locked
Windows 7 Genuine Advantage Errors and Issues after clone to SSD RRS feed

  • Question

  • I've a Asus eeepc 1215n that I've swapped the hard drive on to a SSD and cloned the OEM Windows 7 over to. It was running ok but now it's complaining about Genuine Advantage issues and the tool errors when it runs. I've also noticed that Windows Update fails to run.

    Below is the  output from MGADiag.

    Cheers,

    Neil

    -----------------------------------------------------------------------

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E9F67EC6-0BE9-44A6-8FE0-F7D1DD2C6CB3}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E9F67EC6-0BE9-44A6-8FE0-F7D1DD2C6CB3}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-2981297267-1596788554-3823315924</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>1215N</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0902   </Version><SMBIOSVersion major="2" minor="6"/><Date>20110505000000.000000+000</Date></BIOS><HWID>99B80B00018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2072009
    Installation ID: 009670245045811774708151930311375986103395346784173694
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 9YQTR
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 10/05/2014 13:21:38

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 5:10:2014 13:01
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: LgAAAAAAAQABAAMAAAABAAAAAgABAAEAeqim88hjXPAOmD6XwOIu7S7c1NdcMw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC A_M_I_ OEMAPIC 
      FACP A_M_I_ OEMFACP 
      HPET A_M_I_ OEMHPET 
      MCFG A_M_I_ OEMMCFG 
      ECDT A_M_I_ OEMECDT 
      OEMB A_M_I_ AMI_OEM 
      GSCI A_M_I_ GMCHSCI 
      SSDT PmRef CpuPm
      SLIC _ASUS_ Notebook

    Saturday, May 10, 2014 3:45 AM

Answers

  • ...in that case, try this...

    Please run the following commands in an Elevated Command Prompt

    NET STOP CRYPTSVC
    REN C:\WINDOWS\SYSTEM32\CATROOT2 CATROOT2OLD
    NET START CRYPTSVC

    once complete, leave the system alone for at least an hour to rebuild the database, then reboot, and run another MGADiag report and post the results.

    Note that this may delete your Update History - but all updates will remain installed, and can be viewed in the Installed Updates listing.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, May 14, 2014 1:15 PM
    Moderator

All replies

  • Download and install the Intel Chipset Device Software (INF Update Utility) and then restart your PC.  Report back with a new MGA report.

    Carey Frisch

    Saturday, May 10, 2014 7:11 AM
    Moderator
  • Thanks for that Carey. Downloaded and installed the Intel drivers, rebooted but still the same, I get 0xC8000247 when running the downloaded Windows Activation Update.

    Here's the new MGA report.

    Cheers,

    Neil.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E9F67EC6-0BE9-44A6-8FE0-F7D1DD2C6CB3}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E9F67EC6-0BE9-44A6-8FE0-F7D1DD2C6CB3}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-2981297267-1596788554-3823315924</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>1215N</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0902   </Version><SMBIOSVersion major="2" minor="6"/><Date>20110505000000.000000+000</Date></BIOS><HWID>99B80B00018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2072009
    Installation ID: 009670245045811774708151930311375986103395346784173694
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 9YQTR
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 11/05/2014 00:02:38

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 5:10:2014 13:01
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: LgAAAAAAAQABAAMAAAABAAAAAgABAAEAeqim88hjXPAOmD6XwOIu7S7c1NdcMw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            A_M_I_        OEMAPIC
      FACP            A_M_I_        OEMFACP
      HPET            A_M_I_        OEMHPET
      MCFG            A_M_I_        OEMMCFG
      ECDT            A_M_I_        OEMECDT
      OEMB            A_M_I_        AMI_OEM
      GSCI            A_M_I_        GMCHSCI
      SSDT            PmRef        CpuPm
      SLIC            _ASUS_        Notebook

    Sunday, May 11, 2014 12:08 AM
  • This may simply be caused by a bad set of Intel Rapid Storage Technology drivers -  

    Installing the Intel Rapid Storage Drivers

    try downloading and installing them from here - https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=2101&DwnldID=22194

    (you want the iata_enu.exe download)

    Once complete, please reboot twice, then post another MGADiag report.   


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 11, 2014 10:04 AM
    Moderator
  • Hi Noel, thanks for the suggestion but when I attempted to install those drivers it said 'your computer does not meet the minimum requirements for this software'

    Wednesday, May 14, 2014 3:11 AM
  • ...in that case, try this...

    Please run the following commands in an Elevated Command Prompt

    NET STOP CRYPTSVC
    REN C:\WINDOWS\SYSTEM32\CATROOT2 CATROOT2OLD
    NET START CRYPTSVC

    once complete, leave the system alone for at least an hour to rebuild the database, then reboot, and run another MGADiag report and post the results.

    Note that this may delete your Update History - but all updates will remain installed, and can be viewed in the Installed Updates listing.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, May 14, 2014 1:15 PM
    Moderator
  • Thanks for helping Noel, I've run those commands in an admin CMD prompt, waited for a bit and rebooted.

    Here's the updated MGA diag.

    Cheers,

    Neil.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E9F67EC6-0BE9-44A6-8FE0-F7D1DD2C6CB3}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E9F67EC6-0BE9-44A6-8FE0-F7D1DD2C6CB3}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-2981297267-1596788554-3823315924</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>1215N</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0902   </Version><SMBIOSVersion major="2" minor="6"/><Date>20110505000000.000000+000</Date></BIOS><HWID>99B80B00018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2072009
    Installation ID: 009670245045811774708151930311375986103395346784173694
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 9YQTR
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 17/05/2014 12:18:38

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 5:17:2014 17:08
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: LgAAAAAAAQABAAMAAAABAAAAAgABAAEAeqim88hjXPAOmD6XwOIu7S7c1NdcMw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC A_M_I_ OEMAPIC 
      FACP A_M_I_ OEMFACP 
      HPET A_M_I_ OEMHPET 
      MCFG A_M_I_ OEMMCFG 
      ECDT A_M_I_ OEMECDT 
      OEMB A_M_I_ AMI_OEM 
      GSCI A_M_I_ GMCHSCI 
      SSDT PmRef CpuPm
      SLIC _ASUS_ Notebook

    Saturday, May 17, 2014 12:29 PM
  • That does appear to have reduced the number of errors present, marginally - now we can try working on the rest of them.

    Please open an elevated Command Prompt, and run the following command...

    REGSVR32 WINTRUST.DLL

    You should get a 'success' popup - reboot twice, and then run another MGADiag report, and post the result.

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, May 17, 2014 4:33 PM
    Moderator
  • Well let's hope it's going in the right direction, thanks again for the help.

    I followed the steps (got the pop-up), rebooted twice and here's the output.

    Cheers,

    Neil.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E9F67EC6-0BE9-44A6-8FE0-F7D1DD2C6CB3}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E9F67EC6-0BE9-44A6-8FE0-F7D1DD2C6CB3}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-2981297267-1596788554-3823315924</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>1215N</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0902   </Version><SMBIOSVersion major="2" minor="6"/><Date>20110505000000.000000+000</Date></BIOS><HWID>99B80B00018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2072009
    Installation ID: 009670245045811774708151930311375986103395346784173694
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 9YQTR
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 18/05/2014 19:10:14

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 5:18:2014 19:02
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: LgAAAAAAAQABAAMAAAABAAAAAgABAAEAeqim88hjXPAOmD6XwOIu7S7c1NdcMw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC A_M_I_ OEMAPIC 
      FACP A_M_I_ OEMFACP 
      HPET A_M_I_ OEMHPET 
      MCFG A_M_I_ OEMMCFG 
      ECDT A_M_I_ OEMECDT 
      OEMB A_M_I_ AMI_OEM 
      GSCI A_M_I_ GMCHSCI 
      SSDT PmRef CpuPm
      SLIC _ASUS_ Notebook

    Sunday, May 18, 2014 9:12 AM
  • I think we need to take a couple of steps back - I see I managed to convince myself that something we'd done earlier had change the output in some way, but I can't see that now.

    That being the case, let's go back and check a couple of things...

    Please open an Elevated Command Prompt, and run the following commands.

    DIR C:\Windows\System32\Catroot2

    DIR C:\WIndows\SoftwareDistribution

    ICACLS C:\Windows\System32\Catroot2

    ICACLS C:\WIndows\SoftwareDistribution

    Post the results

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 18, 2014 9:34 AM
    Moderator
  • Thanks Noel, here's the output:

    C:\windows\system32>DIR C:\Windows\System32\Catroot2
     Volume in drive C has no label.
     Volume Serial Number is 4469-DB06

     Directory of C:\Windows\System32\Catroot2

    17/05/2014  12:18    <DIR>          .
    17/05/2014  12:18    <DIR>          ..
    19/05/2014  19:34           116,858 dberr.txt
    17/05/2014  12:18    <DIR>          {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
                   1 File(s)        116,858 bytes
                   3 Dir(s)   9,696,256,000 bytes free

    C:\windows\system32>DIR C:\WIndows\SoftwareDistribution
     Volume in drive C has no label.
     Volume Serial Number is 4469-DB06

     Directory of C:\WIndows\SoftwareDistribution

    17/01/2014  16:42    <DIR>          .
    17/01/2014  16:42    <DIR>          ..
    30/11/2013  08:40    <DIR>          AuthCabs
    26/12/2010  13:35    <DIR>          DataStore
    30/11/2013  08:41    <DIR>          Download
    26/11/2013  20:27    <DIR>          PostRebootEventCache
    17/05/2014  17:08         1,033,182 ReportingEvents.log
    11/05/2014  00:02    <DIR>          ScanFile
    09/06/2012  09:10    <DIR>          SelfUpdate
    25/12/2010  23:10    <DIR>          WuRedir
                   1 File(s)      1,033,182 bytes
                   9 Dir(s)   9,665,015,808 bytes free

    C:\windows\system32>ICACLS C:\Windows\System32\Catroot2
    C:\Windows\System32\Catroot2 NT SERVICE\CryptSvc:(OI)(CI)(F)
                                 NT SERVICE\TrustedInstaller:(I)(F)
                                 NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                                 NT AUTHORITY\SYSTEM:(I)(F)
                                 NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                 BUILTIN\Administrators:(I)(F)
                                 BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                                 BUILTIN\Users:(I)(RX)
                                 BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                                 CREATOR OWNER:(I)(OI)(CI)(IO)(F)

    Successfully processed 1 files; Failed processing 0 files

    C:\windows\system32>ICACLS C:\WIndows\SoftwareDistribution
    C:\WIndows\SoftwareDistribution NT SERVICE\TrustedInstaller:(I)(F)
                                    NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                                    NT AUTHORITY\SYSTEM:(I)(F)
                                    NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                    BUILTIN\Administrators:(I)(F)
                                    BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                                    BUILTIN\Users:(I)(RX)
                                    BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                                    CREATOR OWNER:(I)(OI)(CI)(IO)(F)

    Successfully processed 1 files; Failed processing 0 files

    Monday, May 19, 2014 9:39 AM
  • The Catroot2 folder isn't being rebuilt as it should be - this could be for a number of reasons....

    Let's see what happens if we attempt to force a rebuild...

    Open an Elevated Command Prompt, and run the following commands...

    NET STOP CRYPTSVC 
    esentutl /p <%systemroot%>\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    NET START CRYPTSVC
     
    

    post the results (the second one will take a minute or two) and then reboot, and post a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, May 19, 2014 11:09 AM
    Moderator
  • Hi Noel,

    It looks like something is quite wrong, there is no catdb file in that directory:

    C:\windows\system32>net stop cryptsvc
    The Cryptographic Services service is stopping..
    The Cryptographic Services service was stopped successfully.


    C:\windows\system32>esentutl /p <%systemroot%>\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    Access is denied.

    C:\windows\system32>esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

    Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
    Version 6.1
    Copyright (C) Microsoft Corporation. All Rights Reserved.

    Error: Access to source database 'C:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb' failed with Jet error -1811.

    Operation terminated with error -1811 (JET_errFileNotFound, File not found) after 0.32 seconds.




    C:\windows\system32>dir %systemroot%\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
     Volume in drive C has no label.
     Volume Serial Number is 4469-DB06

     Directory of C:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

    File Not Found

    C:\windows\system32>dir %systemroot%\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
     Volume in drive C has no label.
     Volume Serial Number is 4469-DB06

     Directory of C:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

    17/05/2014  12:18    <DIR>          .
    17/05/2014  12:18    <DIR>          ..
                   0 File(s)              0 bytes
                   2 Dir(s)   9,664,471,040 bytes free

    Any ideas?

    Cheers,

    Neil

    Wednesday, May 21, 2014 11:26 AM
  • - Please run the following commands

    DIR C:\Windows\System32\catroot2ICACLS C:\Windows\System32\catroot2
    REG QUERY HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
    REG QUERY HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
    REG QUERY HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck
    REG QUERY HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck

    Post the results.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, May 21, 2014 12:37 PM
    Moderator
  • Sorry for the delay - thanks again for this.

    Cheers,

    Neil

    C:\windows\system32>DIR C:\Windows\System32\catroot2ICACLS C:\Windows\System32\catroot2\
     Volume in drive C has no label.
     Volume Serial Number is 4469-DB06

     Directory of C:\Windows\System32

    File Not Found

     Directory of C:\Windows\System32\catroot2

    21/05/2014  11:49    <DIR>          .
    21/05/2014  11:49    <DIR>          ..
    25/05/2014  02:19           141,666 dberr.txt
    21/05/2014  11:49    <DIR>          {127D0A1D-4EF2-11D1-8608-00C04FC295EE}
    17/05/2014  12:18    <DIR>          {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
                   1 File(s)        141,666 bytes
                   4 Dir(s)  11,570,073,600 bytes free

    C:\windows\system32>REG QUERY HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
        $DLL    REG_SZ    WINTRUST.DLL
        $Function    REG_SZ    SoftpubCheckCert


    C:\windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
    ERROR: The system was unable to find the specified registry key or value.

    C:\windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck
    ERROR: The system was unable to find the specified registry key or value.

    C:\windows\system32>REG QUERY HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{A7F4C378-21BE-494e-BA0F-BB12C5D208C5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{D41E4F1D-A407-11D1-8BC9-00C04FA30A41}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{D41E4F1F-A407-11D1-8BC9-00C04FA30A41}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}

    C:\windows\system32>

    Sunday, May 25, 2014 2:28 AM
  • Those results are normal. (the errors are simply because it's a 32-bit system and those registry keys don't exist)

    Please run the following commands and post the results...

     DIR C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

     DIR C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}

     ICACLS C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} /T

     ICACLS C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} /T


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 25, 2014 11:05 AM
    Moderator
  • Thanks, here's the output.

    Cheers,

    Neil.


    C:\>DIR C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
     Volume in drive C has no label.
     Volume Serial Number is 4469-DB06

     Directory of C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

    17/05/2014  12:18    <DIR>          .
    17/05/2014  12:18    <DIR>          ..
                   0 File(s)              0 bytes
                   2 Dir(s)  11,586,912,256 bytes free

    C:\>DIR C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
     Volume in drive C has no label.
     Volume Serial Number is 4469-DB06

     Directory of C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}

    21/05/2014  11:49    <DIR>          .
    21/05/2014  11:49    <DIR>          ..
                   0 File(s)              0 bytes
                   2 Dir(s)  11,586,912,256 bytes free

    C:\>ICACLS C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} /T
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} NT SERVICE\CryptSvc:(OI)(CI)(F)
                                                                        NT SERVICE\TrustedInstaller:(F)
                                                                        NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                                                                        NT AUTHORITY\SYSTEM:(F)
                                                                        NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                                                        BUILTIN\Administrators:(F)
                                                                        BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                                                                        BUILTIN\Users:(RX)
                                                                        BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                                                                        NT AUTHORITY\NETWORK SERVICE:(F)
                                                                        CREATOR OWNER:(I)(OI)(CI)(IO)(F)

    Successfully processed 1 files; Failed processing 0 files

    C:\> ICACLS C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} /T
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} NT SERVICE\CryptSvc:(OI)(CI)(F)
                                                                        NT SERVICE\TrustedInstaller:(F)
                                                                        NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                                                                        NT AUTHORITY\SYSTEM:(F)
                                                                        NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                                                        BUILTIN\Administrators:(F)
                                                                        BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                                                                        BUILTIN\Users:(RX)
                                                                        BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                                                                        NT AUTHORITY\NETWORK SERVICE:(F)
                                                                        CREATOR OWNER:(I)(OI)(CI)(IO)(F)

    Successfully processed 1 files; Failed processing 0 files

    C:\>


    Sunday, May 25, 2014 1:43 PM
  • Apart from the missing catdb files, that looks normal.

    I wonder...

    Please open an Elevated Command Prompt, and run the following commands

    NET START Cryptsvc
    SC QC Cryptsvc
    SC QUERYEX Cryptsvc
    sc qprivs Cryptsvc
    sc qsidtype Cryptsvc
    sc sdshow Cryptsvc
     
    .

    post the results.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 25, 2014 2:25 PM
    Moderator
  • Thanks. Here you go:

    C:\windows\system32>net start cryptsvc
    The requested service has already been started.

    More help is available by typing NET HELPMSG 2182.


    C:\windows\system32>sc qc cryptsvc
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: cryptsvc
            TYPE               : 20  WIN32_SHARE_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\windows\system32\svchost.exe -k NetworkService
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : Cryptographic Services
            DEPENDENCIES       : RpcSs
            SERVICE_START_NAME : NT Authority\NetworkService

    C:\windows\system32>sc queryex cryptsvc

    SERVICE_NAME: cryptsvc
            TYPE               : 20  WIN32_SHARE_PROCESS
            STATE              : 4  RUNNING
                                    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 1280
            FLAGS              :

    C:\windows\system32>sc qprivs cryptsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: cryptsvc
            PRIVILEGES       : SeChangeNotifyPrivilege
                             : SeCreateGlobalPrivilege
                             : SeImpersonatePrivilege

    C:\windows\system32>sc qsidtype cryptsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: cryptsvc
    SERVICE_SID_TYPE:  UNRESTRICTED

    C:\windows\system32>sc sdshow cryptsvc

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPW
    PDTLOCRSDRCWDWO;;;WD)

    C:\windows\system32>

    Wednesday, May 28, 2014 11:54 PM