locked
Popup says I may be a victim of counterfiting. RRS feed

  • Question

  • Hello,

    I have a recent Acer desktop machine that has Windows 7 64bit Professional factory installed. Recently it started complaining that my Windows may be counterfit. I've tried all the fixes I've found in other threads to no avail. Acer Tech Support says the only way to fix it is to reinstall from scratch. I have a considerable amount of licensed development software on this machine that would be difficult to replace so reinstalling needs to be a last resort.

    Any help would be appreciated

    Diagnostics as follows..........

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
    Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
    Windows Product ID: 00371-OEM-8992671-00004
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Prompt
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.
    Error: 0xC0000022

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:17:2012 16:37
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  APIC1817
      FACP   ACRSYS  FACP1817
      HPET   ACRSYS  OEMHPET
      MCFG   ACRSYS  OEMMCFG
      SLIC   ACRSYS  ACRPRDCT
      OEMB   ACRSYS  OEMB1817
      ASF!   LEGEND  I865PASF
      GSCI   ACRSYS  GMCHSCI
      AWMI   ACRSYS  OEMB1817
      SSDT   DpgPmm  CpuPm

    Thursday, August 23, 2012 4:49 AM

Answers

  • Got it fixed (I think)....

    Sent it back in time with Windows restore,

    changed registry permissions

    Took ownership of 00000 key

    edited configflags to 400

    rebooted

    activated windows

    fixed permissions back

    rebooted again

    seems to be working!

    Thanks soooo much for your help!!!!

    Monday, August 27, 2012 10:14 PM

All replies

  • The error that you have is an 'access denied' error - and often assicated with disk corruption.

     

    Please run a full CHKDSK and SFC scan....

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

     At the Command prompt, type

     CHKDSK C: /R

     and hit the Enter key.

     

     You will be told that the drive is locked,

     and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

     The chkdsk will take a few hours depending on the size  of the drive, so be patient!

     After the CHKDSK has run, Windows should boot normally  (possibly after a second auto-reboot) - then run the SFC.

     

     SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     At the Command prompt, type

     SFC /SCANNOW

     and hit the Enter key

     

     Wait for the scan to finish - make a note of any error messages - and then reboot.

     Post an MGADiag report with details of any error messages encountered.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, August 23, 2012 8:48 AM
    Moderator
  • Hi Noel,

    Thanks so much for your help.

    I ran the programs as you suggested. Neither found any errors.

    After running SFC my system would not run properly. Couldn't connect to the internet, a bunch of services weren't started etc.

    I could ping addresses but DNS wasn't working. Used system restore and finally got it to come up normally. (still has the counterfit popups)

    The diagnostic after running scans is....

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

     

    Validation Code: 0x8004FE21

    Cached Online Validation Code: N/A, hr = 0xc0000022

    Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F

    Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=

    Windows Product ID: 00371-OEM-8992671-00004

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.1.7601.2.00010100.1.0.048

    ID: {DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Professional

    Architecture: 0x00000009

    Build lab: 7601.win7sp1_gdr.120330-1504

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

     

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

     

    OGA Data-->

    Office Status: 109 N/A

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Prompt

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{DC0D2DC0-9436-44A8-84AE-FF0E8FD90575}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

     

    Spsys.log Content: 0x80070002

     

    Licensing Data-->

    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.

    Error: 0xC0000022

     

    Windows Activation Technologies-->

    HrOffline: 0x8004FE21

    HrOnline: N/A

    HealthStatus: 0x0001000000000000

    Event Time Stamp: 8:17:2012 16:37

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    Tampered Service: sppsvc

     

     

    HWID Data-->

    HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    ACRSYS                 APIC1817

      FACP                                   ACRSYS                 FACP1817

      HPET                                    ACRSYS                 OEMHPET

      MCFG                                 ACRSYS                 OEMMCFG

      SLIC                                      ACRSYS                 ACRPRDCT

      OEMB                                 ACRSYS                 OEMB1817

      ASF!                                     LEGEND                                I865PASF

      GSCI                                    ACRSYS                 GMCHSCI

      AWMI                                 ACRSYS                 OEMB1817

      SSDT                                    DpgPmm                             CpuPm

     Thanks!

    Ted

     

    Friday, August 24, 2012 7:30 AM
  • If SFC claimed 'no errors' and still 'caused' that problem, then I suspect enemy action (malware/virus)

    I'd download Windows Defender Offline on a known-clean machine, and create the boot media, the run a scan on the affected machine.  http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline/

    If/when it comes back clean, download the CheckSUR tool, and run it (after creating a new Restore point! - although it should create one of its own)

    Download the CheckSUR tool for your system from http://support.microsoft.com/kb/947821 and run it.

    It will say 'Installing' and may appear to hang - but if it has a lot of work to do, it may take a couple of hours so be patient!

    Once complete, please upload the CheckSUR.log file to your SkyDrive and post a link to it in your reply, together with a new MGADiag report.



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Friday, August 24, 2012 8:02 AM
    Moderator
  • Hi Noel,

    Thanks again for your help. Attached is the file you requested,

    No malware found...

    https://dl.dropbox.com/u/4823922/CheckSUR.log

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
    Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
    Windows Product ID: 00371-OEM-8992671-00004
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Prompt
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.
    Error: 0xC0000022

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:24:2012 02:24
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            ACRSYS        APIC1817
      FACP            ACRSYS        FACP1817
      HPET            ACRSYS        OEMHPET
      MCFG            ACRSYS        OEMMCFG
      SLIC            ACRSYS        ACRPRDCT
      OEMB            ACRSYS        OEMB1817
      ASF!            LEGEND        I865PASF
      GSCI            ACRSYS        GMCHSCI
      AWMI            ACRSYS        OEMB1817
      SSDT            DpgPmm        CpuPm

    Sunday, August 26, 2012 6:41 AM
  • CheckSUR found no problems.

    I've had some success with similar erors using the following procedurer - it may work for you...

     

     

    This can result from mistakenly setting the System32 folder and its contents to 'Read Only' status.

     

     

    To correct this:-

     

    Open Windows Explorer (Computer)

    Navigate to the C:\Windows folder

    Find the System32 sub-folder and right-click on it

    select Properties

     

    Clear the 'blob'
    from the 'Read-only (Only applies to files in folder)' box by clicking on it until it's plain white.

    Click on Apply.

     

    Make sure that the radio button for 'Apply changes to this folder, subfolders and files' is set,
    and click OK.

     

    Accept the Administrator prompt. After a couple of seconds, you'll be told there is an error - click on the 'Ignore all' button.

     

    Wait for it to finish - it could take a couple of minutes.

     

    OK out, and exit Windows Explorer.

     

    Reboot twice

     

    Post a new MGADiag report.

     



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, August 26, 2012 8:16 AM
    Moderator
  • Hi Noel,

    Doesn't look like anything changed....

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
    Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
    Windows Product ID: 00371-OEM-8992671-00004
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Prompt
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC0000022' to display the error text.
    Error: 0xC0000022

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:24:2012 02:24
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            ACRSYS        APIC1817
      FACP            ACRSYS        FACP1817
      HPET            ACRSYS        OEMHPET
      MCFG            ACRSYS        OEMMCFG
      SLIC            ACRSYS        ACRPRDCT
      OEMB            ACRSYS        OEMB1817
      ASF!            LEGEND        I865PASF
      GSCI            ACRSYS        GMCHSCI
      AWMI            ACRSYS        OEMB1817
      SSDT            DpgPmm        CpuPm

    Thanks,

    Ted

    Sunday, August 26, 2012 4:07 PM
  • I suppose it was a bit much, hoping for lightning to strike twice in two days :)

    we need somehow to work out what is denying access to what, and where.

    please open an Elevated Command Prompt, and run the following commands and copy/paste the output to your reponse.

    CSCRIPT slmgr.vbs /dlv
    WSCRIPT slmgr.vbs /dlv
    REG QUERY HKU
    ICACLS C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\SoftwareProtectionPlatform /T
    DIR C:\Windows\ServiceProfiles\NetworkService

    Note that the second one will (or at least should) give you a popup rather than a response in the window - just let us know if there's an obvious error message in it.

    Please also let us know what your current Anti-Virus is, and what other AV's you've ever had installed on the machine since the last reformat/reinstall.

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Sunday, August 26, 2012 5:04 PM
    Moderator
  • Hi Noel,

    Below are the results to the commands you suggested.

    As far as AV, I use AVG 2012.0.2193, and PC Tools Threatfire 4.7.0.17

    It came with some Symantec AV but it was removed as soon as I got it.

    Thanks,

    Ted

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>CSCRIPT smlgr.vbs /dlv
    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.

    Input Error: Can not find script file "C:\Windows\system32\smlgr.vbs".

    C:\Windows\system32>WSCRIPT slmgr.vbs /dlv

    C:\Windows\system32>REG QUERY HKU

    HKEY_USERS\.DEFAULT
    HKEY_USERS\S-1-5-19
    HKEY_USERS\S-1-5-20
    HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1003
    HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1003_Classes
    HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1008
    HKEY_USERS\S-1-5-21-2526673814-4277551392-212169465-1008_Classes
    HKEY_USERS\S-1-5-18

    C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\NetworkService\AppData\Roa
    ming\SoftwareProtectionPlatform /T
    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
    ectionPlatform NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)

                   BUILTIN\Administrators:(I)(OI)(CI)(F)

                   NT AUTHORITY\NETWORK SERVICE:(I)(OI)(CI)(F)

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
    ectionPlatform\Cache NT AUTHORITY\SYSTEM:(OI)(CI)(F)

                         BUILTIN\Administrators:(OI)(CI)(F)

                         NT SERVICE\sppsvc:(OI)(CI)(R,W,D)

                         Everyone:(OI)(CI)(R)

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
    ectionPlatform\tokens.dat NT AUTHORITY\SYSTEM:(I)(F)

                              BUILTIN\Administrators:(I)(F)

                              NT AUTHORITY\NETWORK SERVICE:(I)(F)

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProt
    ectionPlatform\Cache\cache.dat NT AUTHORITY\SYSTEM:(I)(F)

                                   BUILTIN\Administrators:(I)(F)

                                   NT SERVICE\sppsvc:(I)(R,W,D)

                                   Everyone:(I)(R)

    Successfully processed 4 files; Failed processing 0 files

    C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService
     Volume in drive C is Acer
     Volume Serial Number is A635-731D

     Directory of C:\Windows\ServiceProfiles\NetworkService

    08/24/2012  02:18 AM    <DIR>          .
    08/24/2012  02:18 AM    <DIR>          ..
    07/13/2009  11:45 PM    <DIR>          Desktop
    07/13/2009  11:45 PM    <DIR>          Documents
    07/13/2009  11:45 PM    <DIR>          Downloads
    07/13/2009  11:45 PM    <DIR>          Favorites
    07/13/2009  11:45 PM    <DIR>          Links
    07/13/2009  11:45 PM    <DIR>          Music
    07/13/2009  11:45 PM    <DIR>          Pictures
    07/13/2009  11:45 PM    <DIR>          Saved Games
    07/13/2009  11:45 PM    <DIR>          Videos
                   0 File(s)              0 bytes
                  11 Dir(s)  161,237,413,888 bytes free

    C:\Windows\system32>

    Sunday, August 26, 2012 9:05 PM
  • Not quite a Perfect Storm  of AV's - but close.

    I don't trust any PCTools program as far as I could write it (which is not at all far).

    Norton software is almost as bad as the malware it's supposed to be reventing/removing - and AVG is heading the same way.

    You need to run the Norton Removal tool (assuming you haven't already done so) to remove the dregs that even the manufacturer's pre-install leave behind.

    You should also undo any Registry editing PCTools has done - then preferably uninstall it and run whatver they may have in the way of a cleanup tool for that.

    You may also need to uninstall and reinstall AVG.

    Ahah! "Input Error: Can not find script file "C:\Windows\system32\smlgr.vbs"

    please run the following commands in an Elevated Command Prompt

    SFC /SCANFILE=C:\Windows\System32\slmgr.vbs

    CSCRIPT slmgr.vbs /dlv

    post the results.

    Then reboot and post another MGADiag report.

    I can't see the picture you posted - either put it up on your Skydrive and post a link, or describe it (I suspect it says the same thing as the first one?)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Sunday, August 26, 2012 9:39 PM
    Moderator
  • Please  note the corrections made to my last two posts - my dyslexia is bad tonight! (that's my excuse, anyhow)

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Sunday, August 26, 2012 9:43 PM
    Moderator
  • Hi Noel,

    Attached are the results of the commands you suggested.

    I will uninstall AVG and Threatfire and post thre results.

    Thanks,

    Ted

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>SFC /SCANFILE=C:\Windows\System32\slmgr.vbs

    Windows Resource Protection did not find any integrity violations.

    C:\Windows\System32>CSCRIPT slmgr.vbs /dlv
    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.

    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8
    0070426' to display the error text.
    Error: 0x80070426


    C:\Windows\System32>

    Sunday, August 26, 2012 10:10 PM
  • OK - that is at least consistent with the earlier results :)

    Please run the following commands

    DIR C:\Windows\ServiceProfiles\NetworkService /AH

    DIR C:\Windows\ServiceProfiles\NetworkService /AS

    DIR C:\Windows\ServiceProfiles\NetworkService /AR

    and post the results (expect two to fail!)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, August 26, 2012 10:18 PM
    Moderator
  • AVG and threatfire removed....

    Norton tool run

    Results below...

    Thanks,

    Ted

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService /AH
     Volume in drive C is Acer
     Volume Serial Number is A635-731D

     Directory of C:\Windows\ServiceProfiles\NetworkService

    07/13/2009  11:45 PM    <DIR>          AppData
    08/26/2012  05:20 PM           524,288 NTUSER.DAT
    07/14/2009  02:12 AM             1,024 NTUSER.DAT.LOG
    08/26/2012  05:20 PM           226,304 NTUSER.DAT.LOG1
    07/13/2009  11:45 PM                 0 NTUSER.DAT.LOG2
    07/14/2009  12:01 AM            65,536 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
    cde3ec}.TM.blf
    07/14/2009  12:01 AM           524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
    cde3ec}.TMContainer00000000000000000001.regtrans-ms
    07/14/2009  12:01 AM           524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
    cde3ec}.TMContainer00000000000000000002.regtrans-ms
    08/26/2012  12:38 AM            65,536 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
    c165d2}.TM.blf
    08/26/2012  12:38 AM           524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
    c165d2}.TMContainer00000000000000000001.regtrans-ms
    08/26/2012  12:38 AM           524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
    c165d2}.TMContainer00000000000000000002.regtrans-ms
    08/07/2012  09:52 PM            65,536 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
    c165d2}.TM.blf
    08/07/2012  09:52 PM           524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
    c165d2}.TMContainer00000000000000000001.regtrans-ms
    08/07/2012  09:52 PM           524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
    c165d2}.TMContainer00000000000000000002.regtrans-ms
    08/24/2012  02:17 AM            65,536 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
    c165d2}.TM.blf
    08/24/2012  02:17 AM           524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
    c165d2}.TMContainer00000000000000000001.regtrans-ms
    08/24/2012  02:17 AM           524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
    c165d2}.TMContainer00000000000000000002.regtrans-ms
    05/19/2012  04:54 PM            65,536 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
    c165d2}.TM.blf
    05/19/2012  04:54 PM           524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
    c165d2}.TMContainer00000000000000000001.regtrans-ms
    05/19/2012  04:54 PM           524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
    c165d2}.TMContainer00000000000000000002.regtrans-ms
                  19 File(s)      6,322,176 bytes
                   1 Dir(s)  162,159,702,016 bytes free

    C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService /AS
     Volume in drive C is Acer
     Volume Serial Number is A635-731D

     Directory of C:\Windows\ServiceProfiles\NetworkService

    08/26/2012  05:20 PM           524,288 NTUSER.DAT
    07/14/2009  12:01 AM            65,536 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
    cde3ec}.TM.blf
    07/14/2009  12:01 AM           524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
    cde3ec}.TMContainer00000000000000000001.regtrans-ms
    07/14/2009  12:01 AM           524,288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0b
    cde3ec}.TMContainer00000000000000000002.regtrans-ms
    08/26/2012  12:38 AM            65,536 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
    c165d2}.TM.blf
    08/26/2012  12:38 AM           524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
    c165d2}.TMContainer00000000000000000001.regtrans-ms
    08/26/2012  12:38 AM           524,288 NTUSER.DAT{3a6ef44f-edb9-11e1-93a6-4487fc
    c165d2}.TMContainer00000000000000000002.regtrans-ms
    08/07/2012  09:52 PM            65,536 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
    c165d2}.TM.blf
    08/07/2012  09:52 PM           524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
    c165d2}.TMContainer00000000000000000001.regtrans-ms
    08/07/2012  09:52 PM           524,288 NTUSER.DAT{77445e13-ddac-11e1-93ff-4487fc
    c165d2}.TMContainer00000000000000000002.regtrans-ms
    08/24/2012  02:17 AM            65,536 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
    c165d2}.TM.blf
    08/24/2012  02:17 AM           524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
    c165d2}.TMContainer00000000000000000001.regtrans-ms
    08/24/2012  02:17 AM           524,288 NTUSER.DAT{7d2b09c5-edb7-11e1-af5c-4487fc
    c165d2}.TMContainer00000000000000000002.regtrans-ms
    05/19/2012  04:54 PM            65,536 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
    c165d2}.TM.blf
    05/19/2012  04:54 PM           524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
    c165d2}.TMContainer00000000000000000001.regtrans-ms
    05/19/2012  04:54 PM           524,288 NTUSER.DAT{9361a54c-9def-11e1-8e05-4487fc
    c165d2}.TMContainer00000000000000000002.regtrans-ms
                  16 File(s)      6,094,848 bytes
                   0 Dir(s)  162,156,388,352 bytes free

    C:\Windows\system32>DIR C:\Windows\ServiceProfiles\NetworkService /AR
     Volume in drive C is Acer
     Volume Serial Number is A635-731D

     Directory of C:\Windows\ServiceProfiles\NetworkService

    07/13/2009  11:45 PM    <DIR>          Desktop
    07/13/2009  11:45 PM    <DIR>          Documents
    07/13/2009  11:45 PM    <DIR>          Downloads
    07/13/2009  11:45 PM    <DIR>          Favorites
    07/13/2009  11:45 PM    <DIR>          Links
    07/13/2009  11:45 PM    <DIR>          Music
    07/13/2009  11:45 PM    <DIR>          Pictures
    07/13/2009  11:45 PM    <DIR>          Videos
                   0 File(s)              0 bytes
                   8 Dir(s)  162,156,351,488 bytes free

    C:\Windows\system32>

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
    Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
    Windows Product ID: 00371-OEM-8992671-00004
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Prompt
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:24:2012 02:24
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            ACRSYS        APIC1817
      FACP            ACRSYS        FACP1817
      HPET            ACRSYS        OEMHPET
      MCFG            ACRSYS        OEMMCFG
      SLIC            ACRSYS        ACRPRDCT
      OEMB            ACRSYS        OEMB1817
      ASF!            LEGEND        I865PASF
      GSCI            ACRSYS        GMCHSCI
      AWMI            ACRSYS        OEMB1817
      SSDT            DpgPmm        CpuPm

    Sunday, August 26, 2012 10:27 PM
  • It's possible that a pair of critical system files have been corrupted, or locked somehow.

     

    Please reboot. Then open a Command Prompt window, and run the following command

    DIR C:\Windows\System32\7b*.* /AH

    post the results, and the time you rebooted (I need to compare the timestamps)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, August 26, 2012 10:38 PM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    Rebooted @ 5:44PM CST

    C:\Windows\system32>DIR C:\Windows\System32\7b*.* /AH
     Volume in drive C is Acer
     Volume Serial Number is A635-731D

     Directory of C:\Windows\System32

    05/02/2012  05:15 AM             9,920 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0
    .C7483456-A289-439d-8115-601632D005A0
    05/02/2012  05:15 AM             9,920 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1
    .C7483456-A289-439d-8115-601632D005A0
                   2 File(s)         19,840 bytes
                   0 Dir(s)  162,136,276,992 bytes free

    C:\Windows\system32>

    Sunday, August 26, 2012 10:47 PM
  • There at least is another symptom!

    now we need to work out what to do about it.

    With any luck, this will work.....

    OPen an Elevated COmmand Prompt, and run the following commands

    DEL C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ar DEL C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ar REN %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat tokens.barx

    SLUI.EXE

    You may be asked to enter your Product Key (from the COA sticker), or to activate - follow the instructions



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Sunday, August 26, 2012 11:06 PM
    Moderator
  • Done but slui.exe doesn't run.

    It says "Code 0xc0020012 The interface is unknown

    Sunday, August 26, 2012 11:17 PM
  • Now my wallpaper is gone and the screen is black
    Sunday, August 26, 2012 11:22 PM
  • That's par for the course :(

    please post a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, August 26, 2012 11:35 PM
    Moderator
  • Hi Noel,

    Diagnostic report says: Failed to create output  files, hr=0x80070002, Please contact support.

    won't copy anything out.

    Thanks,

    Ted

    Monday, August 27, 2012 2:03 PM
  • That's OK - that just means that it couldn't save the files to disk for some reason. It should still have copied the data to the clipboard for pasting purposes.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 2:06 PM
    Moderator
  • Here You Go...

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: N/A, hr = 0xc0000022
    Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
    Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
    Windows Product ID: 00371-OEM-8992671-00004
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Prompt
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 8:24:2012 02:24
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppsvc


    HWID Data-->
    HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            ACRSYS        APIC1817
      FACP            ACRSYS        FACP1817
      HPET            ACRSYS        OEMHPET
      MCFG            ACRSYS        OEMMCFG
      SLIC            ACRSYS        ACRPRDCT
      OEMB            ACRSYS        OEMB1817
      ASF!            LEGEND        I865PASF
      GSCI            ACRSYS        GMCHSCI
      AWMI            ACRSYS        OEMB1817
      SSDT            DpgPmm        CpuPm

    Monday, August 27, 2012 2:15 PM
  • OK , we'll have to dig deeper then.

    Please open Event Viewer, and Export the Windows Applicarion and System logs  - zip them up, and upload them to your SkyDrive, then post a link in your reply.

    I have a suspicion that we're going to have to resort to a repair install and hope that works. :(


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 2:24 PM
    Moderator
  • Event Logs as requested, Thanks!

    http://dl.dropbox.com/u/4823922/Logs.zip

    Monday, August 27, 2012 3:11 PM
  • Interesting - that's something I hadn't actually realised was present in the system - a Software Protection driver! (and it's not loading properly)

    Please run the following commands....

    DIR C:\Windows\spldr.* /s

    ICACLS C:\Windows\spldr.* /T

    post the results


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 4:48 PM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>DIR C:\Windows\spldr.* /s
     Volume in drive C is Acer
     Volume Serial Number is A635-731D

     Directory of C:\Windows\System32\drivers

    07/13/2009  08:45 PM            19,008 spldr.sys
                   1 File(s)         19,008 bytes

     Directory of C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_3
    1bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59

    07/13/2009  08:45 PM            19,008 spldr.sys
                   1 File(s)         19,008 bytes

         Total Files Listed:
                   2 File(s)         38,016 bytes
                   0 Dir(s)  161,259,192,320 bytes free

    C:\Windows\system32>ICACLS C:\Windows\spldr.* /T
    C:\Windows\CSC\spldr.*: Access is denied.
    Successfully processed 0 files; Failed processing 1 files

    C:\Windows\system32>
    Monday, August 27, 2012 5:19 PM
  • ..I just discovered that your non-genuine problems started way back on 3rd May!

    Now why should ICACLS barf on that folder? (which doesn't even exist in my install!)

    Let's go direct to the file itself -

    ICACLS C:\Windows\System32\drivers\spldr.sys

    ATTRIB C:\Windows\System32\drivers\spldr.sys

    REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /s


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 5:26 PM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>ICACLS C:\Windows\System32\drivers\spldr.sys
    C:\Windows\System32\drivers\spldr.sys NT SERVICE\TrustedInstaller:(F)
                                          BUILTIN\Administrators:(RX)
                                          NT AUTHORITY\SYSTEM:(RX)
                                          BUILTIN\Users:(RX)

    Successfully processed 1 files; Failed processing 0 files

    C:\Windows\system32>ATTRIB C:\Windows\System32\drivers\spldr.sys
    A            C:\Windows\System32\drivers\spldr.sys

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /s

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
        DisplayName    REG_SZ    Security Processor Loader Driver
        ErrorControl    REG_DWORD    0x3
        Start    REG_DWORD    0x0
        Type    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
        0    REG_SZ    Root\LEGACY_SPLDR\0000
        Count    REG_DWORD    0x1
        NextInstance    REG_DWORD    0x1


    C:\Windows\system32>
    Monday, August 27, 2012 5:32 PM
  • The \CSC folder is apparently Offline files - and should not be manipulated manually. Do you use Offline files at all?

    http://support.microsoft.com/kb/230738

    refers.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 5:35 PM
    Moderator
  • Nope, Unless they are part of one of the Visual Studio Dev. Environments or SDKs.
    Monday, August 27, 2012 5:39 PM
  • You were quicker to come back than I expected! :)

    That output looks normal - but the driver still isn't loading

    let's have a look at this key...

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /s


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 5:44 PM
    Moderator
  • That was about the time I installed the licensed version of Leadtools Multimedia Toolkit into Visual Studio.

    http://www.leadtools.com/sdk/engine/multimedia.htm

    I dunno if that has anything to do with it....

    Thanks

    Monday, August 27, 2012 5:45 PM
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
    DR /s

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x401
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control


    C:\Windows\system32>
    Monday, August 27, 2012 5:48 PM
  • The only difference I can see in that output is that the ConfigFlags value has a Data content of 401, rather than the 400 that's present in my systems.

    If I change a test system to 401, then I get the C0000022 error, and the 426 error, so it looks like we've found the root of the problem.

    If you're comfortable in the registry, do this.

    Open Regedit and navigate to the HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR Key

    Export it to a reg file for safety!

    Now go to the Control subkey and right-click on it

    Select Permissions,

    Click on Advanced, then the Owner tab

    Make sure that Administrators is the owner, and put a tick in the 'Replace owner...' box at the bottom

    Click OK once

    add Administrators to the Groups or Usernames list, and give them Full permissions

    CLICK OK

    Now you can change the ConfigFlags entry from 401 to 400 and exit regedit - reboot, and post another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Monday, August 27, 2012 6:10 PM
    Moderator
  • It won't let me change it. Says it can't write value. Do you use Team Viewer?

    Monday, August 27, 2012 6:24 PM
  • In that case you haven't got the permissions right.

    Try setting the inheritance switch again.

    My 3G connection is dropping out every minute today - it's a nightmare just working the forums let alone doing anything sensible!


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 6:50 PM
    Moderator
  • Set Inheritances again, Made me owner, All permissions set for full access. It won't let me create or remove keys either. I can elsewhere on the registry.

    Monday, August 27, 2012 6:55 PM
  • Ouch!

    Can you set ineritances on the whole LEGACY_SPLDR Key?

    does that enable anything?

    What SID's have permissions on the Control subkey? - what permissions do they have?

    I'll see if I can come up with a command-line that works  (do you have Subinacl installed, by any chance?)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 7:09 PM
    Moderator
  • SORRY!!!!

    my mind must be going soft after too many hours in front of the screen -

    its the '0000' subkey you need to set permissions on!!

    (DUH!)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 7:15 PM
    Moderator
  • Cannot change permissions on the enum key or down. I will install Subinacl if i need to...
    Monday, August 27, 2012 7:26 PM
  • It is prbably going to be necessary - if I can find a link in the 30 seconds I get before my connection breaks again! ....

    http://www.microsoft.com/en-gb/download/details.aspx?id=23510

    Now I have to install it in my plaything and work out how best to use it! (I generally avoid it becuse it's not a part of teh OS and is rather too powerful for most users to have on their machines<g>)


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 7:41 PM
    Moderator
  • If you install it in the default directory it won't work - but it's necessary :)

    You can then copy the executable to the C:\Windows\System32 folder, and it'll work!

    Once you've done that, please open an Elevated Command prompt window, and run the following commands

    subinacl /subkeyreg SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR

    and you'll get a pageful of data - please copy that to your response.

    At least then we can see what we're fighting!


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 8:11 PM
    Moderator
  • It looks as if the key actually inherits most of its permissions from the

    SYSTEM\CurrentControlSet\Enum

    key - so a look at the settings there would be a 'good thing'

    subinacl /keyreg SYSTEM\CurrentControlSet\Enum

    and we may be able to nip this in the bud - it may have Deny settings which take precendence over Allow.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 8:16 PM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>subinacl /subkeyreg SYSTEM\CurrentControlSet\Enum\Root\LEGAC
    Y_SPLDR

    ===========================================================================
    +KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
    ===========================================================================
    /control=0x1400 SE_DACL_AUTO_INHERITED-0x0400 SE_DACL_PROTECTED-0x1000
    /owner             =builtin\administrators
    /primary group     =builtin\administrators
    /audit ace count   =0
    /perm. ace count   =3
    /pace =onscener-dev01\administrator     ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2
        Key and SubKey - Type of Access:
            Full Control
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
    -0x4
            KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
    20       DELETE-0x10000
            READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
    0
    /pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2
        Key and SubKey - Type of Access:
            Read
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10

            READ_CONTROL-0x20000
    /pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2
        Key and SubKey - Type of Access:
            Full Control
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
    -0x4
            KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
    20       DELETE-0x10000
            READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
    0

    ================================================================================

    +KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
    ================================================================================

    /control=0x400 SE_DACL_AUTO_INHERITED-0x0400
    /owner             =onscener-dev01\tphillips
    /primary group     =builtin\administrators
    /audit ace count   =0
    /perm. ace count   =6
    /pace =onscener-dev01\administrator     ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2
        Key and SubKey - Type of Access:
            Full Control
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
    -0x4
            KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
    20       DELETE-0x10000
            READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
    0
    /pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2
        Key and SubKey - Type of Access:
            Read
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10

            READ_CONTROL-0x20000
    /pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2
        Key and SubKey - Type of Access:
            Full Control
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
    -0x4
            KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
    20       DELETE-0x10000
            READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
    0
    /pace =onscener-dev01\administrator     ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
        Key and SubKey - Type of Access:
            Full Control
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
    -0x4
            KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
    20       DELETE-0x10000
            READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
    0
    /pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
        Key and SubKey - Type of Access:
            Read
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10

            READ_CONTROL-0x20000
    /pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
        Key and SubKey - Type of Access:
            Full Control
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
    -0x4
            KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
    20       DELETE-0x10000
            READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
    0

    ================================================================================
    ========
    +KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\
    Control
    ================================================================================
    ========
    /control=0x400 SE_DACL_AUTO_INHERITED-0x0400
    /owner             =onscener-dev01\tphillips
    /primary group     =system
    /audit ace count   =0
    /perm. ace count   =3
    /pace =onscener-dev01\administrator     ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
        Key and SubKey - Type of Access:
            Full Control
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
    -0x4
            KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
    20       DELETE-0x10000
            READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
    0
    /pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
        Key and SubKey - Type of Access:
            Read
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10

            READ_CONTROL-0x20000
    /pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2      INHERITED_ACE-0x10
        Key and SubKey - Type of Access:
            Full Control
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
    -0x4
            KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
    20       DELETE-0x10000
            READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
    0


    Elapsed Time: 00 00:00:00
    Done:        3, Modified        0, Failed        0, Syntax errors        0
    Last Done  : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\
    0000\Control

    C:\Windows\system32>

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>subinacl /keyreg SYSTEM\CurrentControlSet\Enum

    =========================================================
    +KeyReg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
    =========================================================
    /control=0x1000 SE_DACL_PROTECTED-0x1000
    /owner             =builtin\administrators
    /primary group     =builtin\administrators
    /audit ace count   =0
    /perm. ace count   =3
    /pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2
        Key and SubKey - Type of Access:
            Full Control
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY
    -0x4
            KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x
    20       DELETE-0x10000
            READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x8000
    0
    /pace =owner rights     ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2
        Key and SubKey - Type of Access:
            Special acccess : -Read Control
        Detailed Access Flags :
            READ_CONTROL-0x20000
    /pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
            CONTAINER_INHERIT_ACE-0x2
        Key and SubKey - Type of Access:
            Read
        Detailed Access Flags :
            KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10

            READ_CONTROL-0x20000


    Elapsed Time: 00 00:00:00
    Done:        1, Modified        0, Failed        0, Syntax errors        0
    Last Done  : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum

    C:\Windows\system32>

    Monday, August 27, 2012 8:26 PM
  • You appear to have set Full access for 'the' Administrator account, rather than the 'Administrators' group - add  "Administrators", and you should have access to change the entry,

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    • Marked as answer by Onscene.Ted Monday, August 27, 2012 10:49 PM
    • Unmarked as answer by Onscene.Ted Monday, August 27, 2012 10:55 PM
    Monday, August 27, 2012 8:41 PM
    Moderator
  • OK, good news is I was able to activate Windows and the license thing appears to be OK,

    Bad news is that now I have a bunch of other things hosed up. No network, Services not started, No wallpaper on desktop etc....

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
     
    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
    Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
    Windows Product ID: 00371-OEM-8992671-00004
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {A3D12742-2A67-4F31-B420-4D918F36F76D}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error: T:20120827155859429-
    Validation Diagnostic:  
    Resolution Status: N/A
     
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
     
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
     
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
     
    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
     
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Prompt
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
     
    File Scan Data-->
     
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A3D12742-2A67-4F31-B420-4D918F36F76D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-2526673814-4277551392-212169465</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Veriton X498G</Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>P01-A2        </Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>47C63207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>   
     
    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAAIdAAAAAAAAYWECAID6//9Y4bfHloTNAWbXGpOihAOpMHzDmWxsjupSgYWjLbsLEXX7bvj8/IHGcbWJ8J6hk1y9bQqMwC4hrzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBH1GB6gq8+uOZHv0RDQmhdHWd1eTUiNh3rpVTqTDI+nQozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
     
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
     
    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700004-02-1033-7601.0000-2402012
    Installation ID: 006273632835511825697580018452079473479481667486157180
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7TP9F
    License Status: Licensed
    Remaining Windows rearm count: 5
    Trusted time: 8/27/2012 4:12:52 PM
     
    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 8:27:2012 15:59
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
     
     
    HWID Data-->
    HWID Hash Current: MAAAAAEAAwABAAIAAAABAAAAAQABAAEA6GG+a4SxYthidYbNru+YJ2yiUrOAXVxd
     
    OEM Activation 1.0 Data-->
    N/A
     
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:  
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            ACRSYS        APIC1817
      FACP            ACRSYS        FACP1817
      HPET            ACRSYS        OEMHPET  
      MCFG            ACRSYS        OEMMCFG  
      SLIC            ACRSYS        ACRPRDCT
      OEMB            ACRSYS        OEMB1817
      ASF!            LEGEND        I865PASF
      GSCI            ACRSYS        GMCHSCI  
      AWMI            ACRSYS        OEMB1817
      SSDT            DpgPmm        CpuPm
     

    Monday, August 27, 2012 9:16 PM
  • Ouch!

    The SPLDR service is a pretty fundamental one - which seems to be making it an either/or thing :(

    I can't find any documentation on what the ConfigFlags value actually does, and indeed there's very little to be found on the driver/service itself.

    I really cannot advise on which way to go. Perhaps you should set the value back to 401, and ask in the ITPro or MSDN forums if anyone has any idea what the cause/effect is, and take it from there.

    If you do that, please post a link to it here so we can track it and see where it goes!

    Otherwise, your option is going to be a repair install using retail SP1 media.

     Repair install

    Download the SP1
    Refresh for your language and edition from the links on these pages...

     

    Heidoc - Microsoft DR Download links

     

    The links are for downloads from the Digital River servers run for MS, so are about as safe as
    you can get :)

     

    Once you have it downloaded, you then need to burn the DVD from it - use either the Windows Disk
    Image Burner, or (better still) your favourite burning application at the slowest speed possible.

     

    Note that you do NOT 'drag and drop' the file to the disk, you must use the 'burn an image' option
    from your app - or you'll end up with a useless coaster :)

     

    Once you have the disk burnt, check that it boots the (or any other) system OK - but do NOT start
    the repair from there - you must start the repair from within a normal Windows boot.

     

    Follow the instructions in this tutorial - http://www.sevenforums.com/tutorials/3413-repair-install.html

    - and they should help you get through it (it's not as difficult as it looks!)

     

    Always ask questions first if you're unsure - either here, or in sevenforums.

     

    I think we've done about all we can here in terms of fixing the WGA problem  - and you have a difficult choice to make.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 10:03 PM
    Moderator
  • Got it fixed (I think)....

    Sent it back in time with Windows restore,

    changed registry permissions

    Took ownership of 00000 key

    edited configflags to 400

    rebooted

    activated windows

    fixed permissions back

    rebooted again

    seems to be working!

    Thanks soooo much for your help!!!!

    Monday, August 27, 2012 10:14 PM
  • WTG!! Well done!

    How far back did you take it? - remember you'll have to reinstall any new programs and updates installed since that date.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 10:28 PM
    Moderator
  • Thanks! Took it back before I deleted those

    7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    files and uninstalled my AVG and Threatfire.

    What AV do you recommend I install now?

    Ted

    Monday, August 27, 2012 10:52 PM
  • Strange - I wouldn't have expected those to make that much diference..... Ah, the Wonders of Windows.....

    Microsoft Security Essentials works fine for me, and should work fine for 99% of people (and the other 1% should probably be locked up anyhow <g>), and best of all, it's free!


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 10:59 PM
    Moderator
  • Thanks! I really appreciate your help!
    Monday, August 27, 2012 11:08 PM
  • You're welcome - I learned a lot along the way, also.

    Good luck


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, August 27, 2012 11:37 PM
    Moderator