Answered by:
Popup says I may be a victim of counterfiting.

Question
-
Hello,
I have a recent Acer desktop machine that has Windows 7 64bit Professional factory installed. Recently it started complaining that my Windows may be counterfit. I've tried all the fixes I've found in other threads to no avail. Acer Tech Support says the only way to fix it is to reinstall from scratch. I have a considerable amount of licensed development software on this machine that would be difficult to replace so reinstalling needs to be a last resort.
Any help would be appreciated
Diagnostics as follows..........
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.
Error: 0xC0000022Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:17:2012 16:37
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc
HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxdOEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1817
FACP ACRSYS FACP1817
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1817
ASF! LEGEND I865PASF
GSCI ACRSYS GMCHSCI
AWMI ACRSYS OEMB1817
SSDT DpgPmm CpuPmThursday, August 23, 2012 4:49 AM
Answers
-
Got it fixed (I think)....
Sent it back in time with Windows restore,
changed registry permissions
Took ownership of 00000 key
edited configflags to 400
rebooted
activated windows
fixed permissions back
rebooted again
seems to be working!
Thanks soooo much for your help!!!!
- Proposed as answer by Noel D PatonModerator Monday, August 27, 2012 10:28 PM
- Marked as answer by Onscene.Ted Monday, August 27, 2012 10:55 PM
Monday, August 27, 2012 10:14 PM
All replies
-
The error that you have is an 'access denied' error - and often assicated with disk corruption.
Please run a full CHKDSK and SFC scan....
Click on Start > All Programs > Accessories
Right-click on the Command Prompt entry
Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.
At the Command prompt, type
CHKDSK C: /R
and hit the Enter key.
You will be told that the drive is locked,
and the CHKDSK will run at he next boot - hit the Y key, and then reboot.
The chkdsk will take a few hours depending on the size of the drive, so be patient!
After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) - then run the SFC.
SFC -System File Checker - Instructions
Click on Start > All Programs > Accessories
Right-click on the Command Prompt entry
Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.
At the Command prompt, type
SFC /SCANNOW
and hit the Enter key
Wait for the scan to finish - make a note of any error messages - and then reboot.
Post an MGADiag report with details of any error messages encountered.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Thursday, August 23, 2012 8:48 AMModerator -
Hi Noel,
Thanks so much for your help.
I ran the programs as you suggested. Neither found any errors.
After running SFC my system would not run properly. Couldn't connect to the internet, a bunch of services weren't started etc.
I could ping addresses but DNS wasn't working. Used system restore and finally got it to come up normally. (still has the counterfit popups)
The diagnostic after running scans is....
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.
Error: 0xC0000022
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:17:2012 16:37
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc
HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1817
FACP ACRSYS FACP1817
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1817
ASF! LEGEND I865PASF
GSCI ACRSYS GMCHSCI
AWMI ACRSYS OEMB1817
SSDT DpgPmm CpuPm
Thanks!
Ted
Friday, August 24, 2012 7:30 AM -
If SFC claimed 'no errors' and still 'caused' that problem, then I suspect enemy action (malware/virus)
I'd download Windows Defender Offline on a known-clean machine, and create the boot media, the run a scan on the affected machine. http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline/
If/when it comes back clean, download the CheckSUR tool, and run it (after creating a new Restore point! - although it should create one of its own)
Download the CheckSUR tool for your system from http://support.microsoft.com/kb/947821 and run it.
It will say 'Installing' and may appear to hang - but if it has a lot of work to do, it may take a couple of hours so be patient!
Once complete, please upload the CheckSUR.log file to your SkyDrive and post a link to it in your reply, together with a new MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Friday, August 24, 2012 8:02 AMModerator -
Hi Noel,
Thanks again for your help. Attached is the file you requested,
No malware found...
https://dl.dropbox.com/u/4823922/CheckSUR.log
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.
Error: 0xC0000022
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:24:2012 02:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc
HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1817
FACP ACRSYS FACP1817
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1817
ASF! LEGEND I865PASF
GSCI ACRSYS GMCHSCI
AWMI ACRSYS OEMB1817
SSDT DpgPmm CpuPm
Sunday, August 26, 2012 6:41 AM -
CheckSUR found no problems.
I've had some success with similar erors using the following procedurer - it may work for you...
This can result from mistakenly setting the System32 folder and its contents to 'Read Only' status.
To correct this:-
Open Windows Explorer (Computer)
Navigate to the C:\Windows folder
Find the System32 sub-folder and right-click on it
select Properties
Clear the 'blob'
from the 'Read-only (Only applies to files in folder)' box by clicking on it until it's plain white.Click on Apply.
Make sure that the radio button for 'Apply changes to this folder, subfolders and files' is set,
and click OK.Accept the Administrator prompt. After a couple of seconds, you'll be told there is an error - click on the 'Ignore all' button.
Wait for it to finish - it could take a couple of minutes.
OK out, and exit Windows Explorer.
Reboot twice
Post a new MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, August 26, 2012 8:16 AMModerator -
Hi Noel,
Doesn't look like anything changed....
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.
Error: 0xC0000022
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:24:2012 02:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc
HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1817
FACP ACRSYS FACP1817
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1817
ASF! LEGEND I865PASF
GSCI ACRSYS GMCHSCI
AWMI ACRSYS OEMB1817
SSDT DpgPmm CpuPm
Thanks,
Ted
Sunday, August 26, 2012 4:07 PM -
I suppose it was a bit much, hoping for lightning to strike twice in two days :)
we need somehow to work out what is denying access to what, and where.
please open an Elevated Command Prompt, and run the following commands and copy/paste the output to your reponse.
CSCRIPT slmgr.vbs /dlv WSCRIPT slmgr.vbs /dlv REG QUERY HKU ICACLS C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\SoftwareProtectionPlatform /T DIR C:\Windows\ServiceProfiles\NetworkService
Note that the second one will (or at least should) give you a popup rather than a response in the window - just let us know if there's an obvious error message in it.
Please also let us know what your current Anti-Virus is, and what other AV's you've ever had installed on the machine since the last reformat/reinstall.
Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Sunday, August 26, 2012 9:42 PM correct typo
Sunday, August 26, 2012 5:04 PMModerator -
Hi Noel,
Below are the results to the commands you suggested.
As far as AV, I use AVG 2012.0.2193, and PC Tools Threatfire 4.7.0.17
It came with some Symantec AV but it was removed as soon as I got it.
Thanks,
Ted
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>CSCRIPT smlgr.vbs /dlv
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.Input Error: Can not find script file "C:\Windows\system32\smlgr.vbs".
C:\Windows\system32>WSCRIPT slmgr.vbs /dlv
C:\Windows\system32>REG QUERY HKU
HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-20
HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1003
HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1003_Classes
HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1008
HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1008_Classes
HKEY_USERS\S-1-5-18
C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\NetworkService\AppData\Roa
ming\SoftwareProtectionPlatform /T
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
ectionPlatform NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\NETWORK SERVICE:(I)(OI)(CI)(F)
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
ectionPlatform\Cache NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
NT SERVICE\sppsvc:(OI)(CI)(R,W,D)
Everyone:(OI)(CI)(R)
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
ectionPlatform\tokens.dat NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
NT AUTHORITY\NETWORK SERVICE:(I)(F)
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
ectionPlatform\Cache\cache.dat NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
NT SERVICE\sppsvc:(I)(R,W,D)
Everyone:(I)(R)
Successfully processed 4 files; Failed processing 0 files
C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService
Volume in drive C is Acer
Volume Serial Number is A635-731D
Directory of C:\Windows\ServiceProfiles\NetworkService
08/24/2012 02:18 AM <DIR> .
08/24/2012 02:18 AM <DIR> ..
07/13/2009 11:45 PM <DIR> Desktop
07/13/2009 11:45 PM <DIR> Documents
07/13/2009 11:45 PM <DIR> Downloads
07/13/2009 11:45 PM <DIR> Favorites
07/13/2009 11:45 PM <DIR> Links
07/13/2009 11:45 PM <DIR> Music
07/13/2009 11:45 PM <DIR> Pictures
07/13/2009 11:45 PM <DIR> Saved Games
07/13/2009 11:45 PM <DIR> Videos
0 File(s) 0 bytes
11 Dir(s) 161,237,413,888 bytes free
C:\Windows\system32>Sunday, August 26, 2012 9:05 PM -
Not quite a Perfect Storm of AV's - but close.
I don't trust any PCTools program as far as I could write it (which is not at all far).
Norton software is almost as bad as the malware it's supposed to be reventing/removing - and AVG is heading the same way.
You need to run the Norton Removal tool (assuming you haven't already done so) to remove the dregs that even the manufacturer's pre-install leave behind.
You should also undo any Registry editing PCTools has done - then preferably uninstall it and run whatver they may have in the way of a cleanup tool for that.
You may also need to uninstall and reinstall AVG.
Ahah! "Input Error: Can not find script file "C:\Windows\system32\smlgr.vbs"
please run the following commands in an Elevated Command Prompt
SFC /SCANFILE=C:\Windows\System32\slmgr.vbs
CSCRIPT slmgr.vbs /dlv
post the results.
Then reboot and post another MGADiag report.
I can't see the picture you posted - either put it up on your Skydrive and post a link, or describe it (I suspect it says the same thing as the first one?)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Sunday, August 26, 2012 9:41 PM correct repeated typo!!
Sunday, August 26, 2012 9:39 PMModerator -
Please note the corrections made to my last two posts - my dyslexia is bad tonight! (that's my excuse, anyhow)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Sunday, August 26, 2012 9:43 PM
Sunday, August 26, 2012 9:43 PMModerator -
Hi Noel,
Attached are the results of the commands you suggested.
I will uninstall AVG and Threatfire and post thre results.
Thanks,
Ted
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>SFC /SCANFILE=C:\Windows\System32\slmgr.vbs
Windows Resource Protection did not find any integrity violations.
C:\Windows\System32>CSCRIPT slmgr.vbs /dlv
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8
0070426' to display the error text.
Error: 0x80070426
C:\Windows\System32>Sunday, August 26, 2012 10:10 PM -
OK - that is at least consistent with the earlier results :)
Please run the following commands
DIR C:\Windows\ServiceProfiles\NetworkService /AH
DIR C:\Windows\ServiceProfiles\NetworkService /AS
DIR C:\Windows\ServiceProfiles\NetworkService /AR
and post the results (expect two to fail!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, August 26, 2012 10:18 PMModerator -
AVG and threatfire removed....
Norton tool run
Results below...
Thanks,
Ted
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService /AH
Volume in drive C is Acer
Volume Serial Number is A635-731D
Directory of C:\Windows\ServiceProfiles\NetworkService
07/13/2009 11:45 PM <DIR> AppData
08/26/2012 05:20 PM 524,288 NTUSER.DAT
07/14/2009 02:12 AM 1,024 NTUSER.DAT.LOG
08/26/2012 05:20 PM 226,304 NTUSER.DAT.LOG1
07/13/2009 11:45 PM 0 NTUSER.DAT.LOG2
07/14/2009 12:01 AM 65,536 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TM.blf
07/14/2009 12:01 AM 524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TMContainer00000000000000000001.regtrans-ms
07/14/2009 12:01 AM 524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TMContainer00000000000000000002.regtrans-ms
08/26/2012 12:38 AM 65,536 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TM.blf
08/26/2012 12:38 AM 524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/26/2012 12:38 AM 524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
08/07/2012 09:52 PM 65,536 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TM.blf
08/07/2012 09:52 PM 524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/07/2012 09:52 PM 524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
08/24/2012 02:17 AM 65,536 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TM.blf
08/24/2012 02:17 AM 524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/24/2012 02:17 AM 524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
05/19/2012 04:54 PM 65,536 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TM.blf
05/19/2012 04:54 PM 524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
05/19/2012 04:54 PM 524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
19 File(s) 6,322,176 bytes
1 Dir(s) 162,159,702,016 bytes free
C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService /AS
Volume in drive C is Acer
Volume Serial Number is A635-731D
Directory of C:\Windows\ServiceProfiles\NetworkService
08/26/2012 05:20 PM 524,288 NTUSER.DAT
07/14/2009 12:01 AM 65,536 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TM.blf
07/14/2009 12:01 AM 524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TMContainer00000000000000000001.regtrans-ms
07/14/2009 12:01 AM 524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TMContainer00000000000000000002.regtrans-ms
08/26/2012 12:38 AM 65,536 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TM.blf
08/26/2012 12:38 AM 524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/26/2012 12:38 AM 524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
08/07/2012 09:52 PM 65,536 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TM.blf
08/07/2012 09:52 PM 524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/07/2012 09:52 PM 524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
08/24/2012 02:17 AM 65,536 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TM.blf
08/24/2012 02:17 AM 524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/24/2012 02:17 AM 524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
05/19/2012 04:54 PM 65,536 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TM.blf
05/19/2012 04:54 PM 524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
05/19/2012 04:54 PM 524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
16 File(s) 6,094,848 bytes
0 Dir(s) 162,156,388,352 bytes free
C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService /AR
Volume in drive C is Acer
Volume Serial Number is A635-731D
Directory of C:\Windows\ServiceProfiles\NetworkService
07/13/2009 11:45 PM <DIR> Desktop
07/13/2009 11:45 PM <DIR> Documents
07/13/2009 11:45 PM <DIR> Downloads
07/13/2009 11:45 PM <DIR> Favorites
07/13/2009 11:45 PM <DIR> Links
07/13/2009 11:45 PM <DIR> Music
07/13/2009 11:45 PM <DIR> Pictures
07/13/2009 11:45 PM <DIR> Videos
0 File(s) 0 bytes
8 Dir(s) 162,156,351,488 bytes free
C:\Windows\system32>Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
Error: 0x80070426
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:24:2012 02:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc
HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1817
FACP ACRSYS FACP1817
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1817
ASF! LEGEND I865PASF
GSCI ACRSYS GMCHSCI
AWMI ACRSYS OEMB1817
SSDT DpgPmm CpuPm
Sunday, August 26, 2012 10:27 PM -
It's possible that a pair of critical system files have been corrupted, or locked somehow.
Please reboot. Then open a Command Prompt window, and run the following command
DIR C:\Windows\System32\7b*.* /AH
post the results, and the time you rebooted (I need to compare the timestamps)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, August 26, 2012 10:38 PMModerator -
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
Rebooted @ 5:44PM CST
C:\Windows\system32>DIR C:\Windows\System32\7b*.* /AH
Volume in drive C is Acer
Volume Serial Number is A635-731D
Directory of C:\Windows\System32
05/02/2012 05:15 AM 9,920 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0
.C7483456-A289-439d-8115-601632D005A0
05/02/2012 05:15 AM 9,920 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1
.C7483456-A289-439d-8115-601632D005A0
2 File(s) 19,840 bytes
0 Dir(s) 162,136,276,992 bytes free
C:\Windows\system32>Sunday, August 26, 2012 10:47 PM -
There at least is another symptom!
now we need to work out what to do about it.
With any luck, this will work.....
OPen an Elevated COmmand Prompt, and run the following commands
You may be asked to enter your Product Key (from the COA sticker), or to activate - follow the instructionsDEL C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ar DEL C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ar REN %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat tokens.barx
SLUI.EXE
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Sunday, August 26, 2012 11:08 PM correct error
Sunday, August 26, 2012 11:06 PMModerator -
Done but slui.exe doesn't run.
It says "Code 0xc0020012 The interface is unknown
Sunday, August 26, 2012 11:17 PM -
Now my wallpaper is gone and the screen is blackSunday, August 26, 2012 11:22 PM
-
That's par for the course :(
please post a new MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, August 26, 2012 11:35 PMModerator -
Hi Noel,
Diagnostic report says: Failed to create output files, hr=0x80070002, Please contact support.
won't copy anything out.
Thanks,
Ted
Monday, August 27, 2012 2:03 PM -
That's OK - that just means that it couldn't save the files to disk for some reason. It should still have copied the data to the clipboard for pasting purposes.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 2:06 PMModerator -
Here You Go...
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
Error: 0x80070426
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:24:2012 02:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc
HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1817
FACP ACRSYS FACP1817
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1817
ASF! LEGEND I865PASF
GSCI ACRSYS GMCHSCI
AWMI ACRSYS OEMB1817
SSDT DpgPmm CpuPm
Monday, August 27, 2012 2:15 PM -
OK , we'll have to dig deeper then.
Please open Event Viewer, and Export the Windows Applicarion and System logs - zip them up, and upload them to your SkyDrive, then post a link in your reply.
I have a suspicion that we're going to have to resort to a repair install and hope that works. :(
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 2:24 PMModerator -
Event Logs as requested, Thanks!
http://dl.dropbox.com/u/4823922/Logs.zip
Monday, August 27, 2012 3:11 PM -
Interesting - that's something I hadn't actually realised was present in the system - a Software Protection driver! (and it's not loading properly)
Please run the following commands....
DIR C:\Windows\spldr.* /s
ICACLS C:\Windows\spldr.* /T
post the results
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 4:48 PMModerator -
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>DIR C:\Windows\spldr.* /s
Volume in drive C is Acer
Volume Serial Number is A635-731D
Directory of C:\Windows\System32\drivers
07/13/2009 08:45 PM 19,008 spldr.sys
1 File(s) 19,008 bytes
Directory of C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_3
1bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59
07/13/2009 08:45 PM 19,008 spldr.sys
1 File(s) 19,008 bytes
Total Files Listed:
2 File(s) 38,016 bytes
0 Dir(s) 161,259,192,320 bytes free
C:\Windows\system32>ICACLS C:\Windows\spldr.* /T
C:\Windows\CSC\spldr.*: Access is denied.
Successfully processed 0 files; Failed processing 1 files
C:\Windows\system32>Monday, August 27, 2012 5:19 PM -
..I just discovered that your non-genuine problems started way back on 3rd May!
Now why should ICACLS barf on that folder? (which doesn't even exist in my install!)
Let's go direct to the file itself -
ICACLS C:\Windows\System32\drivers\spldr.sys
ATTRIB C:\Windows\System32\drivers\spldr.sys
REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /s
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 5:26 PMModerator -
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>ICACLS C:\Windows\System32\drivers\spldr.sys
C:\Windows\System32\drivers\spldr.sys NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(RX)
NT AUTHORITY\SYSTEM:(RX)
BUILTIN\Users:(RX)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ATTRIB C:\Windows\System32\drivers\spldr.sys
A C:\Windows\System32\drivers\spldr.sys
C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
DisplayName REG_SZ Security Processor Loader Driver
ErrorControl REG_DWORD 0x3
Start REG_DWORD 0x0
Type REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
0 REG_SZ Root\LEGACY_SPLDR\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
C:\Windows\system32>Monday, August 27, 2012 5:32 PM -
The \CSC folder is apparently Offline files - and should not be manipulated manually. Do you use Offline files at all?
http://support.microsoft.com/kb/230738
refers.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 5:35 PMModerator -
Nope, Unless they are part of one of the Visual Studio Dev. Environments or SDKs.Monday, August 27, 2012 5:39 PM
-
You were quicker to come back than I expected! :)
That output looks normal - but the driver still isn't loading
let's have a look at this key...
REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /s
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 5:44 PMModerator -
That was about the time I installed the licensed version of Leadtools Multimedia Toolkit into Visual Studio.
http://www.leadtools.com/sdk/engine/multimedia.htm
I dunno if that has anything to do with it....
Thanks
Monday, August 27, 2012 5:45 PM -
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
DR /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
NextInstance REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
Service REG_SZ spldr
Legacy REG_DWORD 0x1
ConfigFlags REG_DWORD 0x401
Class REG_SZ LegacyDriver
ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}
DeviceDesc REG_SZ Security Processor Loader Driver
Capabilities REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control
C:\Windows\system32>Monday, August 27, 2012 5:48 PM -
The only difference I can see in that output is that the ConfigFlags value has a Data content of 401, rather than the 400 that's present in my systems.
If I change a test system to 401, then I get the C0000022 error, and the 426 error, so it looks like we've found the root of the problem.
If you're comfortable in the registry, do this.
Open Regedit and navigate to the HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR Key
Export it to a reg file for safety!
Now go to the Control subkey and right-click on it
Select Permissions,
Click on Advanced, then the Owner tab
Make sure that Administrators is the owner, and put a tick in the 'Replace owner...' box at the bottom
Click OK once
add Administrators to the Groups or Usernames list, and give them Full permissions
CLICK OK
Now you can change the ConfigFlags entry from 401 to 400 and exit regedit - reboot, and post another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Monday, August 27, 2012 6:12 PM typos
Monday, August 27, 2012 6:10 PMModerator -
It won't let me change it. Says it can't write value. Do you use Team Viewer?
Monday, August 27, 2012 6:24 PM -
In that case you haven't got the permissions right.
Try setting the inheritance switch again.
My 3G connection is dropping out every minute today - it's a nightmare just working the forums let alone doing anything sensible!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 6:50 PMModerator -
Set Inheritances again, Made me owner, All permissions set for full access. It won't let me create or remove keys either. I can elsewhere on the registry.
Monday, August 27, 2012 6:55 PM -
Ouch!
Can you set ineritances on the whole LEGACY_SPLDR Key?
does that enable anything?
What SID's have permissions on the Control subkey? - what permissions do they have?
I'll see if I can come up with a command-line that works (do you have Subinacl installed, by any chance?)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 7:09 PMModerator -
SORRY!!!!
my mind must be going soft after too many hours in front of the screen -
its the '0000' subkey you need to set permissions on!!
(DUH!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 7:15 PMModerator -
Cannot change permissions on the enum key or down. I will install Subinacl if i need to...Monday, August 27, 2012 7:26 PM
-
It is prbably going to be necessary - if I can find a link in the 30 seconds I get before my connection breaks again! ....
http://www.microsoft.com/en-gb/download/details.aspx?id=23510
Now I have to install it in my plaything and work out how best to use it! (I generally avoid it becuse it's not a part of teh OS and is rather too powerful for most users to have on their machines<g>)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 7:41 PMModerator -
If you install it in the default directory it won't work - but it's necessary :)
You can then copy the executable to the C:\Windows\System32 folder, and it'll work!
Once you've done that, please open an Elevated Command prompt window, and run the following commands
subinacl /subkeyreg SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
and you'll get a pageful of data - please copy that to your response.
At least then we can see what we're fighting!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 8:11 PMModerator -
It looks as if the key actually inherits most of its permissions from the
SYSTEM\CurrentControlSet\Enum
key - so a look at the settings there would be a 'good thing'
subinacl /keyreg SYSTEM\CurrentControlSet\Enum
and we may be able to nip this in the bud - it may have Deny settings which take precendence over Allow.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 8:16 PMModerator -
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>subinacl /subkeyreg SYSTEM\CurrentControlSet\Enum\Root\LEGAC
Y_SPLDR
===========================================================================
+KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
===========================================================================
/control=0x1400 SE_DACL_AUTO_INHERITED-0x0400 SE_DACL_PROTECTED-0x1000
/owner =builtin\administrators
/primary group =builtin\administrators
/audit ace count =0
/perm. ace count =3
/pace =onscener-dev01\administrator ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY
-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x
20 DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x8000
0
/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000
/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY
-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x
20 DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x8000
0
================================================================================
+KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
================================================================================
/control=0x400 SE_DACL_AUTO_INHERITED-0x0400
/owner =onscener-dev01\tphillips
/primary group =builtin\administrators
/audit ace count =0
/perm. ace count =6
/pace =onscener-dev01\administrator ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY
-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x
20 DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x8000
0
/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000
/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY
-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x
20 DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x8000
0
/pace =onscener-dev01\administrator ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2 INHERITED_ACE-0x10
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY
-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x
20 DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x8000
0
/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2 INHERITED_ACE-0x10
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000
/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2 INHERITED_ACE-0x10
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY
-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x
20 DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x8000
0
================================================================================
========
+KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\
Control
================================================================================
========
/control=0x400 SE_DACL_AUTO_INHERITED-0x0400
/owner =onscener-dev01\tphillips
/primary group =system
/audit ace count =0
/perm. ace count =3
/pace =onscener-dev01\administrator ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2 INHERITED_ACE-0x10
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY
-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x
20 DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x8000
0
/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2 INHERITED_ACE-0x10
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000
/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2 INHERITED_ACE-0x10
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY
-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x
20 DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x8000
0
Elapsed Time: 00 00:00:00
Done: 3, Modified 0, Failed 0, Syntax errors 0
Last Done : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\
0000\Control
C:\Windows\system32>Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>subinacl /keyreg SYSTEM\CurrentControlSet\Enum
=========================================================
+KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
=========================================================
/control=0x1000 SE_DACL_PROTECTED-0x1000
/owner =builtin\administrators
/primary group =builtin\administrators
/audit ace count =0
/perm. ace count =3
/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY
-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x
20 DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x8000
0
/pace =owner rights ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Special acccess : -Read Control
Detailed Access Flags :
READ_CONTROL-0x20000
/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000
Elapsed Time: 00 00:00:00
Done: 1, Modified 0, Failed 0, Syntax errors 0
Last Done : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
C:\Windows\system32>Monday, August 27, 2012 8:26 PM -
You appear to have set Full access for 'the' Administrator account, rather than the 'Administrators' group - add "Administrators", and you should have access to change the entry,
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Marked as answer by Onscene.Ted Monday, August 27, 2012 10:49 PM
- Unmarked as answer by Onscene.Ted Monday, August 27, 2012 10:55 PM
Monday, August 27, 2012 8:41 PMModerator -
OK, good news is I was able to activate Windows and the license thing appears to be OK,
Bad news is that now I have a bunch of other things hosed up. No network, Services not started, No wallpaper on desktop etc....
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error: T:20120827155859429-
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAACAAAAAIdAAAAAAAAYWECAID6//9Y4bfHloTNAWbXGpOihAOpMHzDmWxsjupSgYWjLbsLEXX7bvj8/IHGcbWJ8J6hk1y9bQqMwC4hrzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBH1GB6gq8+uOZHv0RDQmhdHWd1eTUiNh3rpVTqTDI+nQozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700004-02-1033-7601.0000-2402012
Installation ID: 006273632835511825697580018452079473479481667486157180
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7TP9F
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 8/27/2012 4:12:52 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:27:2012 15:59
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1817
FACP ACRSYS FACP1817
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1817
ASF! LEGEND I865PASF
GSCI ACRSYS GMCHSCI
AWMI ACRSYS OEMB1817
SSDT DpgPmm CpuPm
Monday, August 27, 2012 9:16 PM -
Ouch!
The SPLDR service is a pretty fundamental one - which seems to be making it an either/or thing :(
I can't find any documentation on what the ConfigFlags value actually does, and indeed there's very little to be found on the driver/service itself.
I really cannot advise on which way to go. Perhaps you should set the value back to 401, and ask in the ITPro or MSDN forums if anyone has any idea what the cause/effect is, and take it from there.
If you do that, please post a link to it here so we can track it and see where it goes!
Otherwise, your option is going to be a repair install using retail SP1 media.
Repair install
Download the SP1
Refresh for your language and edition from the links on these pages...Heidoc - Microsoft DR Download links
The links are for downloads from the Digital River servers run for MS, so are about as safe as
you can get :)Once you have it downloaded, you then need to burn the DVD from it - use either the Windows Disk
Image Burner, or (better still) your favourite burning application at the slowest speed possible.Note that you do NOT 'drag and drop' the file to the disk, you must use the 'burn an image' option
from your app - or you'll end up with a useless coaster :)Once you have the disk burnt, check that it boots the (or any other) system OK - but do NOT start
the repair from there - you must start the repair from within a normal Windows boot.Follow the instructions in this tutorial - http://www.sevenforums.com/tutorials/3413-repair-install.html
- and they should help you get through it (it's not as difficult as it looks!)
Always ask questions first if you're unsure - either here, or in sevenforums.
I think we've done about all we can here in terms of fixing the WGA problem - and you have a difficult choice to make.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 10:03 PMModerator -
Got it fixed (I think)....
Sent it back in time with Windows restore,
changed registry permissions
Took ownership of 00000 key
edited configflags to 400
rebooted
activated windows
fixed permissions back
rebooted again
seems to be working!
Thanks soooo much for your help!!!!
- Proposed as answer by Noel D PatonModerator Monday, August 27, 2012 10:28 PM
- Marked as answer by Onscene.Ted Monday, August 27, 2012 10:55 PM
Monday, August 27, 2012 10:14 PM -
WTG!! Well done!
How far back did you take it? - remember you'll have to reinstall any new programs and updates installed since that date.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 10:28 PMModerator -
Thanks! Took it back before I deleted those
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
files and uninstalled my AVG and Threatfire.
What AV do you recommend I install now?
Ted
Monday, August 27, 2012 10:52 PM -
Strange - I wouldn't have expected those to make that much diference..... Ah, the Wonders of Windows.....
Microsoft Security Essentials works fine for me, and should work fine for 99% of people (and the other 1% should probably be locked up anyhow <g>), and best of all, it's free!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 10:59 PMModerator -
Thanks! I really appreciate your help!Monday, August 27, 2012 11:08 PM
-
You're welcome - I learned a lot along the way, also.
Good luck
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, August 27, 2012 11:37 PMModerator