one.
     
    I have to go out for the rest of the day  - more when I get back to it :)
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, January 27, 2012 1:31 PM
    Moderator
  • Could it be anything to do with Win7 Pro N?

    I downloaded that by mistake and had it on a dvd, so I may have installed that in error.  Although, the other machine that I did that to needed to be rebuilt and I only upgraded this one without any need to reinstall.

    Friday, January 27, 2012 1:52 PM
  • "Accuman" wrote in message news:1898637c-07d1-4c79-ae94-f8baa8d3a918...

    Could it be anything to do with Win7 Pro N?

    I downloaded that by mistake and had it on a dvd, so I may have installed that in error.  Although, the other machine that I did that to needed to be rebuilt and I only upgraded this one without any need to reinstall.

    I can’t see it being anything to do with N – your Key wouldn’t have work on an N disk anyhow (I think)
    As far as I can see, this is definitely malware – I’m chasing some things up at the moment, and trying to get someone to have a close look at the original file, so we may know more next week.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, January 28, 2012 9:18 AM
    Moderator
  • That's correct.  N keys only work with N copies and vice versa.
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Saturday, January 28, 2012 2:25 PM
    Answerer