Answered by:
Says computer not running genuine Windows

Question
-
I keep getting a pop up saying I am not running genuine windows with error 0x800fe21. Full disclosure, I had a virus a few months ago that played ads in the background even when no browser was open so I am thinking maybe the anti-virus steps taken may have caused this issue, however there was at least a full month between ridding of that virus and this problem starting.
Here is the requested issue:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.110622-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>E2 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
Installation ID: 013786937242744224473514982353667282985713024056079126
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 733WD
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 5/13/2012 2:41:39 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000003EFFF
Event Time Stamp: 5:8:2012 02:39
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\wat\watadminsvc.exe
Tampered File: %systemroot%\system32\wat\watweb.dll
Tampered File: %systemroot%\system32\wat\npwatweb.dll
Tampered File: %systemroot%\system32\wat\watux.exe
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
Tampered File: %systemroot%\system32\drivers\spldr.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL E2
FACP DELL E2
HPET DELL E2
BOOT DELL E2
MCFG A M I GMCH945.
TCPA
SLIC DELL E2
SSDT PmRef CpuPm
Sunday, May 13, 2012 7:45 PM
Answers
-
Let me cut to the chase & be brief here.
You are seeing the effects of a longstanding hijackware infection, possibly compounded by a rootkit (or bootkit) infection! See...
• Cleaning a Compromised System
http://technet.microsoft.com/en-us/library/cc700813.aspxThen see the (my) ANSWER post in this thread and follow those instructions (to-the-letter and in order!) to return your computer to a secure & functional state: http://answers.microsoft.com/thread/bc95f2f0-7968-4bd0-8de5-70b83db31fa6
Note: The computer should NOT be connected to the internet or any local networks (i.e., other computers) in its current state. All of your personal data (e.g., online banking & credit-card passwords) should be considered at-risk, if not already compromised.
Wish I'd had better news for you. Good luck!
~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services since 2002
MS MVPs neither represent nor work for Microsoft- Edited by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Wednesday, May 16, 2012 9:34 PM
- Marked as answer by Darin Smith MS Monday, May 21, 2012 10:25 PM
Wednesday, May 16, 2012 9:30 PM
All replies
-
The mismatches suggest that you need to reinstall the Intel Rapid Storage Drivers. This can be caused by a recent update.
Download the Intel Rapid Storage Drivers from here:
http://bit.ly/xmcovN
You’ll need the set for the x64 (64-bit) platform on Win7.
Once complete, please reboot twice, then post another MGADiag report.
Good Luck!Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
Sunday, May 13, 2012 7:55 PMAnswerer -
He actually needs the 32-bit version, Colin - but since both are in the same package, it doesn't make much difference :)
><Architecture>x32</Architecture><
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, May 13, 2012 8:03 PMModerator -
Here are the new logs.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.110622-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>E2 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
Installation ID: 013786937242744224473514982353667282985713024056079126
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 733WD
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 5/14/2012 1:12:14 AM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000003EFFF
Event Time Stamp: 5:8:2012 02:39
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\wat\watadminsvc.exe
Tampered File: %systemroot%\system32\wat\watweb.dll
Tampered File: %systemroot%\system32\wat\npwatweb.dll
Tampered File: %systemroot%\system32\wat\watux.exe
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
Tampered File: %systemroot%\system32\drivers\spldr.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL E2
FACP DELL E2
HPET DELL E2
BOOT DELL E2
MCFG A M I GMCH945.
TCPA
SLIC DELL E2
SSDT PmRef CpuPm
Monday, May 14, 2012 6:12 AM -
"Bdeniso" wrote in message news:57f5b6a0-c232-47ba-9413-3841114b0f3f...
Here are the new logs.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.048
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000003EFFF
Event Time Stamp: 5:8:2012 02:39
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\wat\watadminsvc.exe
Tampered File: %systemroot%\system32\wat\watweb.dll
Tampered File: %systemroot%\system32\wat\npwatweb.dll
Tampered File: %systemroot%\system32\wat\watux.exe
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
Tampered File: %systemroot%\system32\drivers\spldr.sys
please try the following...from an elevated Command Prompt, run the following commands.regsvr32 softpub.dllregsvr32 wintrust.dllreboot amnd run another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothMonday, May 14, 2012 8:10 AMModerator -
New logs:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.110622-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>E2 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
Installation ID: 013786937242744224473514982353667282985713024056079126
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 733WD
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 5/14/2012 1:45:11 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000003EFFF
Event Time Stamp: 5:8:2012 02:39
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\wat\watadminsvc.exe
Tampered File: %systemroot%\system32\wat\watweb.dll
Tampered File: %systemroot%\system32\wat\npwatweb.dll
Tampered File: %systemroot%\system32\wat\watux.exe
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
Tampered File: %systemroot%\system32\drivers\spldr.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL E2
FACP DELL E2
HPET DELL E2
BOOT DELL E2
MCFG A M I GMCH945.
TCPA
SLIC DELL E2
SSDT PmRef CpuPm
Monday, May 14, 2012 6:45 PM -
Sorry about that - getting my threads confused :(
No change - let's look elsewhere.
This will sound odd - but what error messages do you get if you attempt to either Check for Updates, or install updates??
These error messages often are more descriptive than those in an MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, May 14, 2012 8:38 PMModerator -
Code received
Error Code 80096001
Monday, May 14, 2012 9:32 PM -
Also the error number when the pop up validation thing comes up is
0x8004fe21
Tuesday, May 15, 2012 12:54 AM -
"Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...
Code received
Error Code 80096001
That error code is suggestive of malware.(unashamed steal from PA Bear - who I'm pinging for assistance)<quote>Please answer each of the following diagnostic questions in a numbered list in your very next reply (no need to quote this post):
1a. When (approx. date) did you purchase the computer?
1b. Did Win7 come preinstalled on the computer when you bought it, did you do a clean install of Win7, or did you upgrade from Vista to Win7?
2. Is Windows 7 Service Pack 1 (already) installed? See...
• Which version of the Windows operating system am I running?
http://windows.microsoft.com/en-us/windows7/help/which-version-of-the-windows-operating-system-am-i-running3a. When (approx. date) did you install Microsoft Security Essentials (MSE)?
3b. Was MSE offered & installed via Windows Update or did you intentionally choose to install it?
4. What anti-virus application was installed before you installed MSE, was your subscription still current, and did you uninstall it before you installed MSE?
5. Has a(nother) Norton application or a McAfee application EVER been installed on the computer?
6. Did a Norton free-trial or a McAfee free-trial [pick one] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)
7a. Are ANY of the following updates listed in View installed updates (not Update History)? [1]
• KB2631813, KB2644615, KB2584146, KB2585542
7b. How about these updates?...
• KB2618444, KB2633171, KB2639417, KB2620712, KB2619339; KB2641690 & KB2588516
• KB2572076 or KB2572077 [<=TELL ME WHICH ONE]
• KB2544521 or Windows Internet Explorer 9 [<=TELL ME WHICH ONE]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Related references may include:
Check list for installing Microsoft Security Essentials
http://answers.microsoft.com/thread/bf757e6a-e320-4a67-92bc-767e6acb26c4Can I install Microsoft Security Essentials [or any other anti-virus/anti-spyware application] to clean up my already-infected computer?
http://answers.microsoft.com/thread/87058857-d181-4019-a723-efd9a49d9275</quote>
we already have the answer to a couple of these questions from the report - but please fill them all in anyhow.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothTuesday, May 15, 2012 9:54 AMModerator -
"Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...
Code received
Error Code 80096001
You could try the fixit from here http://support.microsoft..com/kb/2230957 - it sometimes workspost back with a fresh MGADiag report after rebooting
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothTuesday, May 15, 2012 12:14 PMModerator -
"Noel D Paton" wrote in message news:b1d6ebbf-15cb-45c3-be44-de8f3d7da221..."Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...
Code received
Error Code 80096001
That error code is suggestive of malware.(unashamed steal from PA Bear - who I'm pinging for assistance)PA Bear has asked me to refer you to this thread - http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/my-windows-installer-has-failed-or-cannot-be/2927f131-91d8-47e3-9bb7-69ce50e70e47and answer the questions posed in his first post there (responses in this thread, please!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothTuesday, May 15, 2012 3:21 PMModerator -
Answers to very last post:
1. Summer of 2010, Windows 7 came per-installed
2. Win 7 Professional Version 6.1 Build 7600
3. Malware Bytes and Super Anti Spyware
4. Not that I know
5. I think so? came with McAfee installed I believe
6a. None of them
6b. None of them
6c. Neither
6d. neither
6e. have KB2544521
7. Yes firefox
8. no, not that I know of
- Edited by Bdeniso Tuesday, May 15, 2012 8:10 PM
Tuesday, May 15, 2012 8:10 PM -
"Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...
Code received
Error Code 80096001
You could try the fixit from here http://support.microsoft..com/kb/2230957 - it sometimes workspost back with a fresh MGADiag report after rebooting
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Slothnew log:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {B3E593AA-9EAE-4F1F-9116-B47B4FD62173}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.110622-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B3E593AA-9EAE-4F1F-9116-B47B4FD62173}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-1464149647-2847223951-388615649</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100528000000.000000+000</Date></BIOS><HWID>08BB3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>E2 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700524-02-1033-7600.0000-1892010
Installation ID: 013786937242744224473514982353667282985713024056079126
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 733WD
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 5/15/2012 3:17:02 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000003EFFF
Event Time Stamp: 5:15:2012 07:45
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\wat\watadminsvc.exe
Tampered File: %systemroot%\system32\wat\watweb.dll
Tampered File: %systemroot%\system32\wat\npwatweb.dll
Tampered File: %systemroot%\system32\wat\watux.exe
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
Tampered File: %systemroot%\system32\drivers\spldr.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEA6GFW8AGWgAuSGsB80nmkvFz5TFZcXQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL E2
FACP DELL E2
HPET DELL E2
BOOT DELL E2
MCFG A M I GMCH945.
TCPA
SLIC DELL E2
SSDT PmRef CpuPm
Tuesday, May 15, 2012 8:18 PM -
"Bdeniso" wrote in message news:f495bc83-d4f2-4373-aa36-cbecbde6dbeb...
1. Summer of 2010, Windows 7 came per-installed
2. Win 7 Professional Version 6.1 Build 7600
3. Malware Bytes and Super Anti Spyware
4. Not that I know
5. I think so? came with McAfee installed I believe
6a. None of them
6b. None of them
6c. Neither
6d. neither
6e. have KB2544521
7. Yes firefox
8. no, not that I know of
OK - to be on the safe side, we'd better run the uninstallers for both Norton and McAfee.You say you have MBAM and SAS - but you haven't mentioned any anti-virus?? Neither of these programs are anti-viruses.If you have no proper anti-virus protection installed, then there is no point in attempting to fix this installation - you should reformat and reinstall. Please let us know what AV is installed, if any.to run the Norton and McAfee uninstallers download them from the links below, following the instructions - note that teh uninstallers will work no matter which option you pick, since the difference in in the reactivation links, rather than anything else, and have nothing to do with the uninstallers themselves.Norton Removal ToolMcAfee MCPRreboot after each uninstall (whether it asks for it or not)then post a new MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothTuesday, May 15, 2012 8:22 PMModerator -
"Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...
Code received
Error Code 80096001
That error code is suggestive of malware.(unashamed steal from PA Bear - who I'm pinging for assistance)<quote>Please answer each of the following diagnostic questions in a numbered list in your very next reply (no need to quote this post):
1a. When (approx. date) did you purchase the computer?
1b. Did Win7 come preinstalled on the computer when you bought it, did you do a clean install of Win7, or did you upgrade from Vista to Win7?
2. Is Windows 7 Service Pack 1 (already) installed? See...
• Which version of the Windows operating system am I running?
http://windows.microsoft.com/en-us/windows7/help/which-version-of-the-windows-operating-system-am-i-running3a. When (approx. date) did you install Microsoft Security Essentials (MSE)?
3b. Was MSE offered & installed via Windows Update or did you intentionally choose to install it?
4. What anti-virus application was installed before you installed MSE, was your subscription still current, and did you uninstall it before you installed MSE?
5. Has a(nother) Norton application or a McAfee application EVER been installed on the computer?
6. Did a Norton free-trial or a McAfee free-trial [pick one] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)
7a. Are ANY of the following updates listed in View installed updates (not Update History)? [1]
• KB2631813, KB2644615, KB2584146, KB2585542
7b. How about these updates?...
• KB2618444, KB2633171, KB2639417, KB2620712, KB2619339; KB2641690 & KB2588516
• KB2572076 or KB2572077 [<=TELL ME WHICH ONE]
• KB2544521 or Windows Internet Explorer 9 [<=TELL ME WHICH ONE]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Related references may include:
Check list for installing Microsoft Security Essentials
http://answers.microsoft.com/thread/bf757e6a-e320-4a67-92bc-767e6acb26c4Can I install Microsoft Security Essentials [or any other anti-virus/anti-spyware application] to clean up my already-infected computer?
http://answers.microsoft.com/thread/87058857-d181-4019-a723-efd9a49d9275</quote>
we already have the answer to a couple of these questions from the report - but please fill them all in anyhow.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth1. Summer 2010
1b. Win 7 preinstalled
2. Win 7 Professional Version 6.1 Build 7600
3. I really have no idea, I think it came preinstalled
4. I dont think so
5. Not to my knowledge
6. I think McAfee did
7a. none of them
7b. none of them, neither KB2572076 or KB2572077, and do have KB2544521
Tuesday, May 15, 2012 8:23 PM -
"Bdeniso" wrote in message news:094f8454-a07c-4f68-a36d-0fe93e292b60..."Bdeniso" wrote in message news:ba1cebcc-a171-4747-b2e8-59d8ece892ba...
Code received
Error Code 80096001
You could try the fixit from here http://support.microsoft...com/kb/2230957 - it sometimes workspost back with a fresh MGADiag report after rebooting
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Slothnew log:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.048
No change :(Please see my other note on your AV situation.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothTuesday, May 15, 2012 8:29 PMModerator -
"Bdeniso" wrote in message news:f495bc83-d4f2-4373-aa36-cbecbde6dbeb...
1. Summer of 2010, Windows 7 came per-installed
2. Win 7 Professional Version 6.1 Build 7600
3. Malware Bytes and Super Anti Spyware
4. Not that I know
5. I think so? came with McAfee installed I believe
6a. None of them
6b. None of them
6c. Neither
6d. neither
6e. have KB2544521
7. Yes firefox
8. no, not that I know of
OK - to be on the safe side, we'd better run the uninstallers for both Norton and McAfee.You say you have MBAM and SAS - but you haven't mentioned any anti-virus?? Neither of these programs are anti-viruses.If you have no proper anti-virus protection installed, then there is no point in attempting to fix this installation - you should reformat and reinstall. Please let us know what AV is installed, if any.to run the Norton and McAfee uninstallers download them from the links below, following the instructions - note that teh uninstallers will work no matter which option you pick, since the difference in in the reactivation links, rather than anything else, and have nothing to do with the uninstallers themselves.Norton Removal ToolMcAfee MCPRreboot after each uninstall (whether it asks for it or not)then post a new MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, May 16, 2012 2:20 AM -
"Bdeniso" wrote in message news:f495bc83-d4f2-4373-aa36-cbecbde6dbeb...
1. Summer of 2010, Windows 7 came per-installed
2. Win 7 Professional Version 6.1 Build 7600
3. Malware Bytes and Super Anti Spyware
4. Not that I know
5. I think so? came with McAfee installed I believe
6a. None of them
6b. None of them
6c. Neither
6d. neither
6e. have KB2544521
7. Yes firefox
8. no, not that I know of
OK - to be on the safe side, we'd better run the uninstallers for both Norton and McAfee.You say you have MBAM and SAS - but you haven't mentioned any anti-virus?? Neither of these programs are anti-viruses.If you have no proper anti-virus protection installed, then there is no point in attempting to fix this installation - you should reformat and reinstall. Please let us know what AV is installed, if any.to run the Norton and McAfee uninstallers download them from the links below, following the instructions - note that teh uninstallers will work no matter which option you pick, since the difference in in the reactivation links, rather than anything else, and have nothing to do with the uninstallers themselves.Norton Removal ToolMcAfee MCPRreboot after each uninstall (whether it asks for it or not)then post a new MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, May 16, 2012 2:25 AM -
Uninstall. You can reinstall later. You can run the free scan from the website. Most of the anti-virus providers have a free online scanner you can use.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
Wednesday, May 16, 2012 2:36 AMAnswerer -
"Bdeniso" wrote in message news:8948bc5b-d515-41f8-a089-7ca5544b6225...Actually, I have McAffee installed but it wont let On Access scan be enabled keeps turning off. Running a on demand scan now while I wait if I should still proceed with uninstall.
What is the date of the installed definitions?Does it say 'license expired' anywhere?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, May 16, 2012 8:44 AMModerator -
"Bdeniso" wrote in message news:8948bc5b-d515-41f8-a089-7ca5544b6225...Actually, I have McAffee installed but it wont let On Access scan be enabled keeps turning off. Running a on demand scan now while I wait if I should still proceed with uninstall.
What is the date of the installed definitions?Does it say 'license expired' anywhere?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothInstalled 8/24/2010
And says licensed and not licensee expired
Wednesday, May 16, 2012 4:06 PM -
"Bdeniso" wrote in message news:b1417701-c444-4477-b9de-a01b1b2f647b...Installed 8/24/2010
And says licensed and not licensee expired
...and you'd forgotten all about it? - even after a 'virus' attack a few months ago??- from the date, it looks as if it was installed when you first got the PC?Most licenses only run for 12 months - and most AV's have at least one serious upgrade during that period.I'll ask PA Bear to look in and see if he can advise.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, May 16, 2012 4:36 PMModerator -
"Bdeniso" wrote in message news:b1417701-c444-4477-b9de-a01b1b2f647b...Installed 8/24/2010
And says licensed and not licensee expired
...and you'd forgotten all about it? - even after a 'virus' attack a few months ago??- from the date, it looks as if it was installed when you first got the PC?Most licenses only run for 12 months - and most AV's have at least one serious upgrade during that period.I'll ask PA Bear to look in and see if he can advise.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, May 16, 2012 6:49 PM -
Let me cut to the chase & be brief here.
You are seeing the effects of a longstanding hijackware infection, possibly compounded by a rootkit (or bootkit) infection! See...
• Cleaning a Compromised System
http://technet.microsoft.com/en-us/library/cc700813.aspxThen see the (my) ANSWER post in this thread and follow those instructions (to-the-letter and in order!) to return your computer to a secure & functional state: http://answers.microsoft.com/thread/bc95f2f0-7968-4bd0-8de5-70b83db31fa6
Note: The computer should NOT be connected to the internet or any local networks (i.e., other computers) in its current state. All of your personal data (e.g., online banking & credit-card passwords) should be considered at-risk, if not already compromised.
Wish I'd had better news for you. Good luck!
~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services since 2002
MS MVPs neither represent nor work for Microsoft- Edited by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Wednesday, May 16, 2012 9:34 PM
- Marked as answer by Darin Smith MS Monday, May 21, 2012 10:25 PM
Wednesday, May 16, 2012 9:30 PM