locked
help validation RRS feed

  • Question

  • It sayes I'am validation but  I keep get the message i'm not  please help .                                                          Diagnostic Report (1.9.0019.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0

    Cached Validation Code: N/A
    Windows Product Key: *****-*****-H433H-DJD7Q-DQHK3
    Windows Product Key Hash: r1JAUbn6bFcIIQhCekcQR0palwk=
    Windows Product ID: 76477-OEM-2164384-02109
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {5E7BF8A7-8BB6-4E23-B782-D69467641968}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055]
    File Mismatch: C:\WINDOWS\system32\kernel32.dll[5.1.2600.5781]
    File Mismatch: C:\WINDOWS\system32\advapi32.dll[5.1.2600.5755]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5E7BF8A7-8BB6-4E23-B782-D69467641968}</UGUID><Version>1.9.0019.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQHK3</PKey><PID>76477-OEM-2164384-02109</PID><PIDType>3</PIDType><SID>S-1-5-21-484763869-1770027372-1417001333</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20050509000000.000000+000</Date></BIOS><HWID>CC323B4F0184206C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E0DB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|E0DB:Hewlett-Packard Company|1D840:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A

     

    Saturday, October 13, 2012 5:38 AM

Answers

  • I can't swear this will work, as the time differences are awkward to correct, but we'll give it a go :)

    I've put a small file - regfix.zip on my SkyDrive at https://skydrive.live.com/#cid=936736BB8FCEB92F&id=936736BB8FCEB92F%21516

    Please download it and save it to the desktop

    right-click on the saved file, and select Extract All

    click Next

    Accept the defaults and click Next

    CLick Finish - a windows explorer window should open with one file regfix.reg

    right-click on the file and select Merge - accept the warning, and you should get a 'success' message

    reboot (and cross your fingers)

    Run another MGADiag report, and post that, together with the results from the following commands

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB956572\Filelist\32"

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13"

    Good luck!


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Sunday, October 21, 2012 7:19 PM
    Moderator

All replies

  • You have three file mismatches.

    Please run full CHKDSK and SFC scans

    Click on Start > Run..

    in the box, type CMD and click on 'OK'

    at the prompt, type

    CHKDSK C: /R

    answer 'Y' to the request to run at reboot, hit the Enter key

    reboot - the system will scan, and reboot itself

    once back in Windows

    Click on Start > Run..

    in the box, type

    SFC /SCANNOW

    and click on OK

    You will need to have your XP CD in the CD tray

    Once complete, run a new MGADiag report and post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 14, 2012 11:34 AM
    Moderator
  • I don't have the XP CD  can I do this anyway ?

    Tim Kuzdrowski

    Sunday, October 14, 2012 6:21 PM
  • You can do the CHKDSK, at least.

    It depends on how your machine has been set  up as to whether the SFC will work properly or not, but it's worth trying.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 14, 2012 6:30 PM
    Moderator
  • I did the CHKDSK but I need a XP CD  but back in 07 that was stolen . When I moved to NM I had the computer rebuild and the person who rebuild computer in T OR C NM said I did not need the CD , is there anyway I could buy the CD I need ? MGADiag report
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0

    Cached Validation Code: N/A
    Windows Product Key: *****-*****-H433H-DJD7Q-DQHK3
    Windows Product Key Hash: r1JAUbn6bFcIIQhCekcQR0palwk=
    Windows Product ID: 76477-OEM-2164384-02109
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {5E7BF8A7-8BB6-4E23-B782-D69467641968}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055]
    File Mismatch: C:\WINDOWS\system32\advapi32.dll[5.1.2600.5755]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5E7BF8A7-8BB6-4E23-B782-D69467641968}</UGUID><Version>1.9.0019.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQHK3</PKey><PID>76477-OEM-2164384-02109</PID><PIDType>3</PIDType><SID>S-1-5-21-484763869-1770027372-1417001333</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20050509000000.000000+000</Date></BIOS><HWID>CC323B4F0184206C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E0DB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|E0DB:Hewlett-Packard Company|1D840:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A

     


    Tim Kuzdrowski

    Sunday, October 14, 2012 7:55 PM
  • One of the three errors has gone, at least :)

    Please open a command prompt window and run the following commands....

    DIR C:\Windows\ntdll.dll /s

    DIR C:\Windows\advapi.dll /s

    Post the results, and we'll see if we can do a little manual patching :)

    To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 14, 2012 8:54 PM
    Moderator
  •  Here it is Microsoft(R) Windows DOS
    (C)Copyright Microsoft Corp 1990-2001.

    C:\DOCUME~1\SWC090~1>DIR C:\Windows\ntdll.dll /s
     Volume in drive C has no label.
     Volume Serial Number is 7053-E470

     Directory of C:\Windows\$hf_mig$\KB2393802\SP3QFE

    12/09/2010  09:15 AM           718,336 ntdll.dll
                   1 File(s)        718,336 bytes

     Directory of C:\Windows\$hf_mig$\KB956572\SP3QFE

    02/09/2009  04:56 AM           715,264 ntdll.dll
                   1 File(s)        715,264 bytes

     Directory of C:\Windows\$NtServicePackUninstall$

    08/04/2004  06:00 AM           708,096 ntdll.dll
                   1 File(s)        708,096 bytes

     Directory of C:\Windows\ServicePackFiles\i386

    04/13/2008  06:11 PM           706,048 ntdll.dll
                   1 File(s)        706,048 bytes

     Directory of C:\Windows\system32

    12/09/2010  09:15 AM           718,336 ntdll.dll
                   1 File(s)        718,336 bytes

     Directory of C:\Windows\system32\dllcache

    12/09/2010  09:15 AM           718,336 ntdll.dll
                   1 File(s)        718,336 bytes

         Total Files Listed:
                   6 File(s)      4,284,416 bytes
                   0 Dir(s)  50,693,701,632 bytes free

    C:\DOCUME~1\SWC090~1>IR C:\Windows\advapi.dll /s
    'IR' is not recognized as an internal or external command,
    operable program or batch file.

    C:\DOCUME~1\SWC090~1>
    C:\DOCUME~1\SWC090~1>


    Tim Kuzdrowski

    Sunday, October 14, 2012 9:04 PM
  • Typo in the second command - it should be

    DIR C:\Windows\advapi.dll /s


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 14, 2012 9:09 PM
    Moderator
  • Microsoft(R) Windows DOS
    (C)Copyright Microsoft Corp 1990-2001.

    C:\DOCUME~1\SWC090~1>DIRC:\WINDOWS\ADVAPI.DILL /S
    The filename, directory name, or volume label syntax is incorrect.

    C:\DOCUME~1\SWC090~1>DIR C:\Windows\advapi.dll /s
     Volume in drive C has no label.
     Volume Serial Number is 7053-E470
    File Not Found

    C:\DOCUME~1\SWC090~1>


    Tim Kuzdrowski

    Sunday, October 14, 2012 9:14 PM
  • OOooops -that one's my fault.... Sorry!

    DIR C:\Windows\advapi32.dll /S

    please run that and post the results.

    As far as I can tell, the installed version of the ntdll.dll file is the proper one, which may mean that the associated  registry entries are the problem, rather than the file.

    Let's wait until we get the advapi32.dll results before deciding the next action.

    As far as acquiring a new XP CD, they are getting rare, and MS won't normally supply them. Do you have a friend who may have one?


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 14, 2012 11:26 PM
    Moderator
  • Microsoft(R) Windows DOS
    (C)Copyright Microsoft Corp 1990-2001.

    C:\DOCUME~1\SWC090~1>
    C:\DOCUME~1\SWC090~1>DIR C:\Windows\advapi32.dll /S
     Volume in drive C has no label.
     Volume Serial Number is 7053-E470

     Directory of C:\Windows\$hf_mig$\KB956572\SP3QFE

    02/10/2009  07:26 PM           617,472 advapi32.dll
                   1 File(s)        617,472 bytes

     Directory of C:\Windows\$NtServicePackUninstall$

    08/04/2004  06:00 AM           616,960 advapi32.dll
                   1 File(s)        616,960 bytes

     Directory of C:\Windows\ServicePackFiles\i386

    04/13/2008  06:11 PM           617,472 advapi32.dll
                   1 File(s)        617,472 bytes

     Directory of C:\Windows\system32

    02/09/2009  06:10 AM           617,472 advapi32.dll
                   1 File(s)        617,472 bytes

     Directory of C:\Windows\system32\dllcache

    02/09/2009  06:10 AM           617,472 advapi32.dll
                   1 File(s)        617,472 bytes

         Total Files Listed:
                   5 File(s)      3,086,848 bytes
                   0 Dir(s)  50,693,132,288 bytes free

    C:\DOCUME~1\SWC090~1>


    Tim Kuzdrowski

    Monday, October 15, 2012 12:02 AM
  • This could simply be a failed/mangled install of a single update.

    I'm attempting to replicate the problem - please have patience.:)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, October 15, 2012 8:19 AM
    Moderator
  • any thing

    Tim Kuzdrowski

    Tuesday, October 16, 2012 9:03 PM
  • Sorry - it's been chaotic here today (I've only had time for 3 cups of coffee in 13 hours!)

    You are now top of the pole either later tonight, or first thing in the morning. I gotta eat :)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, October 16, 2012 9:15 PM
    Moderator
  • I'm not having much luck replicating the error - or properly working out what the problem actually is.

    The files in use are

    Directory of C:\Windows\system32

    02/09/2009  06:10 AM           617,472 advapi32.dll

    12/09/2010  09:15 AM           718,336 ntdll.dll

    ...as far as I can work out, they are the correct ones

    There are two possibilities that immediately spring to mind

    1) the registry or log entry which holds the data has been corrupted, with the result that these two files are showing as a mismatch, although they are actually fine

    2) you suffered a virus/malware intrusion which affected these two files, and the AV failed to repair them properly.

    Of these two options, I suspect that the latter is the most likely.

    The question then becomaes - how best to replace/repair them?

    Please run the following commands in a COmmand Prompt window, and post the results

    MD C:\Repairfiles

    COPY C:\Windows\system32\dllcache\advapi32.dll C:\Repairfiles

    COPY C:\Windows\system32\dllcache\ntdll.dll C:\Repairfiles

    ATTRIB -R -S -H C:\Windows\system32\ntdll.dll

    ATTRIB -R -S -H C:\Windows\system32\advapi32.dll

    ATTRIB -R -S -H C:\Windows\system32\dllcache\ntdll.dll

    ATTRIB -R -S -H C:\Windows\system32\dllcache\advapi32.dll

    DIR c:\windows\system32 /AR /S

    CACLS C:\Windows\system32\dllcache\ntdll.dll

    CACLS C:\Windows\system32\dllcache\advapi32.dll

    also, please run a new MGADiag report, and post that.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth



    Wednesday, October 17, 2012 11:25 AM
    Moderator
  • Do I run Them one by one ?

    Tim Kuzdrowski

    Wednesday, October 17, 2012 12:13 PM
  •   Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, October 17, 2012 2:28 PM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>MD C:\Repairfiles

    C:\Documents and Settings\SWC0902243 COMPUTER>COPY C:\Windows\system32\dllcache\
    advapi32.dll C:\Repairfiles
            1 file(s) copied.

    C:\Documents and Settings\SWC0902243 COMPUTER>COPY C:\Windows\system32\dllcache\
    ntdll.dll C:\Repairfiles
            1 file(s) copied.

    C:\Documents and Settings\SWC0902243 COMPUTER>ATTRIB -R -S - H C:\Windows\system
    32\dllcache\ntdll.dll
    Parameter format not correct -

    C:\Documents and Settings\SWC0902243 COMPUTER>ATTRIB -R -S -H C:\Windows\system3
    2\dllcache\advapi32.dll

    C:\Documents and Settings\SWC0902243 COMPUTER>DIR c:\windows\system32 /AR /S
     Volume in drive C has no label.
     Volume Serial Number is 7053-E470

     Directory of c:\windows\system32

    02/24/2009  03:40 PM               749 cdplayer.exe.manifest
    10/15/2012  12:48 PM    <DIR>          dllcache
    08/04/2004  06:00 AM             6,656 KBDAL.DLL
    08/04/2004  06:00 AM             5,632 kbdaze.dll
    08/04/2004  06:00 AM             5,632 kbdazel.dll
    08/04/2004  06:00 AM             5,632 kbdblr.dll
    08/04/2004  06:00 AM             5,632 kbdbu.dll
    08/04/2004  06:00 AM             6,656 kbdcr.dll
    08/04/2004  06:00 AM             7,168 kbdcz.dll
    08/04/2004  06:00 AM             6,656 kbdcz1.dll
    08/04/2004  06:00 AM             6,656 kbdcz2.dll
    08/04/2004  06:00 AM             6,144 kbdest.dll
    08/04/2004  06:00 AM             6,144 kbdgkl.dll
    08/04/2004  06:00 AM             5,632 kbdhe.dll
    08/04/2004  06:00 AM             5,632 kbdhe220.dll
    08/04/2004  06:00 AM             5,632 kbdhe319.dll
    08/04/2004  06:00 AM             6,144 kbdhela2.dll
    08/04/2004  06:00 AM             6,656 kbdhela3.dll
    08/04/2004  06:00 AM             8,192 kbdhept.dll
    08/04/2004  06:00 AM             6,656 kbdhu.dll
    08/04/2004  06:00 AM             5,632 kbdhu1.dll
    08/04/2004  06:00 AM             5,632 kbdkaz.dll
    08/04/2004  06:00 AM             5,632 kbdkyr.dll
    08/04/2004  06:00 AM             5,632 kbdlt.dll
    08/04/2004  06:00 AM             5,632 kbdlt1.dll
    08/04/2004  06:00 AM             6,144 kbdlv.dll
    08/04/2004  06:00 AM             6,144 kbdlv1.dll
    08/04/2004  06:00 AM             5,632 kbdmon.dll
    08/04/2004  06:00 AM             6,656 kbdpl.dll
    08/04/2004  06:00 AM             5,632 kbdpl1.dll
    08/04/2004  06:00 AM             5,632 kbdro.dll
    08/04/2004  06:00 AM             5,632 kbdru.dll
    08/04/2004  06:00 AM             5,632 kbdru1.dll
    08/04/2004  06:00 AM             6,656 kbdsl.dll
    08/04/2004  06:00 AM             6,656 kbdsl1.dll
    08/04/2004  06:00 AM             5,632 kbdtat.dll
    08/04/2004  06:00 AM             6,144 kbdtuf.dll
    08/04/2004  06:00 AM             6,144 kbdtuq.dll
    08/04/2004  06:00 AM             5,632 kbdur.dll
    08/04/2004  06:00 AM             5,632 kbduzb.dll
    08/04/2004  06:00 AM             5,632 kbdycc.dll
    08/04/2004  06:00 AM             6,656 kbdycl.dll
    02/24/2009  03:40 PM               488 logonui.exe.manifest
    02/24/2009  03:40 PM               749 ncpa.cpl.manifest
    02/24/2009  03:40 PM               749 nwc.cpl.manifest
    08/04/2004  06:00 AM            58,273 perfmon.msc
    02/24/2009  03:40 PM               749 sapi.cpl.manifest
    02/24/2009  03:40 PM               488 WindowsLogon.manifest
    02/24/2009  03:40 PM               749 wuaucpl.cpl.manifest
                  48 File(s)        306,194 bytes

     Directory of c:\windows\system32\config\systemprofile

    12/31/2002  06:39 PM    <DIR>          Application Data
    12/31/2002  06:39 PM    <DIR>          Local Settings
    10/19/2011  12:28 PM    <DIR>          Recent
    02/24/2009  03:40 PM    <DIR>          SendTo
    12/31/2002  06:39 PM    <DIR>          Start Menu
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\Application Data

    12/31/2002  06:39 PM    <DIR>          .
    12/31/2002  06:39 PM    <DIR>          ..
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\Local Settings

    12/31/2002  06:39 PM    <DIR>          .
    12/31/2002  06:39 PM    <DIR>          ..
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\Local Settings\Applicatio
    n Data\Google\Custom Buttons

    10/17/2011  11:33 AM             1,946 toolbar.google.com_MXE8GT6B9RBHXCGLZ06L.x
    ml
                   1 File(s)          1,946 bytes

     Directory of c:\windows\system32\config\systemprofile\Local Settings\Temp\._msi
    ge60\LocalAppData\Google\Custom Buttons

    05/17/2011  03:15 AM             1,946 toolbar.google.com_MXE8GT6B9RBHXCGLZ06L.x
    ml
                   1 File(s)          1,946 bytes

     Directory of c:\windows\system32\config\systemprofile\Local Settings\Temp\._msi
    ge61\LocalAppData\Google\Custom Buttons

    10/17/2011  11:33 AM             1,946 toolbar.google.com_MXE8GT6B9RBHXCGLZ06L.x
    ml
                   1 File(s)          1,946 bytes

     Directory of c:\windows\system32\config\systemprofile\Recent

    10/19/2011  12:28 PM    <DIR>          .
    10/19/2011  12:28 PM    <DIR>          ..
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\SendTo

    02/24/2009  03:40 PM    <DIR>          .
    02/24/2009  03:40 PM    <DIR>          ..
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\Start Menu

    12/31/2002  06:39 PM    <DIR>          .
    12/31/2002  06:39 PM    <DIR>          ..
    02/24/2009  03:42 PM    <DIR>          Programs
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\Start Menu\Programs

    02/24/2009  03:42 PM    <DIR>          .
    02/24/2009  03:42 PM    <DIR>          ..
    02/24/2009  03:42 PM    <DIR>          Accessories
    12/31/2002  06:39 PM    <DIR>          Startup
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\Start Menu\Programs\Acces
    sories

    02/24/2009  03:42 PM    <DIR>          .
    02/24/2009  03:42 PM    <DIR>          ..
    02/24/2009  03:42 PM    <DIR>          Accessibility
    02/24/2009  03:42 PM    <DIR>          Entertainment
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\Start Menu\Programs\Acces
    sories\Accessibility

    02/24/2009  03:42 PM    <DIR>          .
    02/24/2009  03:42 PM    <DIR>          ..
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\Start Menu\Programs\Acces
    sories\Entertainment

    02/24/2009  03:42 PM    <DIR>          .
    02/24/2009  03:42 PM    <DIR>          ..
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\Start Menu\Programs\Start
    up

    12/31/2002  06:39 PM    <DIR>          .
    12/31/2002  06:39 PM    <DIR>          ..
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\config\systemprofile\Templates

    08/04/2004  06:00 AM                30 wordpfct.wpd
    08/04/2004  06:00 AM                57 wordpfct.wpg
                   2 File(s)             87 bytes

     Directory of c:\windows\system32\dllcache

    10/15/2012  12:48 PM    <DIR>          .
    10/15/2012  12:48 PM    <DIR>          ..
                   0 File(s)              0 bytes

     Directory of c:\windows\system32\drivers\etc

    04/17/2012  11:05 PM               855 hosts
                   1 File(s)            855 bytes

     Directory of c:\windows\system32\Macromed\Flash

    10/08/2012  03:34 PM         9,641,400 Flash32_11_4_402_287.ocx
                   1 File(s)      9,641,400 bytes

     Directory of c:\windows\system32\Restore

    12/28/2006  01:01 PM            19,569 filelist.xml
                   1 File(s)         19,569 bytes

         Total Files Listed:
                  56 File(s)      9,973,943 bytes
                  33 Dir(s)  50,382,508,032 bytes free

    C:\Documents and Settings\SWC0902243 COMPUTER>CACLS C:\Windows\system32\dllcache
    \ntdll.dll
    C:\Windows\system32\dllcache\ntdll.dll BUILTIN\Administrators:F
                                           NT AUTHORITY\SYSTEM:F
                                           <Account Domain not found>F
                                           BUILTIN\Users:R


    C:\Documents and Settings\SWC0902243 COMPUTER>CACLS C:\Windows\system32\dllcache
    \advapi32.dll
    C:\Windows\system32\dllcache\advapi32.dll BUILTIN\Administrators:F
                                              NT AUTHORITY\SYSTEM:F
                                              <Account Domain not found>F
                                              BUILTIN\Users:R


    C:\Documents and Settings\SWC0902243 COMPUTER>


    Tim Kuzdrowski

    Wednesday, October 17, 2012 5:20 PM
  • The CACLS response is interesting! Unfortunately I don't have a handy XP Home to test so it's going to take a while before I can check that what I want to do is possible!

    If you haven't heard from me in 24hours, shout!


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, October 17, 2012 5:56 PM
    Moderator
  • Looks like my memory isn't as bad as I thought! :)

    Please boot to Safe Mode, and log in to the Administrator account (it has no password by default) -

    Open Windows Explorer, and navigate to the C:\Windows\System32 folder.

    In there, find the 'advapi32.dll' file and right-click on it - select Properties

    Click on the Security tab

    You'll find four entries

    Administrators

    Users

    SYSTEM

    and one other - what is the EXACT name of that other?

    Click on the Version tab - what exact version number is the file?

    close the popup

    Repeat for the ntdll.dll file

    repeat also for the other troublesome file we saw - kernel32.dll

    reboot to Normal mode, and post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, October 18, 2012 8:51 AM
    Moderator
  • what is Safe Mode and  Administrator account ?

    Tim Kuzdrowski

    Thursday, October 18, 2012 1:03 PM
  • To boot to Safe Mode....

    Shut the computer down completely.

    Power on, and start tapping the F8 key about 2 times per second.

    this should bring up the Advanced Boot Menu. (if the machine boots to normal windows, you wiether missed it, or tapped too slowly - start again)

    One of the options in the list there should be Safe Mode.

    take that option.

    When Windows has finished booting, instead of going straight to the desktop, you should be presented with a list of Users - Administrator is usually at the top. Pick that, and wait for the desktop to settle down

    Safe Mode is the only way you can access this account in XP Home, and the only way that you can do the things we need to do.

    You'll see that the background is black, and the video quality poor - don't worry about it, or change it.

    You won't be able to access the internet in this mode, so you'll have to make notes!

    Once done, shut down and reboot as normal.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, October 18, 2012 1:24 PM
    Moderator
  • 'advapi32.dll'  other s-1-5-21-484763869-1770027372-1417001333-1007         version number 5.1.2600.5755

    ntdll.dll file s-1-5-21-484763869-1770027372-1417001333-1007                     version number   5.1.2600.5781

    kernel32.dll  s-1-5-21-484763869-1770027372-1417001333-1007                  version number   5.1.2600.6055


    Tim Kuzdrowski

    Thursday, October 18, 2012 2:09 PM
  • OK - those codes are for a local user on the machine whose account has been deleted, so they are not a problem.

    Compare those version results with the ones from your first report.....

    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055]
    File Mismatch: C:\WINDOWS\system32\kernel32.dll[5.1.2600.5781]
    File Mismatch: C:\WINDOWS\system32\advapi32.dll[5.1.2600.5755]

    This means that the problem is actually in the registry somewhere. (I think!), or that the proper backup files are missing.

    we can check the backup

    In Normal Mode, filnd the three files in the C:\Windows\system32\dllcache folder, and note which version number they are - post the results

    please also run the following command as a check and post the results

    DIR C:\Windows\kernel32.dll /S

    If all those turn out normal, then we'll have to look in the registry for the problem.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, October 18, 2012 2:38 PM
    Moderator
  • This three are all the same .

    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055]
    File Mismatch: C:\WINDOWS\system32\kernel32.dll[5.1.2600.5781]
    File Mismatch: C:\WINDOWS\system32\advapi32.dll[5.1.2600.5755]

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>DIR C:\Windows\kernel32.dll /S
     Volume in drive C has no label.
     Volume Serial Number is 7053-E470

     Directory of C:\Windows\$hf_mig$\KB935839\SP2QFE

    04/16/2007  10:07 AM           986,112 kernel32.dll
                   1 File(s)        986,112 bytes

     Directory of C:\Windows\$hf_mig$\KB959426\SP3QFE

    03/21/2009  07:59 AM           991,744 kernel32.dll
                   1 File(s)        991,744 bytes

     Directory of C:\Windows\$NtServicePackUninstall$

    04/16/2007  09:52 AM           984,576 kernel32.dll
                   1 File(s)        984,576 bytes

     Directory of C:\Windows\ServicePackFiles\i386

    04/13/2008  06:11 PM           989,696 kernel32.dll
                   1 File(s)        989,696 bytes

     Directory of C:\Windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a711
    6f902d9\sp3gdr

    03/21/2009  08:06 AM           989,696 kernel32.dll
                   1 File(s)        989,696 bytes

     Directory of C:\Windows\system32

    03/21/2009  08:06 AM           989,696 kernel32.dll
                   1 File(s)        989,696 bytes

     Directory of C:\Windows\system32\dllcache

    03/21/2009  08:06 AM           989,696 kernel32.dll
                   1 File(s)        989,696 bytes

         Total Files Listed:
                   7 File(s)      6,921,216 bytes
                   0 Dir(s)  51,650,240,512 bytes free

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>


    Tim Kuzdrowski

    Thursday, October 18, 2012 2:54 PM
  • It's going to take me a while to work out what I need - it's likely to be tomorrow before I can get back to you.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, October 18, 2012 3:22 PM
    Moderator
  • I can actually find no reference to at least one of the files in teh registry, in a default install - which possibly insicates that the problem is not, after all there - I'm stumped at the moment as to what is causing this error.

    please copy the C:\Windows\system32\ntdll.dll file to your desktop, and zip it, then upload the zip file to your SkyDrive public folder, and post a link - then I can have a closer look at it and see if it is actually a problem with the file itself.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, October 20, 2012 2:22 PM
    Moderator
  • How do you this ?

    Saturday, October 20, 2012 2:37 PM
  • Let's try it this way....

    Open a Command Prompt window and run the following command

    COPY C:\Windows\System32\ntdll.dll "%USERPROFILE%\My Documents"

    close the window.

    Open My Documents - look for the ntdll.dll file and right-click on it

    Select Sendt To.. > COmpressed (zipped) folder and accept the defaults,

    This creates a ntdll.zip file

    Now upload that to your SkyDrive public folder - www.skydrive.live.com

    While you're in the folder, copy the link in the Address Bar to your response here.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, October 20, 2012 6:04 PM
    Moderator
  • https:// skydrive.live.com/

    Saturday, October 20, 2012 7:40 PM
  • I need the URL from your Address bar - NOT the generic one, as all that does is get me into my own account :)

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, October 20, 2012 8:06 PM
    Moderator
  • https://skydrive.live.com/redir?resid=49E0D8FE6B6117E0!107&authkey=!AFztATEhkWa4M6c
    Saturday, October 20, 2012 8:26 PM
  • Finally managed to get to it :) (connection has been playing up again today)

    That files is - so far as I can tell - exactly right.

    PLease run the following commands

    REG QUERY "SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB239802\Filelist\11"

    REG QUERY "SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB239802\Filelist\13"

    REG QUERY "SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB239802\Filelist\2"

    Copy and post the results.

      Here are some instructions to make life easier :)

    1) To open a Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then Command Prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 21, 2012 12:09 AM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "SOFTWARE\Microsoft\Upda
    tes\Windows XP\SP4\KB239802\Filelist\11"

    Error:  Invalid key name

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "SOFTWARE\Microsoft\Upda
    tes\Windows XP\SP4\KB239802\Filelist\13"

    Error:  Invalid key name

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "SOFTWARE\Microsoft\Upda
    tes\Windows XP\SP4\KB239802\Filelist\2"

    Error:  Invalid key name

    C:\Documents and Settings\SWC0902243 COMPUTER>

    Sunday, October 21, 2012 1:28 AM
  • It's been an even longer day than I thought! - my fault!

    Let's try again....

    PLease run the following commands

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB239802\Filelist\11"

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB239802\Filelist\13"

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB239802\Filelist\2"

    Copy and post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 21, 2012 1:35 AM
    Moderator
  •  This what I got this time                                                                                                                                                       Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB239802\Filelist\11"

    Error:  The system was unable to find the specified registry key or value

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB239802\Filelist\13"

    Error:  The system was unable to find the specified registry key or value

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB239802\Filelist\2"

    Sunday, October 21, 2012 1:47 AM
  • Hmm - so that file version is installed with no entries for it in the Registry?

    (I'm going to have to get some early nights - I still managed to get it wrong someohow!)
    Third time lucky....

    PLease run the following commands

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\11"

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB239802\Filelist\13"

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\2"

    Copy and post the results. (Hopefully this time I managed to do a manual copy right - for some reason my virtual machine for XP Home isn't allowing copy/paste to the host OS)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 21, 2012 9:17 AM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB2393802\Filelist\11"

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\
    11
        FileName    REG_SZ  ntdll.dll
        Version     REG_SZ  5.1.2600.6055
        BuildDate   REG_SZ  Thu Dec 09 08:15:09 2010
        BuildCheckSum       REG_SZ  afd30
        Location    REG_SZ  C:\WINDOWS\system32\DllCache

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB239802\Filelist\13"

    Error:  The system was unable to find the specified registry key or value

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB2393802\Filelist\2

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\
    2
        FileName    REG_SZ  ntdll.dll
        Version     REG_SZ  5.1.2600.6055
        BuildDate   REG_SZ  Thu Dec 09 08:15:09 2010
        BuildCheckSum       REG_SZ  afd30
        Location    REG_SZ  C:\WINDOWS\system32

    C:\Documents and Settings\SWC0902243 COMPUTER>

    Sunday, October 21, 2012 3:14 PM
  • GOTCHA!

    Now to fix it

    While I'm worjing out the best way to do that, please run the following commands so we can check the same problem exists for the other file.

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB956572\Filelist\5"

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB956572\Filelist\32"

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB956572\Filelist\29"


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 21, 2012 3:41 PM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB956572\Filelist\5"

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB956572\Filelist\5

        FileName    REG_SZ  advapi32.dll
        Version     REG_SZ  5.1.2600.5755
        BuildDate   REG_SZ  Mon Feb 09 05:10:48 2009
        BuildCheckSum       REG_SZ  a5bb8
        Location    REG_SZ  C:\WINDOWS\system32

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB956572\Filelist\32"

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB956572\Filelist\3
    2
        FileName    REG_SZ  advapi32.dll
        Version     REG_SZ  5.1.2600.5755
        BuildDate   REG_SZ  Mon Feb 09 03:56:35 2009
        BuildCheckSum       REG_SZ  a1077
        Location    REG_SZ  c:\windows\$hf_mig$\KB956572\SP3QFE

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB956572\Filelist\29"

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB956572\Filelist\2
    9
        FileName    REG_SZ  advapi32.dll
        Version     REG_SZ  5.1.2600.5755
        BuildDate   REG_SZ  Mon Feb 09 05:10:48 2009
        BuildCheckSum       REG_SZ  a5bb8
        Location    REG_SZ  C:\WINDOWS\system32\DllCache

    C:\Documents and Settings\SWC0902243 COMPUTER>

    Sunday, October 21, 2012 5:30 PM
  • GOTCHA! #2 :)

    OK - I'll create a registry file and upload it later.

    FYI, the problems are these.

    1) ntdll.dll - REG QUERY "HKLM\SOFTWARE\Microsoft \Updates\Windows XP\SP4\KB239802\Filelist\13"

                     Error:  The system was unable to find the specified registry key or value

      The full subkey is actually missing from the registry

    2) advapi32.dll - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB956572\Filelist\32 

           BuildDate   REG_SZ  Mon Feb 09 03:56:35 2009

    The system is finding the wrong timestamp and flagging it.

    ....back soon.....

    It shouldn't be difficult to fix :)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 21, 2012 6:45 PM
    Moderator
  • I can't swear this will work, as the time differences are awkward to correct, but we'll give it a go :)

    I've put a small file - regfix.zip on my SkyDrive at https://skydrive.live.com/#cid=936736BB8FCEB92F&id=936736BB8FCEB92F%21516

    Please download it and save it to the desktop

    right-click on the saved file, and select Extract All

    click Next

    Accept the defaults and click Next

    CLick Finish - a windows explorer window should open with one file regfix.reg

    right-click on the file and select Merge - accept the warning, and you should get a 'success' message

    reboot (and cross your fingers)

    Run another MGADiag report, and post that, together with the results from the following commands

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB956572\Filelist\32"

    REG QUERY "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13"

    Good luck!


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Sunday, October 21, 2012 7:19 PM
    Moderator
  • Sorry for the the Delay  here is the  commands results  Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB956572\Filelist\32"

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB956572\Filelist\3
    2
        FileName    REG_SZ  advapi32.dll
        Version     REG_SZ  5.1.2600.5755
        BuildDate   REG_SZ  Mon Feb 09 08:26:35 2009
        BuildCheckSum       REG_SZ  a1077
        Location    REG_SZ  c:\windows\$hf_mig$\KB956572\SP3QFE

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKLM\SOFTWARE\Microsoft
    \Updates\Windows XP\SP4\KB2393802\Filelist\2"

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\
    2
        FileName    REG_SZ  ntdll.dll
        Version     REG_SZ  5.1.2600.6055
        BuildDate   REG_SZ  Thu Dec 09 08:15:09 2010
        BuildCheckSum       REG_SZ  afd30
        Location    REG_SZ  C:\WINDOWS\system32

    C:\Documents and Settings\SWC0902243 COMPUTER>

    I need a link to do a or tell me how to get MGADiag report to do it 

    Wednesday, October 24, 2012 5:02 PM
  • Same place you found it last time and the time before :)


    (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
     Once saved, run the tool.
    Click on the Continue button, which will produce the report.
     To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, October 24, 2012 5:16 PM
    Moderator
  • Sorry I don't know where my mine is Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-H433H-DJD7Q-DQHK3
    Windows Product Key Hash: r1JAUbn6bFcIIQhCekcQR0palwk=
    Windows Product ID: 76477-OEM-2164384-02109
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {5E7BF8A7-8BB6-4E23-B782-D69467641968}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5E7BF8A7-8BB6-4E23-B782-D69467641968}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQHK3</PKey><PID>76477-OEM-2164384-02109</PID><PIDType>3</PIDType><SID>S-1-5-21-484763869-1770027372-1417001333</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20050509000000.000000+000</Date></BIOS><HWID>CC323B4F0184206C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E0DB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|E0DB:Hewlett-Packard Company|1D840:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
    Wednesday, October 24, 2012 5:19 PM
  • It looks like I got one right and one wrong :(

    Please open Windows Explorer, and navigate to teh C:\Windows\System32 folder.

    Find the ntdll.dll file and right-click on it - select properties

    What it the EXACT 'Time modified' in the General tab.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, October 24, 2012 5:59 PM
    Moderator
  • Time modified Thursday, December 09, 2010, 9:15:09 AM
    Wednesday, October 24, 2012 10:02 PM
  • Hmmm - that's right?

    Maybe I'm looking at the wrong one?

    Please do the same for the ntdll.dll file in the following two folders - you will have to enable viewing of hidden files and folders in Windows Explorer (Tools>Options>View)

    c:\windows\$hf_mig$\KB2393802\SP3QFE

    C:\Windows\System32\dllcache


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, October 24, 2012 10:15 PM
    Moderator
  • c:\windows\$hf_mig$\KB2393802\SP3QFE Thursday, December 09, 2010, 9:15:41 AM

    C:\Windows\System32\dllcache       Can't find it 

    Wednesday, October 24, 2012 10:43 PM
  • Sorry - you'll have to enable viewing of Protected Operating System files and folders for that (I forgot that was classified seperately!)

    Once I get that one, I'll hopefully know which I've got wrong and be able to correct it fairly easily :)

    (bedtime for me now!)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, October 24, 2012 11:00 PM
    Moderator
  • C:\Windows\System32\dllcache  10/15/2012 12:48 pm 
    Wednesday, October 24, 2012 11:13 PM
  • That is worrying - the date has changed since we started this thread. We need to check this before doing anything else, as it may mean that your system is infected with a rootkit virus.

    Please run the following command in a Command Prompt window...

    DIR C:\Windows\System32\ntdll.dll /S

    DIR C:\Windows\$hf_mig$\ntdll.dll /S

    post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, October 24, 2012 11:40 PM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>DIR C:\Windows\System32\ntdll.dll
    /S
     Volume in drive C has no label.
     Volume Serial Number is 7053-E470

     Directory of C:\Windows\System32

    12/09/2010  09:15 AM           718,336 ntdll.dll
                   1 File(s)        718,336 bytes

     Directory of C:\Windows\System32\dllcache

    12/09/2010  09:15 AM           718,336 ntdll.dll
                   1 File(s)        718,336 bytes

         Total Files Listed:
                   2 File(s)      1,436,672 bytes
                   0 Dir(s)  50,657,284,096 bytes free

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>DIR C:\Windows\$hf_mig$\ntdll.dll
    /S
     Volume in drive C has no label.
     Volume Serial Number is 7053-E470

     Directory of C:\Windows\$hf_mig$\KB2393802\SP3QFE

    12/09/2010  09:15 AM           718,336 ntdll.dll
                   1 File(s)        718,336 bytes

     Directory of C:\Windows\$hf_mig$\KB956572\SP3QFE

    02/09/2009  04:56 AM           715,264 ntdll.dll
                   1 File(s)        715,264 bytes

         Total Files Listed:
                   2 File(s)      1,433,600 bytes
                   0 Dir(s)  50,657,275,904 bytes free

    C:\Documents and Settings\SWC0902243 COMPUTER>
    Thursday, October 25, 2012 1:14 AM
  • Very odd - please check the system using the following tool...

    http://support.kaspersky.com/faq/?qid=208283363

    follow the instructions carefully.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, October 25, 2012 7:00 AM
    Moderator
  • I ran it  and it said no threats found 
    Thursday, October 25, 2012 2:07 PM
  • anything
    Saturday, October 27, 2012 10:03 PM
  • OMG - Sorry!

    it's too late tonight (and I have a worsening head-cold) so I promise you're head of the queue tomorrow morning.

    Sorry again.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, October 27, 2012 11:30 PM
    Moderator
  • Please open a Command Prompt, and run the following commands

    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_SZ /D "Thu Dec 09 08:15:41 2010"
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    Post the results, then reboot, and run another MGADiag report - post that.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 28, 2012 11:07 AM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>REG ADD "HKEY_LOCAL_MACHINE\SOFTWA
    RE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_S
    Z /D "Thu Dec 09 08:15:41 2010"
    Value BuildDate exists, overwrite(Y/N)? REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\M
    icrosoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    The operation completed successfully

    C:\Documents and Settings\SWC0902243 COMPUTER>
    Sunday, October 28, 2012 1:40 PM
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-H433H-DJD7Q-DQHK3
    Windows Product Key Hash: r1JAUbn6bFcIIQhCekcQR0palwk=
    Windows Product ID: 76477-OEM-2164384-02109
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {5E7BF8A7-8BB6-4E23-B782-D69467641968}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5E7BF8A7-8BB6-4E23-B782-D69467641968}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQHK3</PKey><PID>76477-OEM-2164384-02109</PID><PIDType>3</PIDType><SID>S-1-5-21-484763869-1770027372-1417001333</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20050509000000.000000+000</Date></BIOS><HWID>CC323B4F0184206C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E0DB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|E0DB:Hewlett-Packard Company|1D840:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
    Sunday, October 28, 2012 1:46 PM
  • Hmm - didn't work too well - looks like we need to add a switch......

    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_SZ /D "Thu Dec 09 08:15:41 2010" /F
    
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    Try those and tehn run another MGADiag report.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 28, 2012 7:35 PM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>EG ADD "HKEY_LOCAL_MACHINE\SOFTWAR
    E\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_SZ
     /D "Thu Dec 09 08:15:41 2010" /F
    'EG' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKEY_LOCAL_MACHINE\SOFT
    WARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\
    13
        FileName    REG_SZ  ntdll.dll
        Version     REG_SZ  5.1.2600.6055
        BuildDate   REG_SZ  Thu Dec 09 08:15:09 2010
        BuildCheckSum       REG_SZ  b9ee6
        Location    REG_SZ  c:\windows\$hf_mig$\KB2393802\SP3QFE

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>
    Sunday, October 28, 2012 8:17 PM
  • You missed the first letter off the first command - please try again.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 28, 2012 8:42 PM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>REG ADD "HKEY_LOCAL_MACHINE\SOFTWA
    RE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_S
    Z /D "Thu Dec 09 08:15:41 2010" /F

    The operation completed successfully

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKEY_LOCAL_MACHINE\SOFT
    WARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\
    13
        FileName    REG_SZ  ntdll.dll
        Version     REG_SZ  5.1.2600.6055
        BuildDate   REG_SZ  Thu Dec 09 08:15:41 2010
        BuildCheckSum       REG_SZ  b9ee6
        Location    REG_SZ  c:\windows\$hf_mig$\KB2393802\SP3QFE

    C:\Documents and Settings\SWC0902243 COMPUTER>
    Sunday, October 28, 2012 9:42 PM
  • Good - that's what I hope it should be now - please run another MGADiag report.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, October 28, 2012 10:22 PM
    Moderator
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-H433H-DJD7Q-DQHK3
    Windows Product Key Hash: r1JAUbn6bFcIIQhCekcQR0palwk=
    Windows Product ID: 76477-OEM-2164384-02109
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {5E7BF8A7-8BB6-4E23-B782-D69467641968}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5E7BF8A7-8BB6-4E23-B782-D69467641968}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQHK3</PKey><PID>76477-OEM-2164384-02109</PID><PIDType>3</PIDType><SID>S-1-5-21-484763869-1770027372-1417001333</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20050509000000.000000+000</Date></BIOS><HWID>CC323B4F0184206C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E0DB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|E0DB:Hewlett-Packard Company|1D840:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
    Sunday, October 28, 2012 10:58 PM
  • OK- my allowance of Summer Time was obviously unnecessary.....

    run the following commands

    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_SZ /D "Thu Dec 09 08:15:41 2010" /F
    
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    post the results, and a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, October 29, 2012 7:49 AM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>REG ADD "HKEY_LOCAL_MACHINE\SOFTWA
    RE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_S
    Z /D "Thu Dec 09 08:15:41 2010" /F

    The operation completed successfully

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKEY_LOCAL_MACHINE\SOFT
    WARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\
    13
        FileName    REG_SZ  ntdll.dll
        Version     REG_SZ  5.1.2600.6055
        BuildDate   REG_SZ  Thu Dec 09 08:15:41 2010
        BuildCheckSum       REG_SZ  b9ee6
        Location    REG_SZ  c:\windows\$hf_mig$\KB2393802\SP3QFE

    C:\Documents and Settings\SWC0902243 COMPUTER>

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-H433H-DJD7Q-DQHK3
    Windows Product Key Hash: r1JAUbn6bFcIIQhCekcQR0palwk=
    Windows Product ID: 76477-OEM-2164384-02109
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {5E7BF8A7-8BB6-4E23-B782-D69467641968}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5E7BF8A7-8BB6-4E23-B782-D69467641968}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQHK3</PKey><PID>76477-OEM-2164384-02109</PID><PIDType>3</PIDType><SID>S-1-5-21-484763869-1770027372-1417001333</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20050509000000.000000+000</Date></BIOS><HWID>CC323B4F0184206C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E0DB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|E0DB:Hewlett-Packard Company|1D840:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A

    Monday, October 29, 2012 4:07 PM
  • I hate doing things like that - I must have forgotton to amend the command! (comes of working with a head-cold)

    try this one...

    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_SZ /D "Thu Dec 09 09:15:41 2010" /F
    
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    again, run the commands and post the results, together with an MGADiag report

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Monday, October 29, 2012 4:13 PM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>RE\Microsoft\Updates\Windows XP\SP
    4\KB2393802\Filelist\13" /V BuildDate /T REG_SZ /D "Thu Dec 09 09:15:41 2010" /F

    The system cannot find the path specified.

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKEY_LOCAL_MACHINE\SOFT
    WARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\
    13
        FileName    REG_SZ  ntdll.dll
        Version     REG_SZ  5.1.2600.6055
        BuildDate   REG_SZ  Thu Dec 09 08:15:41 2010
        BuildCheckSum       REG_SZ  b9ee6
        Location    REG_SZ  c:\windows\$hf_mig$\KB2393802\SP3QFE

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-H433H-DJD7Q-DQHK3
    Windows Product Key Hash: r1JAUbn6bFcIIQhCekcQR0palwk=
    Windows Product ID: 76477-OEM-2164384-02109
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {5E7BF8A7-8BB6-4E23-B782-D69467641968}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5E7BF8A7-8BB6-4E23-B782-D69467641968}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQHK3</PKey><PID>76477-OEM-2164384-02109</PID><PIDType>3</PIDType><SID>S-1-5-21-484763869-1770027372-1417001333</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20050509000000.000000+000</Date></BIOS><HWID>CC323B4F0184206C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E0DB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|E0DB:Hewlett-Packard Company|1D840:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
    Monday, October 29, 2012 5:09 PM
  • Sorry (again!) I managed to lose part of teh first command when I posted, and you obviously copied from the email that got sent, rather than from my corrected post.

    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_SZ /D "Thu Dec 09 09:15:41 2010" /F
    
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S 
    please try again.
    (crosses fingers!)

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, October 29, 2012 5:17 PM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>EG ADD "HKEY_LOCAL_MACHINE\SOFTWAR
    E\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_SZ
     /D "Thu Dec 09 09:15:41 2010" /F
    'EG' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKEY_LOCAL_MACHINE\SOFT
    WARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\
    13
        FileName    REG_SZ  ntdll.dll
        Version     REG_SZ  5.1.2600.6055
        BuildDate   REG_SZ  Thu Dec 09 08:15:41 2010
        BuildCheckSum       REG_SZ  b9ee6
        Location    REG_SZ  c:\windows\$hf_mig$\KB2393802\SP3QFE

    C:\Documents and Settings\SWC0902243 COMPUTER>Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-H433H-DJD7Q-DQHK3
    Windows Product Key Hash: r1JAUbn6bFcIIQhCekcQR0palwk=
    Windows Product ID: 76477-OEM-2164384-02109
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {5E7BF8A7-8BB6-4E23-B782-D69467641968}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5E7BF8A7-8BB6-4E23-B782-D69467641968}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQHK3</PKey><PID>76477-OEM-2164384-02109</PID><PIDType>3</PIDType><SID>S-1-5-21-484763869-1770027372-1417001333</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20050509000000.000000+000</Date></BIOS><HWID>CC323B4F0184206C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E0DB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|E0DB:Hewlett-Packard Company|1D840:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
    Monday, October 29, 2012 5:56 PM
  • You managed to lose the first part of the first command that time :)

    Please try again - it sould start 'REG ADD'.......


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, October 29, 2012 6:29 PM
    Moderator
  • I hope I got this time       Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>REG ADD "HKEY_LOCAL_MACHINE\SOFTWA
    RE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /V BuildDate /T REG_S
    Z /D "Thu Dec 09 09:15:41 2010" /F

    The operation completed successfully

    C:\Documents and Settings\SWC0902243 COMPUTER>
    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKEY_LOCAL_MACHINE\SOFT
    WARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\1

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\
    1
        FileName    REG_SZ  ntkrnlpa.exe
        Version     REG_SZ  5.1.2600.6055
        BuildDate   REG_SZ  Thu Dec 09 06:06:55 2010
        BuildCheckSum       REG_SZ  1fa59a
        Location    REG_SZ  C:\WINDOWS\system32

    C:\Documents and Settings\SWC0902243 COMPUTER>

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-H433H-DJD7Q-DQHK3
    Windows Product Key Hash: r1JAUbn6bFcIIQhCekcQR0palwk=
    Windows Product ID: 76477-OEM-2164384-02109
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {5E7BF8A7-8BB6-4E23-B782-D69467641968}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5E7BF8A7-8BB6-4E23-B782-D69467641968}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQHK3</PKey><PID>76477-OEM-2164384-02109</PID><PIDType>3</PIDType><SID>S-1-5-21-484763869-1770027372-1417001333</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20050509000000.000000+000</Date></BIOS><HWID>CC323B4F0184206C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E0DB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|E0DB:Hewlett-Packard Company|1D840:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A

    Monday, October 29, 2012 7:20 PM
  • You got the first one right - but missed the last character off the second (confused the heck out of me for a moment!)

    Please run this and post the result

    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S 


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, October 29, 2012 7:50 PM
    Moderator
  • Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SWC0902243 COMPUTER>REG QUERY "HKEY_LOCAL_MACHINE\SOFT
    WARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\13" /S

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2393802\Filelist\
    13
        FileName    REG_SZ  ntdll.dll
        Version     REG_SZ  5.1.2600.6055
        BuildDate   REG_SZ  Thu Dec 09 09:15:41 2010
        BuildCheckSum       REG_SZ  b9ee6
        Location    REG_SZ  c:\windows\$hf_mig$\KB2393802\SP3QFE

    C:\Documents and Settings\SWC0902243 COMPUTER>
    Monday, October 29, 2012 8:56 PM
  • OK - that looks right.

    I'm a little confused by some of the very early results - please open Windows Explorer and find the file

    C:\Windows\System32\ntdll.dll

    and right-click on it - select Properties

    what is the version number?

    What is the exact date and time of the file modified and created?


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, October 29, 2012 9:23 PM
    Moderator
  • version number 5.1.2600.6055   Created Wednesday, August 04, 2004, 6:00:00 AM  modified Thursday, December 09, 2010, 9:15:09 AM
    Monday, October 29, 2012 9:53 PM
  • That August 4 2004 date is rather strange - it would normally read as being 14 April 2008, I think.

    This may be the reason that the problem still exists.

    I'll see if I can work out a way get the proper file in place for you  - back tomorrow (it's getting late here)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, October 29, 2012 10:10 PM
    Moderator
  • OK - here we go.

    I've uploaded a file goodntdll.zip to my SkyDrive at https://skydrive.live.com/#cid=936736BB8FCEB92F&id=936736BB8FCEB92F%21516 - please download it and save it to your desktop .

    once downloaded, right-click on the file and select Extract all..

    Click Next

    Accept the default destination and click next

    click Finish

    You should get a Windows Explorer window open, with a single file in it - drag it to your desktop.

    Now reboot to Safe Mode.

    Log into your normal account.

    Open Windows Explorer, and navigate to the C:\Windows\System32 folder

    Find the ntdll.dll and rename it to ntdll.dll.old

    Now drag the ntdll.dll file from your desktop into the folder.

    Close Windows Explorer and reboot to Normal Mode.

    Now run another MGADiag report and post it.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, October 30, 2012 12:48 PM
    Moderator
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-H433H-DJD7Q-DQHK3
    Windows Product Key Hash: r1JAUbn6bFcIIQhCekcQR0palwk=
    Windows Product ID: 76477-OEM-2164384-02109
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {5E7BF8A7-8BB6-4E23-B782-D69467641968}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5E7BF8A7-8BB6-4E23-B782-D69467641968}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQHK3</PKey><PID>76477-OEM-2164384-02109</PID><PIDType>3</PIDType><SID>S-1-5-21-484763869-1770027372-1417001333</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20050509000000.000000+000</Date></BIOS><HWID>CC323B4F0184206C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E0DB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|108CB:Compaq Computer Corporation|E0DB:Hewlett-Packard Company|1D840:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
    Tuesday, October 30, 2012 3:52 PM
  • I'm now out of ideas :(

    The only two options left are to

    1) acquire a proper Win XP Home OEM System Builder disk (preferably with SP2 or 3 embedded) and run a other SFC /SCANNOW

    2) Contact MS WGA Support and see if they can help - point them at this thread so they can see what we've done.

    WGA Support can be found here

     

    North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4

     

    Outside North America: http://support.microsoft.com/contactus/?ws=support#tab0

     

    Please let us know if (and how) MS manage to repair the problem without a repair install of the OS - it would be useful for future reference!    


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, October 30, 2012 4:12 PM
    Moderator