Remove From My Forums

Validation Error- Windows 7 Home Premium

Question
0

Sign in to vote
I bought my desktop from Futureshop a couple years back, which Windows 7 came included, and I've recently started to receive the validation error.

Please help.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {41BACD97-EC42-4FD3-8505-E532FAE40B8E}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{41BACD97-EC42-4FD3-8505-E532FAE40B8E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-866602523-3621846186-975519854</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>h8-1120</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.16</Version><SMBIOSVersion major="2" minor="6"/><Date>20111005000000.000000+000</Date></BIOS><HWID>C73F3407018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65947</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7601.0000-0422011
Installation ID: 003302867823963313023460274251565552129770800381809003
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 3/23/2014 9:23:30 AM

Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 3:23:2014 09:18
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

HWID Data-->
HWID Hash Current: NgAAAAIAAQABAAEAAQACAAAABAABAAEAln36asTKTjQk6QioJr/eiFilReHtsKB7+O0W0C5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
DBGP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
SSDT HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
- Edited by Skwan Sunday, March 23, 2014 3:38 PM
Sunday, March 23, 2014 3:29 PM

Answers

0

Sign in to vote
I'm going to try something that may be a little risky - so feel free to refuse to do it!

Please open an Elevated Command Prompt, and run the following commands

TAKEOWN /F C:\Windows\System32 /A

ICACLS C:\Windows\System32

(this will hopefully put the ownership of the folder to the Administrators group, rather than TrustedInstaller, and bypass any permissions restrictions - then display the permissions properly - the risk comes from reducing the security level of the system significantly)

post the results, and we'll see if it has achieved anything.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Proposed as answer by Noel D PatonModerator Tuesday, April 8, 2014 5:36 PM
- Marked as answer by Noel D PatonModerator Friday, April 18, 2014 2:02 PM
Sunday, March 30, 2014 9:28 AM

Moderator

All replies

0

Sign in to vote

To confirm that the problem is what I think it is, please run the following commands in an Elevated Command Prompt window and post the results.

REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

Here are some instructions to make life easier :)

1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.

2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.

3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Tuesday, March 25, 2014 9:22 AM

Moderator
0

Sign in to vote

Thanks for the reply; here's the result.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE57495
7-4077-4AD6-8658-327C2C86C5AA} /S

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0
(Default) REG_SZ SPPUI 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0\win32
(Default) REG_EXPAND_SZ %SystemRoot%\System32\slui.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\FLAGS
(Default) REG_SZ 0

C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-
8658-327C2C86C5AA} /S

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0
(Default) REG_SZ SPPUI 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0\0\win32
(Default) REG_EXPAND_SZ %SystemRoot%\System32\slui.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0\FLAGS
(Default) REG_SZ 0

C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE57495
7-4077-4AD6-8658-327C2C86C5AA} /S

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0
(Default) REG_SZ SPPUI 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0\win32
(Default) REG_EXPAND_SZ %SystemRoot%\System32\slui.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\FLAGS
(Default) REG_SZ 0

C:\Windows\system32>

Tuesday, March 25, 2014 5:01 PM
0

Sign in to vote

Everything there looks normal - so we'll have to go the long way around....

Please run a full CHKDSK and SFC scan....

Click on Start > All Programs > Accessories

Right-click on the Command Prompt entry

Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt
window should pop up.

At the Command prompt, type

CHKDSK C: /R

and hit the Enter key.

You will be told that the drive is locked,

and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

The chkdsk will take a few hours depending on the size of the drive, so be patient!

After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) - then run the SFC.

SFC -System File Checker - Instructions

Click on Start > All Programs > Accessories

Right-click on the Command Prompt entry

Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt
window should pop up.

At the Command prompt, type

SFC /SCANNOW

and hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.

Copy the file C:\Windows\Logs\CBS\CBS.log to the desktop, then compress the copy, and upload the compressed file to you OneDrive or other favoured fileshare site, and post a link.

Run another MGADiag report, and post that to your reply.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Wednesday, March 26, 2014 7:22 AM

Moderator
0

Sign in to vote
Here you are.

https://onedrive.live.com/redir?resid=A931B3830C775253%21235

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {DB8FC03A-A3AA-4770-A254-DF75C531F4AA}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{DB8FC03A-A3AA-4770-A254-DF75C531F4AA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-866602523-3621846186-975519854</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>h8-1120</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.16</Version><SMBIOSVersion major="2" minor="6"/><Date>20111005000000.000000+000</Date></BIOS><HWID>C70F3607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65947</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7601.0000-0422011
Installation ID: 003302867823963313023460274251565552129770800381809003
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 3/27/2014 11:00:17 AM

Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 3:23:2014 09:18
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

HWID Data-->
HWID Hash Current: NgAAAAIAAQABAAEAAQACAAAABAABAAEAln36asTKTjQk6QioJr/eiFilReHtsKB7+O0W0C5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
DBGP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
SSDT HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
- Edited by Skwan Thursday, March 27, 2014 6:04 PM reasons
Thursday, March 27, 2014 5:01 PM
0

Sign in to vote

The SFC scan was clear - which means that the problem is likely to be registry-related.

Please download and save the CheckSUR tool from http://support.microsoft.com/kb/947821

(you'll need to look in the details for Windows 7, downloading from the Microsoft Download Center)

Run it - The tool can take anywhere from 5 mins to a couple of hours to run (or 'Install') depending on how much it has to do, and may exit silently - it may appear to freeze for most of that time, but be patient.

The result is logged in the C:\Windows\Logs\CBS\CheckSUR.log file - and an archive …\checksur.persist.log file

Then zip the CheckSUR.log and upload it to your OneDrive Public folder so I can take a look - post a link in your reply.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Thursday, March 27, 2014 6:51 PM

Moderator
0

Sign in to vote

https://onedrive.live.com/redir?resid=A931B3830C775253%21236

Here you are.

Thursday, March 27, 2014 8:44 PM
0

Sign in to vote

That scan is also clear.

This is going to make it difficult to isolate the cause :(

Let's check file permissions...

Open an elevated Command Prompt, and run the following commands...

ICACLS C:\Windows\System32

ICACLS C:\Windows\System32\slui.exe

ICACLS C:\Windows\System32\en-us\slui.exe.mui

ATTRIB C:\Windows\System32\slui.exe

ATTRIB C:\Windows\System32\en-us\slui.exe.mui

post the results, and we'll see if there's anything amiss there.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Friday, March 28, 2014 7:58 AM

Moderator
0

Sign in to vote
ICACLS C:\Windows\System32 - 0 Fails
ICACLS C:\Windows\System32\slui.exe -0 Fails
ICACLS C:\Windows\System32\en-us\slui.exe.mui -0 Fails
ATTRIB C:\Windows\System32\slui.exe - Received "A C:\Windows\System32\slui.exe" as a response
ATTRIB C:\Windows\System32\en-us\slui.exe.mui - Received "A C:\Windows\System32\en-us\slui.exe.mui" as a response
- Edited by Skwan Saturday, March 29, 2014 2:21 AM appearance
Saturday, March 29, 2014 2:19 AM
0

Sign in to vote

Egads!

That sounds like massive permissions problems? I would have expected something like that to show up in the SFC/CBS log, though?

Let's try this one -

ICACLS C:\Windows

post that, and it may give us a clue.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Saturday, March 29, 2014 7:20 AM

Moderator
0

Sign in to vote

C:\Windows\system32>ICACLS C:\Windows
C:\Windows NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>

Saturday, March 29, 2014 5:44 PM
0

Sign in to vote
I'm going to try something that may be a little risky - so feel free to refuse to do it!

Please open an Elevated Command Prompt, and run the following commands

TAKEOWN /F C:\Windows\System32 /A

ICACLS C:\Windows\System32

(this will hopefully put the ownership of the folder to the Administrators group, rather than TrustedInstaller, and bypass any permissions restrictions - then display the permissions properly - the risk comes from reducing the security level of the system significantly)

post the results, and we'll see if it has achieved anything.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Proposed as answer by Noel D PatonModerator Tuesday, April 8, 2014 5:36 PM
- Marked as answer by Noel D PatonModerator Friday, April 18, 2014 2:02 PM
Sunday, March 30, 2014 9:28 AM

Moderator
0

Sign in to vote

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>TAKEOWN /F C:\Windows\System32 /A

SUCCESS: The file (or folder): "C:\Windows\System32" now owned by the administra
tors group.

C:\Windows\system32>ICACLS C:\Windows\System32
C:\Windows\System32 NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

Sunday, March 30, 2014 5:33 PM
0

Sign in to vote

Good - that's at least got the ICACLS showing properly

The permissions are perfectly normal, so I don't really understand what the problem was first time around.

Please run a new MGADiag report and post the results.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Sunday, March 30, 2014 7:02 PM

Moderator
0

Sign in to vote

Here you go

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {96ECC064-B814-4768-BEC5-9835EAF5D62C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{96ECC064-B814-4768-BEC5-9835EAF5D62C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-866602523-3621846186-975519854</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>h8-1120</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.16</Version><SMBIOSVersion major="2" minor="6"/><Date>20111005000000.000000+000</Date></BIOS><HWID>C7B33207018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65947</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7601.0000-0422011
Installation ID: 003302867823963313023460274251565552129770800381809003
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 3/30/2014 2:06:36 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:28:2014 23:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NgAAAAIAAQABAAEAAQACAAAABAABAAEAln36asTKTjQk6QioJr/eiFilReHtsKB7+O0W0C5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
DBGP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
SSDT HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC

Sunday, March 30, 2014 8:07 PM
0

Sign in to vote

That's OK now.

... which leaves us with the question of what is wrong with your system to make it necessary to take ownership of the System32 folder into Administrators.

Please download the Farbar Service Scanner from

http://www.bleepingcomputer.com/download/farbar-service-scanner/

Right-click on the saved file and select 'Run as Administrator', and tick all the options, then click on the Scan button - copy and paste the report to your response.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Sunday, March 30, 2014 8:18 PM

Moderator
0

Sign in to vote

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Sunday, March 30, 2014 9:33 PM
0

Sign in to vote

So that general scan is normal.

Let's have a look at TrustedInstaller in detail, along with one other thing..

Please open an Elevated Command Prompt, and run the following commands

REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller /S

REG QUERY HKU

REG QUERY HKU\S-1-5-20

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Sunday, March 30, 2014 9:49 PM

Moderator
0

Sign in to vote

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\TrustedInst
aller /S

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller
BlockTime REG_DWORD 0x2a30
BlockTimeIncrement REG_DWORD 0x384
PreshutdownTimeout REG_DWORD 0x36ee80
DisplayName REG_SZ @%SystemRoot%\servicing\TrustedInstaller.exe,-100
Group REG_SZ ProfSvc_Group
ImagePath REG_EXPAND_SZ %SystemRoot%\servicing\TrustedInstaller.exe
Description REG_SZ @%SystemRoot%\servicing\TrustedInstaller.exe,-101
ObjectName REG_SZ localSystem
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
Type REG_DWORD 0x10
ServiceSidType REG_DWORD 0x1
FailureActions REG_BINARY 84030000000000000000000003000000140000000100
0000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller\Security
Security REG_BINARY 0100148090000000A000000014000000340000000200200001
00000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF
010F0001010000000000051200000000001800FF0102000102000000000005200000002002000000
0014008D010200010100000000000504000000000014008D01020001010000000000050600000001
02000000000005200000002002000001020000000000052000000020020000

C:\Windows\system32>REG QUERY HKU

HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-20
HKEY_USERS\S-1-5-21-866602523-3621846186-975519854-1000
HKEY_USERS\S-1-5-21-866602523-3621846186-975519854-1000_Classes
HKEY_USERS\S-1-5-18

C:\Windows\system32>REG QUERY HKU\S-1-5-20

HKEY_USERS\S-1-5-20\AppEvents
HKEY_USERS\S-1-5-20\Console
HKEY_USERS\S-1-5-20\Control Panel
HKEY_USERS\S-1-5-20\Environment
HKEY_USERS\S-1-5-20\EUDC
HKEY_USERS\S-1-5-20\Keyboard Layout
HKEY_USERS\S-1-5-20\Printers
HKEY_USERS\S-1-5-20\Software

C:\Windows\system32>

Sunday, March 30, 2014 10:42 PM
0

Sign in to vote

That also looks normal.

I'm not sure where to look next :(

Perhaps your event Logs will give us a clue...

Please open Event Viewer

In the left pane, navigate to the Windows Logs

right-click on Applications and select 'Save all events as...' save as Apps.evtx

repeat for the System logs - save as Sys.evtx

Compress both files, and attach to your reply or upload to your favourite fileshare site
(preferably Dropbox or OneDrive/SkyDrive) and post a link in your reply

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Monday, March 31, 2014 6:36 AM

Moderator
0

Sign in to vote

Here you go.

https://onedrive.live.com/redir?resid=A931B3830C775253%21240

Tuesday, April 1, 2014 5:44 AM
0

Sign in to vote

Some interesting errors there - one that particularly concerns me is that you appear to have an IObit Toolbar installed, that won't uninstall.

This implies that you've had/have other IObit software installed. I am NOT a fan of any of their software, and consider most of it poorly-written trash or scareware.

You need to find a way to get rid of this, as the repeated attempts to uninstall it may be getting in the way of system maintenance tasks.

Possibly try Revo Uninstaller - http://www.revouninstaller.com/ - which has some good stuff for this type of problem. I think the trial version will let you do what you need to do.

There are a number of problems with system services - they are going to need some research, so I'll get back to you on them.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Tuesday, April 1, 2014 9:33 AM

Moderator

Answered by:

Validation Error- Windows 7 Home Premium

Question

Answers

All replies