Remove From My Forums

Popup says I may be a victim of counterfiting.

Question
0

Sign in to vote

Hello,

I have a recent Acer desktop machine that has Windows 7 64bit Professional factory installed. Recently it started complaining that my Windows may be counterfit. I've tried all the fixes I've found in other threads to no avail. Acer Tech Support says the only way to fix it is to reinstall from scratch. I have a considerable amount of licensed development software on this machine that would be difficult to replace so reinstalling needs to be a last resort.

Any help would be appreciated

Diagnostics as follows..........

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.
Error: 0xC0000022

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:17:2012 16:37
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc

HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC   ACRSYS  APIC1817
FACP   ACRSYS  FACP1817
HPET   ACRSYS  OEMHPET
MCFG   ACRSYS  OEMMCFG
SLIC   ACRSYS  ACRPRDCT
OEMB   ACRSYS  OEMB1817
ASF!   LEGEND  I865PASF
GSCI   ACRSYS  GMCHSCI
AWMI   ACRSYS  OEMB1817
SSDT   DpgPmm  CpuPm

Thursday, August 23, 2012 4:49 AM

Answers

0

Sign in to vote
Got it fixed (I think)....

Sent it back in time with Windows restore,

changed registry permissions

Took ownership of 00000 key

edited configflags to 400

rebooted

activated windows

fixed permissions back

rebooted again

seems to be working!

Thanks soooo much for your help!!!!
- Proposed as answer by Noel D PatonModerator Monday, August 27, 2012 10:28 PM
- Marked as answer by Onscene.Ted Monday, August 27, 2012 10:55 PM
Monday, August 27, 2012 10:14 PM

All replies

0

Sign in to vote

The error that you have is an 'access denied' error - and often assicated with disk corruption.

Please run a full CHKDSK and SFC scan....

Click on Start > All Programs > Accessories

Right-click on the Command Prompt entry

Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

At the Command prompt, type

CHKDSK C: /R

and hit the Enter key.

You will be told that the drive is locked,

and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

The chkdsk will take a few hours depending on the size of the drive, so be patient!

After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) - then run the SFC.

SFC -System File Checker - Instructions

Click on Start > All Programs > Accessories

Right-click on the Command Prompt entry

Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

At the Command prompt, type

SFC /SCANNOW

and hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.

Post an MGADiag report with details of any error messages encountered.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Thursday, August 23, 2012 8:48 AM

Moderator
0

Sign in to vote

Hi Noel,

Thanks so much for your help.

I ran the programs as you suggested. Neither found any errors.

After running SFC my system would not run properly. Couldn't connect to the internet, a bunch of services weren't started etc.

I could ping addresses but DNS wasn't working. Used system restore and finally got it to come up normally. (still has the counterfit popups)

The diagnostic after running scans is....

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0x8004FE21

Cached Online Validation Code: N/A, hr = 0xc0000022

Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F

Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=

Windows Product ID: 00371-OEM-8992671-00004

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.1.7601.2.00010100.1.0.048

ID: {DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}(3)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Professional

Architecture: 0x00000009

Build lab: 7601.win7sp1_gdr.120330-1504

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Prompt

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.

Error: 0xC0000022

Windows Activation Technologies-->

HrOffline: 0x8004FE21

HrOnline: N/A

HealthStatus: 0x0001000000000000

Event Time Stamp: 8:17:2012 16:37

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

Tampered Service: sppsvc

HWID Data-->

HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20001

OEMID and OEMTableID Consistent: yes

BIOS Information:

ACPI Table Name           OEMID Value     OEMTableID Value

APIC                                    ACRSYS                 APIC1817

FACP                                   ACRSYS                 FACP1817

HPET                                    ACRSYS                 OEMHPET

MCFG                                 ACRSYS                 OEMMCFG

SLIC                                      ACRSYS                 ACRPRDCT

OEMB                                 ACRSYS                 OEMB1817

ASF!                                     LEGEND                                I865PASF

GSCI                                    ACRSYS                 GMCHSCI

AWMI                                 ACRSYS                 OEMB1817

SSDT                                    DpgPmm                             CpuPm

Thanks!

Ted

Friday, August 24, 2012 7:30 AM
0

Sign in to vote

If SFC claimed 'no errors' and still 'caused' that problem, then I suspect enemy action (malware/virus)

I'd download Windows Defender Offline on a known-clean machine, and create the boot media, the run a scan on the affected machine. http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline/

If/when it comes back clean, download the CheckSUR tool, and run it (after creating a new Restore point! - although it should create one of its own)

Download the CheckSUR tool for your system from http://support.microsoft.com/kb/947821 and run it.

It will say 'Installing' and may appear to hang - but if it has a lot of work to do, it may take a couple of hours so be patient!

Once complete, please upload the CheckSUR.log file to your SkyDrive and post a link to it in your reply, together with a new MGADiag report.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Friday, August 24, 2012 8:02 AM

Moderator
0

Sign in to vote

Hi Noel,

Thanks again for your help. Attached is the file you requested,

No malware found...

https://dl.dropbox.com/u/4823922/CheckSUR.log

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.
Error: 0xC0000022

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:24:2012 02:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc

HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name   OEMID Value   OEMTableID Value
APIC           ACRSYS       APIC1817
FACP           ACRSYS       FACP1817
HPET           ACRSYS       OEMHPET
MCFG           ACRSYS       OEMMCFG
SLIC           ACRSYS       ACRPRDCT
OEMB           ACRSYS       OEMB1817
ASF!           LEGEND       I865PASF
GSCI           ACRSYS       GMCHSCI
AWMI           ACRSYS       OEMB1817
SSDT           DpgPmm       CpuPm

Sunday, August 26, 2012 6:41 AM
0

Sign in to vote

CheckSUR found no problems.

I've had some success with similar erors using the following procedurer - it may work for you...

This can result from mistakenly setting the System32 folder and its contents to 'Read Only' status.

To correct this:-

Open Windows Explorer (Computer)

Navigate to the C:\Windows folder

Find the System32 sub-folder and right-click on it

select Properties

Clear the 'blob'
from the 'Read-only (Only applies to files in folder)' box by clicking on it until it's plain white.

Click on Apply.

Make sure that the radio button for 'Apply changes to this folder, subfolders and files' is set,
and click OK.

Accept the Administrator prompt. After a couple of seconds, you'll be told there is an error - click on the 'Ignore all' button.

Wait for it to finish - it could take a couple of minutes.

OK out, and exit Windows Explorer.

Reboot twice

Post a new MGADiag report.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Sunday, August 26, 2012 8:16 AM

Moderator
0

Sign in to vote

Hi Noel,

Doesn't look like anything changed....

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.
Error: 0xC0000022

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:24:2012 02:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc

HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name   OEMID Value   OEMTableID Value
APIC           ACRSYS       APIC1817
FACP           ACRSYS       FACP1817
HPET           ACRSYS       OEMHPET
MCFG           ACRSYS       OEMMCFG
SLIC           ACRSYS       ACRPRDCT
OEMB           ACRSYS       OEMB1817
ASF!           LEGEND       I865PASF
GSCI           ACRSYS       GMCHSCI
AWMI           ACRSYS       OEMB1817
SSDT           DpgPmm       CpuPm

Thanks,

Ted

Sunday, August 26, 2012 4:07 PM
0

Sign in to vote
I suppose it was a bit much, hoping for lightning to strike twice in two days :)

we need somehow to work out what is denying access to what, and where.

please open an Elevated Command Prompt, and run the following commands and copy/paste the output to your reponse.

CSCRIPT slmgr.vbs /dlv WSCRIPT slmgr.vbs /dlv REG QUERY HKU ICACLS C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\SoftwareProtectionPlatform /T DIR C:\Windows\ServiceProfiles\NetworkService

Note that the second one will (or at least should) give you a popup rather than a response in the window - just let us know if there's an obvious error message in it.

Please also let us know what your current Anti-Virus is, and what other AV's you've ever had installed on the machine since the last reformat/reinstall.

Here are some instructions to make life easier :)

1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.

2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.

3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Sunday, August 26, 2012 9:42 PM correct typo
Sunday, August 26, 2012 5:04 PM

Moderator
0

Sign in to vote

Hi Noel,

Below are the results to the commands you suggested.

As far as AV, I use AVG 2012.0.2193, and PC Tools Threatfire 4.7.0.17

It came with some Symantec AV but it was removed as soon as I got it.

Thanks,

Ted

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>CSCRIPT smlgr.vbs /dlv
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

Input Error: Can not find script file "C:\Windows\system32\smlgr.vbs".

C:\Windows\system32>WSCRIPT slmgr.vbs /dlv

C:\Windows\system32>REG QUERY HKU

HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-20
HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1003
HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1003_Classes
HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1008
HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1008_Classes
HKEY_USERS\S-1-5-18

C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\NetworkService\AppData\Roa
ming\SoftwareProtectionPlatform /T
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
ectionPlatform NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)

               BUILTIN\Administrators:(I)(OI)(CI)(F)

               NT AUTHORITY\NETWORK SERVICE:(I)(OI)(CI)(F)

C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
ectionPlatform\Cache NT AUTHORITY\SYSTEM:(OI)(CI)(F)

                     BUILTIN\Administrators:(OI)(CI)(F)

                     NT SERVICE\sppsvc:(OI)(CI)(R,W,D)

                     Everyone:(OI)(CI)(R)

C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
ectionPlatform\tokens.dat NT AUTHORITY\SYSTEM:(I)(F)

                          BUILTIN\Administrators:(I)(F)

                          NT AUTHORITY\NETWORK SERVICE:(I)(F)

C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
ectionPlatform\Cache\cache.dat NT AUTHORITY\SYSTEM:(I)(F)

                               BUILTIN\Administrators:(I)(F)

                               NT SERVICE\sppsvc:(I)(R,W,D)

                               Everyone:(I)(R)

Successfully processed 4 files; Failed processing 0 files

C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService
Volume in drive C is Acer
Volume Serial Number is A635-731D

Directory of C:\Windows\ServiceProfiles\NetworkService

08/24/2012 02:18 AM    <DIR>          .
08/24/2012 02:18 AM    <DIR>          ..
07/13/2009 11:45 PM    <DIR>          Desktop
07/13/2009 11:45 PM    <DIR>          Documents
07/13/2009 11:45 PM    <DIR>          Downloads
07/13/2009 11:45 PM    <DIR>          Favorites
07/13/2009 11:45 PM    <DIR>          Links
07/13/2009 11:45 PM    <DIR>          Music
07/13/2009 11:45 PM    <DIR>          Pictures
07/13/2009 11:45 PM    <DIR>          Saved Games
07/13/2009 11:45 PM    <DIR>          Videos
               0 File(s)              0 bytes
              11 Dir(s) 161,237,413,888 bytes free

C:\Windows\system32>

Sunday, August 26, 2012 9:05 PM
0

Sign in to vote
Not quite a Perfect Storm of AV's - but close.

I don't trust any PCTools program as far as I could write it (which is not at all far).

Norton software is almost as bad as the malware it's supposed to be reventing/removing - and AVG is heading the same way.

You need to run the Norton Removal tool (assuming you haven't already done so) to remove the dregs that even the manufacturer's pre-install leave behind.

You should also undo any Registry editing PCTools has done - then preferably uninstall it and run whatver they may have in the way of a cleanup tool for that.

You may also need to uninstall and reinstall AVG.

Ahah! "Input Error: Can not find script file "C:\Windows\system32\smlgr.vbs"

please run the following commands in an Elevated Command Prompt

SFC /SCANFILE=C:\Windows\System32\slmgr.vbs

CSCRIPT slmgr.vbs /dlv

post the results.

Then reboot and post another MGADiag report.

I can't see the picture you posted - either put it up on your Skydrive and post a link, or describe it (I suspect it says the same thing as the first one?)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Sunday, August 26, 2012 9:41 PM correct repeated typo!!
Sunday, August 26, 2012 9:39 PM

Moderator
0

Sign in to vote
Please note the corrections made to my last two posts - my dyslexia is bad tonight! (that's my excuse, anyhow)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Sunday, August 26, 2012 9:43 PM
Sunday, August 26, 2012 9:43 PM

Moderator
0

Sign in to vote

Hi Noel,

Attached are the results of the commands you suggested.

I will uninstall AVG and Threatfire and post thre results.

Thanks,

Ted

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>SFC /SCANFILE=C:\Windows\System32\slmgr.vbs

Windows Resource Protection did not find any integrity violations.

C:\Windows\System32>CSCRIPT slmgr.vbs /dlv
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8
0070426' to display the error text.
Error: 0x80070426

C:\Windows\System32>

Sunday, August 26, 2012 10:10 PM
0

Sign in to vote

OK - that is at least consistent with the earlier results :)

Please run the following commands

DIR C:\Windows\ServiceProfiles\NetworkService /AH

DIR C:\Windows\ServiceProfiles\NetworkService /AS

DIR C:\Windows\ServiceProfiles\NetworkService /AR

and post the results (expect two to fail!)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Sunday, August 26, 2012 10:18 PM

Moderator
0

Sign in to vote

AVG and threatfire removed....

Norton tool run

Results below...

Thanks,

Ted

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService /AH
Volume in drive C is Acer
Volume Serial Number is A635-731D

Directory of C:\Windows\ServiceProfiles\NetworkService

07/13/2009 11:45 PM    <DIR>          AppData
08/26/2012 05:20 PM           524,288 NTUSER.DAT
07/14/2009 02:12 AM             1,024 NTUSER.DAT.LOG
08/26/2012 05:20 PM           226,304 NTUSER.DAT.LOG1
07/13/2009 11:45 PM                 0 NTUSER.DAT.LOG2
07/14/2009 12:01 AM            65,536 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TM.blf
07/14/2009 12:01 AM           524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TMContainer00000000000000000001.regtrans-ms
07/14/2009 12:01 AM           524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TMContainer00000000000000000002.regtrans-ms
08/26/2012 12:38 AM            65,536 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TM.blf
08/26/2012 12:38 AM           524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/26/2012 12:38 AM           524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
08/07/2012 09:52 PM            65,536 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TM.blf
08/07/2012 09:52 PM           524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/07/2012 09:52 PM           524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
08/24/2012 02:17 AM            65,536 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TM.blf
08/24/2012 02:17 AM           524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/24/2012 02:17 AM           524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
05/19/2012 04:54 PM            65,536 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TM.blf
05/19/2012 04:54 PM           524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
05/19/2012 04:54 PM           524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
              19 File(s)      6,322,176 bytes
               1 Dir(s) 162,159,702,016 bytes free

C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService /AS
Volume in drive C is Acer
Volume Serial Number is A635-731D

Directory of C:\Windows\ServiceProfiles\NetworkService

08/26/2012 05:20 PM           524,288 NTUSER.DAT
07/14/2009 12:01 AM            65,536 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TM.blf
07/14/2009 12:01 AM           524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TMContainer00000000000000000001.regtrans-ms
07/14/2009 12:01 AM           524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
cde3ec}.TMContainer00000000000000000002.regtrans-ms
08/26/2012 12:38 AM            65,536 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TM.blf
08/26/2012 12:38 AM           524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/26/2012 12:38 AM           524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
08/07/2012 09:52 PM            65,536 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TM.blf
08/07/2012 09:52 PM           524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/07/2012 09:52 PM           524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
08/24/2012 02:17 AM            65,536 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TM.blf
08/24/2012 02:17 AM           524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
08/24/2012 02:17 AM           524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
05/19/2012 04:54 PM            65,536 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TM.blf
05/19/2012 04:54 PM           524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TMContainer00000000000000000001.regtrans-ms
05/19/2012 04:54 PM           524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
c165d2}.TMContainer00000000000000000002.regtrans-ms
              16 File(s)      6,094,848 bytes
               0 Dir(s) 162,156,388,352 bytes free

C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService /AR
Volume in drive C is Acer
Volume Serial Number is A635-731D

Directory of C:\Windows\ServiceProfiles\NetworkService

07/13/2009 11:45 PM    <DIR>          Desktop
07/13/2009 11:45 PM    <DIR>          Documents
07/13/2009 11:45 PM    <DIR>          Downloads
07/13/2009 11:45 PM    <DIR>          Favorites
07/13/2009 11:45 PM    <DIR>          Links
07/13/2009 11:45 PM    <DIR>          Music
07/13/2009 11:45 PM    <DIR>          Pictures
07/13/2009 11:45 PM    <DIR>          Videos
               0 File(s)              0 bytes
               8 Dir(s) 162,156,351,488 bytes free

C:\Windows\system32>

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
Error: 0x80070426

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:24:2012 02:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc

HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name   OEMID Value   OEMTableID Value
APIC           ACRSYS       APIC1817
FACP           ACRSYS       FACP1817
HPET           ACRSYS       OEMHPET
MCFG           ACRSYS       OEMMCFG
SLIC           ACRSYS       ACRPRDCT
OEMB           ACRSYS       OEMB1817
ASF!           LEGEND       I865PASF
GSCI           ACRSYS       GMCHSCI
AWMI           ACRSYS       OEMB1817
SSDT           DpgPmm       CpuPm

Sunday, August 26, 2012 10:27 PM
0

Sign in to vote

It's possible that a pair of critical system files have been corrupted, or locked somehow.

Please reboot. Then open a Command Prompt window, and run the following command

DIR C:\Windows\System32\7b*.* /AH

post the results, and the time you rebooted (I need to compare the timestamps)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Sunday, August 26, 2012 10:38 PM

Moderator
0

Sign in to vote

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

Rebooted @ 5:44PM CST

C:\Windows\system32>DIR C:\Windows\System32\7b*.* /AH
Volume in drive C is Acer
Volume Serial Number is A635-731D

Directory of C:\Windows\System32

05/02/2012 05:15 AM             9,920 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0
.C7483456-A289-439d-8115-601632D005A0
05/02/2012 05:15 AM             9,920 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1
.C7483456-A289-439d-8115-601632D005A0
               2 File(s)         19,840 bytes
               0 Dir(s) 162,136,276,992 bytes free

C:\Windows\system32>

Sunday, August 26, 2012 10:47 PM
0

Sign in to vote
There at least is another symptom!

now we need to work out what to do about it.

With any luck, this will work.....

OPen an Elevated COmmand Prompt, and run the following commands

DEL C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ar DEL C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ar REN %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat tokens.barx
SLUI.EXE
You may be asked to enter your Product Key (from the COA sticker), or to activate - follow the instructions

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Sunday, August 26, 2012 11:08 PM correct error
Sunday, August 26, 2012 11:06 PM

Moderator
0

Sign in to vote

Done but slui.exe doesn't run.

It says "Code 0xc0020012 The interface is unknown

Sunday, August 26, 2012 11:17 PM
0

Sign in to vote

Now my wallpaper is gone and the screen is black

Sunday, August 26, 2012 11:22 PM
0

Sign in to vote

That's par for the course :(

please post a new MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Sunday, August 26, 2012 11:35 PM

Moderator
0

Sign in to vote

Hi Noel,

Diagnostic report says: Failed to create output files, hr=0x80070002, Please contact support.

won't copy anything out.

Thanks,

Ted

Monday, August 27, 2012 2:03 PM
0

Sign in to vote

That's OK - that just means that it couldn't save the files to disk for some reason. It should still have copied the data to the clipboard for pasting purposes.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 2:06 PM

Moderator
0

Sign in to vote

Here You Go...

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
Error: 0x80070426

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0001000000000000
Event Time Stamp: 8:24:2012 02:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered Service: sppsvc

HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name   OEMID Value   OEMTableID Value
APIC           ACRSYS       APIC1817
FACP           ACRSYS       FACP1817
HPET           ACRSYS       OEMHPET
MCFG           ACRSYS       OEMMCFG
SLIC           ACRSYS       ACRPRDCT
OEMB           ACRSYS       OEMB1817
ASF!           LEGEND       I865PASF
GSCI           ACRSYS       GMCHSCI
AWMI           ACRSYS       OEMB1817
SSDT           DpgPmm       CpuPm

Monday, August 27, 2012 2:15 PM
0

Sign in to vote

OK , we'll have to dig deeper then.

Please open Event Viewer, and Export the Windows Applicarion and System logs - zip them up, and upload them to your SkyDrive, then post a link in your reply.

I have a suspicion that we're going to have to resort to a repair install and hope that works. :(

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 2:24 PM

Moderator
0

Sign in to vote

Event Logs as requested, Thanks!

http://dl.dropbox.com/u/4823922/Logs.zip

Monday, August 27, 2012 3:11 PM
0

Sign in to vote

Interesting - that's something I hadn't actually realised was present in the system - a Software Protection driver! (and it's not loading properly)

Please run the following commands....

DIR C:\Windows\spldr.* /s

ICACLS C:\Windows\spldr.* /T

post the results
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 4:48 PM

Moderator
0

Sign in to vote

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>DIR C:\Windows\spldr.* /s
Volume in drive C is Acer
Volume Serial Number is A635-731D

Directory of C:\Windows\System32\drivers

07/13/2009 08:45 PM            19,008 spldr.sys
               1 File(s)         19,008 bytes

Directory of C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_3
1bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59

07/13/2009 08:45 PM            19,008 spldr.sys
               1 File(s)         19,008 bytes

     Total Files Listed:
               2 File(s)         38,016 bytes
               0 Dir(s) 161,259,192,320 bytes free

C:\Windows\system32>ICACLS C:\Windows\spldr.* /T
C:\Windows\CSC\spldr.*: Access is denied.
Successfully processed 0 files; Failed processing 1 files

C:\Windows\system32>

Monday, August 27, 2012 5:19 PM
0

Sign in to vote

..I just discovered that your non-genuine problems started way back on 3rd May!

Now why should ICACLS barf on that folder? (which doesn't even exist in my install!)

Let's go direct to the file itself -

ICACLS C:\Windows\System32\drivers\spldr.sys

ATTRIB C:\Windows\System32\drivers\spldr.sys

REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /s

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 5:26 PM

Moderator
0

Sign in to vote

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ICACLS C:\Windows\System32\drivers\spldr.sys
C:\Windows\System32\drivers\spldr.sys NT SERVICE\TrustedInstaller:(F)
                                      BUILTIN\Administrators:(RX)
                                      NT AUTHORITY\SYSTEM:(RX)
                                      BUILTIN\Users:(RX)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ATTRIB C:\Windows\System32\drivers\spldr.sys
A            C:\Windows\System32\drivers\spldr.sys

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /s

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
    DisplayName    REG_SZ    Security Processor Loader Driver
    ErrorControl    REG_DWORD    0x3
    Start    REG_DWORD    0x0
    Type    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
    0    REG_SZ    Root\LEGACY_SPLDR\0000
    Count    REG_DWORD    0x1
    NextInstance    REG_DWORD    0x1

C:\Windows\system32>

Monday, August 27, 2012 5:32 PM
0

Sign in to vote

The \CSC folder is apparently Offline files - and should not be manipulated manually. Do you use Offline files at all?

http://support.microsoft.com/kb/230738

refers.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 5:35 PM

Moderator
0

Sign in to vote

Nope, Unless they are part of one of the Visual Studio Dev. Environments or SDKs.

Monday, August 27, 2012 5:39 PM
0

Sign in to vote

You were quicker to come back than I expected! :)

That output looks normal - but the driver still isn't loading

let's have a look at this key...

REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /s
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 5:44 PM

Moderator
0

Sign in to vote

That was about the time I installed the licensed version of Leadtools Multimedia Toolkit into Visual Studio.

http://www.leadtools.com/sdk/engine/multimedia.htm

I dunno if that has anything to do with it....

Thanks

Monday, August 27, 2012 5:45 PM
0

Sign in to vote

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
DR /s

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
    NextInstance    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
    Service    REG_SZ    spldr
    Legacy    REG_DWORD    0x1
    ConfigFlags    REG_DWORD    0x401
    Class    REG_SZ    LegacyDriver
    ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
    DeviceDesc    REG_SZ    Security Processor Loader Driver
    Capabilities    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control

C:\Windows\system32>

Monday, August 27, 2012 5:48 PM
0

Sign in to vote
The only difference I can see in that output is that the ConfigFlags value has a Data content of 401, rather than the 400 that's present in my systems.

If I change a test system to 401, then I get the C0000022 error, and the 426 error, so it looks like we've found the root of the problem.

If you're comfortable in the registry, do this.

Open Regedit and navigate to the HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR Key

Export it to a reg file for safety!

Now go to the Control subkey and right-click on it

Select Permissions,

Click on Advanced, then the Owner tab

Make sure that Administrators is the owner, and put a tick in the 'Replace owner...' box at the bottom

Click OK once

add Administrators to the Groups or Usernames list, and give them Full permissions

CLICK OK

Now you can change the ConfigFlags entry from 401 to 400 and exit regedit - reboot, and post another MGADiag report.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Monday, August 27, 2012 6:12 PM typos
Monday, August 27, 2012 6:10 PM

Moderator
0

Sign in to vote

It won't let me change it. Says it can't write value. Do you use Team Viewer?

Monday, August 27, 2012 6:24 PM
0

Sign in to vote

In that case you haven't got the permissions right.

Try setting the inheritance switch again.

My 3G connection is dropping out every minute today - it's a nightmare just working the forums let alone doing anything sensible!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 6:50 PM

Moderator
0

Sign in to vote

Set Inheritances again, Made me owner, All permissions set for full access. It won't let me create or remove keys either. I can elsewhere on the registry.

Monday, August 27, 2012 6:55 PM
0

Sign in to vote

Ouch!

Can you set ineritances on the whole LEGACY_SPLDR Key?

does that enable anything?

What SID's have permissions on the Control subkey? - what permissions do they have?

I'll see if I can come up with a command-line that works (do you have Subinacl installed, by any chance?)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 7:09 PM

Moderator
0

Sign in to vote

SORRY!!!!

my mind must be going soft after too many hours in front of the screen -

its the '0000' subkey you need to set permissions on!!

(DUH!)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 7:15 PM

Moderator
0

Sign in to vote

Cannot change permissions on the enum key or down. I will install Subinacl if i need to...

Monday, August 27, 2012 7:26 PM
0

Sign in to vote

It is prbably going to be necessary - if I can find a link in the 30 seconds I get before my connection breaks again! ....

http://www.microsoft.com/en-gb/download/details.aspx?id=23510

Now I have to install it in my plaything and work out how best to use it! (I generally avoid it becuse it's not a part of teh OS and is rather too powerful for most users to have on their machines<g>)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 7:41 PM

Moderator
0

Sign in to vote

If you install it in the default directory it won't work - but it's necessary :)

You can then copy the executable to the C:\Windows\System32 folder, and it'll work!

Once you've done that, please open an Elevated Command prompt window, and run the following commands

subinacl /subkeyreg SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR

and you'll get a pageful of data - please copy that to your response.

At least then we can see what we're fighting!

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 8:11 PM

Moderator
0

Sign in to vote

It looks as if the key actually inherits most of its permissions from the

SYSTEM\CurrentControlSet\Enum

key - so a look at the settings there would be a 'good thing'

subinacl /keyreg SYSTEM\CurrentControlSet\Enum

and we may be able to nip this in the bud - it may have Deny settings which take precendence over Allow.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 8:16 PM

Moderator
0

Sign in to vote

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>subinacl /subkeyreg SYSTEM\CurrentControlSet\Enum\Root\LEGAC
Y_SPLDR

===========================================================================
+KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
===========================================================================
/control=0x1400 SE_DACL_AUTO_INHERITED-0x0400 SE_DACL_PROTECTED-0x1000
/owner             =builtin\administrators
/primary group     =builtin\administrators
/audit ace count   =0
/perm. ace count   =3
/pace =onscener-dev01\administrator     ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2
    Key and SubKey - Type of Access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
0
/pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2
    Key and SubKey - Type of Access:
        Read
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10

        READ_CONTROL-0x20000
/pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2
    Key and SubKey - Type of Access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
0

================================================================================

+KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
================================================================================

/control=0x400 SE_DACL_AUTO_INHERITED-0x0400
/owner             =onscener-dev01\tphillips
/primary group     =builtin\administrators
/audit ace count   =0
/perm. ace count   =6
/pace =onscener-dev01\administrator     ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2
    Key and SubKey - Type of Access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
0
/pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2
    Key and SubKey - Type of Access:
        Read
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10

        READ_CONTROL-0x20000
/pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2
    Key and SubKey - Type of Access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
0
/pace =onscener-dev01\administrator     ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
    Key and SubKey - Type of Access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
0
/pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
    Key and SubKey - Type of Access:
        Read
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10

        READ_CONTROL-0x20000
/pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
    Key and SubKey - Type of Access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
0

================================================================================
========
+KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\
Control
================================================================================
========
/control=0x400 SE_DACL_AUTO_INHERITED-0x0400
/owner             =onscener-dev01\tphillips
/primary group     =system
/audit ace count   =0
/perm. ace count   =3
/pace =onscener-dev01\administrator     ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
    Key and SubKey - Type of Access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
0
/pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
    Key and SubKey - Type of Access:
        Read
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10

        READ_CONTROL-0x20000
/pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
    Key and SubKey - Type of Access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
0

Elapsed Time: 00 00:00:00
Done:        3, Modified        0, Failed        0, Syntax errors        0
Last Done : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\
0000\Control

C:\Windows\system32>

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>subinacl /keyreg SYSTEM\CurrentControlSet\Enum

=========================================================
+KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
=========================================================
/control=0x1000 SE_DACL_PROTECTED-0x1000
/owner             =builtin\administrators
/primary group     =builtin\administrators
/audit ace count   =0
/perm. ace count   =3
/pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2
    Key and SubKey - Type of Access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
0
/pace =owner rights     ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2
    Key and SubKey - Type of Access:
        Special acccess : -Read Control
    Detailed Access Flags :
        READ_CONTROL-0x20000
/pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2
    Key and SubKey - Type of Access:
        Read
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10

        READ_CONTROL-0x20000

Elapsed Time: 00 00:00:00
Done:        1, Modified        0, Failed        0, Syntax errors        0
Last Done : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum

C:\Windows\system32>

Monday, August 27, 2012 8:26 PM
0

Sign in to vote
You appear to have set Full access for 'the' Administrator account, rather than the 'Administrators' group - add "Administrators", and you should have access to change the entry,
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Marked as answer by Onscene.Ted Monday, August 27, 2012 10:49 PM
- Unmarked as answer by Onscene.Ted Monday, August 27, 2012 10:55 PM
Monday, August 27, 2012 8:41 PM

Moderator
0

Sign in to vote

OK, good news is I was able to activate Windows and the license thing appears to be OK,

Bad news is that now I have a bunch of other things hosed up. No network, Services not started, No wallpaper on desktop etc....

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error: T:20120827155859429-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAACAAAAAIdAAAAAAAAYWECAID6//9Y4bfHloTNAWbXGpOihAOpMHzDmWxsjupSgYWjLbsLEXX7bvj8/IHGcbWJ8J6hk1y9bQqMwC4hrzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBH1GB6gq8+uOZHv0RDQmhdHWd1eTUiNh3rpVTqTDI+nQozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700004-02-1033-7601.0000-2402012
Installation ID: 006273632835511825697580018452079473479481667486157180
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7TP9F
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 8/27/2012 4:12:52 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:27:2012 15:59
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name   OEMID Value   OEMTableID Value
APIC           ACRSYS       APIC1817
FACP           ACRSYS       FACP1817
HPET           ACRSYS       OEMHPET
MCFG           ACRSYS       OEMMCFG
SLIC           ACRSYS       ACRPRDCT
OEMB           ACRSYS       OEMB1817
ASF!           LEGEND       I865PASF
GSCI           ACRSYS       GMCHSCI
AWMI           ACRSYS       OEMB1817
SSDT           DpgPmm       CpuPm

Monday, August 27, 2012 9:16 PM
0

Sign in to vote

Ouch!

The SPLDR service is a pretty fundamental one - which seems to be making it an either/or thing :(

I can't find any documentation on what the ConfigFlags value actually does, and indeed there's very little to be found on the driver/service itself.

I really cannot advise on which way to go. Perhaps you should set the value back to 401, and ask in the ITPro or MSDN forums if anyone has any idea what the cause/effect is, and take it from there.

If you do that, please post a link to it here so we can track it and see where it goes!

Otherwise, your option is going to be a repair install using retail SP1 media.

Repair install

Download the SP1
Refresh for your language and edition from the links on these pages...

Heidoc - Microsoft DR Download links

The links are for downloads from the Digital River servers run for MS, so are about as safe as
you can get :)

Once you have it downloaded, you then need to burn the DVD from it - use either the Windows Disk
Image Burner, or (better still) your favourite burning application at the slowest speed possible.

Note that you do NOT 'drag and drop' the file to the disk, you must use the 'burn an image' option
from your app - or you'll end up with a useless coaster :)

Once you have the disk burnt, check that it boots the (or any other) system OK - but do NOT start
the repair from there - you must start the repair from within a normal Windows boot.

Follow the instructions in this tutorial - http://www.sevenforums.com/tutorials/3413-repair-install.html

- and they should help you get through it (it's not as difficult as it looks!)

Always ask questions first if you're unsure - either here, or in sevenforums.

I think we've done about all we can here in terms of fixing the WGA problem - and you have a difficult choice to make.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 10:03 PM

Moderator
0

Sign in to vote
Got it fixed (I think)....

Sent it back in time with Windows restore,

changed registry permissions

Took ownership of 00000 key

edited configflags to 400

rebooted

activated windows

fixed permissions back

rebooted again

seems to be working!

Thanks soooo much for your help!!!!
- Proposed as answer by Noel D PatonModerator Monday, August 27, 2012 10:28 PM
- Marked as answer by Onscene.Ted Monday, August 27, 2012 10:55 PM
Monday, August 27, 2012 10:14 PM
0

Sign in to vote

WTG!! Well done!

How far back did you take it? - remember you'll have to reinstall any new programs and updates installed since that date.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 10:28 PM

Moderator
0

Sign in to vote
Thanks! Took it back before I deleted those

7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

files and uninstalled my AVG and Threatfire.

What AV do you recommend I install now?

Ted
Monday, August 27, 2012 10:52 PM
0

Sign in to vote

Strange - I wouldn't have expected those to make that much diference..... Ah, the Wonders of Windows.....

Microsoft Security Essentials works fine for me, and should work fine for 99% of people (and the other 1% should probably be locked up anyhow <g>), and best of all, it's free!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 10:59 PM

Moderator
0

Sign in to vote

Thanks! I really appreciate your help!

Monday, August 27, 2012 11:08 PM
0

Sign in to vote

You're welcome - I learned a lot along the way, also.

Good luck
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, August 27, 2012 11:37 PM

Moderator

Answered by:

Popup says I may be a victim of counterfiting.

Question

Answers

All replies