Answered by:
Windows not genuine after system restore -- error 0x800700B7

Question
-
This is on a desktop that had been upgraded from Vista to 7 -- after cleaning off a malware infection, it would not fully boot to the login screen, so a System Restore was attempted to fix it. The Restore said it did not complete successfully, but when I rebooted, the problem had been fixed and it said the system had been restored.
But then a new problem arose: Windows now thinks it is counterfeit.
I've already run sfc, chkdsk, updated storage drivers, tried the permissions fix, tried clean startup... nothing helped. So the next thing I was going to try was a repair install from the Win7 upgrade disc.
So here's my MGAdiag.
---
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0x800700b7
Windows Product Key: *****-*****-BFK42-C2FFR-MQVK8
Windows Product Key Hash: FFmViCyrREe9oJqY5bDq91/FCoc=
Windows Product ID: 00359-030-1202835-85167
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {6782A0EB-3A1F-400E-8E7F-A4F4449CE101}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6782A0EB-3A1F-400E-8E7F-A4F4449CE101}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MQVK8</PKey><PID>00359-030-1202835-85167</PID><PIDType>5</PIDType><SID>S-1-5-21-1968992023-205071136-760349905</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DXC061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>2.4.0 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070524000000.000000+000</Date></BIOS><HWID>69253C07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B8K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x800700B7' to display the error text.
Error: 0x800700B7
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEAJJQS9/h9QktCbvIEsM6yM8KDkewqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B8K
FACP DELL B8K
HPET DELL B8K
BOOT DELL B8K
MCFG DELL B8K
SSDT DELL st_ex
DUMY DELL B8K
SLIC DELL B8K
- Edited by GarrettW87 Thursday, September 13, 2012 10:01 PM corrected error code in thread title
Thursday, September 13, 2012 9:53 PM
Answers
-
There's no sign of any such SFC problems in the log?
However there are indications that the Catroot2 folder is corrupt - not surprising if the content was locked by permissions problems elsewhere.
http://support.microsoft.com/kb/822798 probably applies.
I have to admit to considering a repair install myself - there do seem to be a large number of permissions problems, and I doubt that we've found all of them.
Do you have an SP1 disk? - iif not, Download the SP1
Refresh for your language and edition from the links on these pages...Heidoc - Microsoft DR Download links
The links are for downloads from the Digital River servers run for MS, so are about as safe as
you can get :)Once you have it downloaded, you then need to burn the DVD from it - use either the Windows Disk
Image Burner, or (better still) your favourite burning application at the slowest speed possible.Note that you do NOT 'drag and drop' the file to the disk, you must use the 'burn an image' option
from your app - or you'll end up with a useless coaster :)Once you have the disk burnt, check that it boots the (or any other) system OK - but do NOT start
the repair from there - you must start the repair from within a normal Windows boot.Follow the instructions in this tutorial - http://www.sevenforums.com/tutorials/3413-repair-install.html?ltr=R
- and they should help you get through it (it's not as difficult as it looks!)
Always ask questions first if you're unsure - either here, or in sevenforums.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Marked as answer by GarrettW87 Tuesday, September 18, 2012 2:59 PM
Monday, September 17, 2012 9:19 PMModerator
All replies
-
Please run the
following commands in an Elevated Command Prompt
NET STOP CRYPTSVC
REN C:\WINDOWS\SYSTEM32\CATROOT2 CATROOT2OLD
NET START CRYPTSVC
once complete, reboot, and run another MGADiag report.
Note that this will delete your Update History - but all updates will remain
installed, and can be viewed in the Installed Updates listing.Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Friday, September 14, 2012 8:25 AMModerator -
Hey, thanks for helping out.
The new MGADiag report is exactly the same as the one I posted above. :/
Friday, September 14, 2012 6:12 PM -
The error is complaining about duplicate filenames - but doesn't explain which ones it's talking about.
A number are created when MGDiag is run - please run the following commands in an Elevated Command Prompt
DIR %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform /S ATTRIB C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\*.* /S ATTRIB C:\Windows\7b*.* /S ICACLS C:\Windows\ServiceProfiles\NetworkService\AppData ICACLS C:\Windows\ServiceProfiles\Networkservice ICACLS C:\Windows\ServiceProfiles ICACLS C:\Windows ICACLS C:\Windows\System32
Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Friday, September 14, 2012 6:27 PM add instructions
Friday, September 14, 2012 6:26 PMModerator -
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>DIR %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform /S
Volume in drive C is OS
Volume Serial Number is 266C-E9DC
Directory of C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
09/12/2012 11:05 PM <DIR> .
09/12/2012 11:05 PM <DIR> ..
07/13/2009 11:34 PM <DIR> Cache
09/05/2012 05:27 PM 7,178,489 tokens.bar
1 File(s) 7,178,489 bytes
Directory of C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache
07/13/2009 11:34 PM <DIR> .
07/13/2009 11:34 PM <DIR> ..
09/05/2012 06:26 PM 92,072 cache.dat
1 File(s) 92,072 bytes
Total Files Listed:
2 File(s) 7,270,561 bytes
5 Dir(s) 255,677,657,088 bytes free
C:\Windows\system32>ATTRIB C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\*.* /S
A I C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
A I C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.bar
C:\Windows\system32>ATTRIB C:\Windows\7b*.* /S
A R C:\Windows\Installer\7b0b8.msp
A S I C:\Windows\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
A S I C:\Windows\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
A S I C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
A S I C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_4E8F6C8278BCBC42EAD05
60F6112023C
A S I C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
A S I C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_4E8F6C8278BCBC42EAD0
560F6112023C
A H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
A H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
A H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
A H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
A C:\Windows\winsxs\Catalogs\7babd2d1fb37e8c2ace373b22dac383b0469fe8fe9b7ec6659da1a0b2409e477.cat
A C:\Windows\winsxs\Catalogs\7bbd5694f52a6da7f347a0775dea29798731ffa15462194a615442c370e2dfd8.cat
A C:\Windows\winsxs\Temp\PendingRenames\7b3384da6891cd017e150000d0063416.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
A C:\Windows\winsxs\Temp\PendingRenames\7b44e7f86891cd01d3170000d0063416.program_files_microsoft_games_purble_place_44b505b0372ceb5f.cdf-ms
A C:\Windows\winsxs\Temp\PendingRenames\7bae78946891cd01b20f0000d0063416.$$_inf_w3svc_0ef6c7aee1e4154f.cdf-ms
A C:\Windows\winsxs\Temp\PendingRenames\7bb62c9d6891cd01f8100000d0063416.$$_system32_migwiz_dlmanifests_microsoft-windows-textservicesframework-migration-dl_549205906affe6bf.cdf-ms
C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\NetworkService\AppData
C:\Windows\ServiceProfiles\NetworkService\AppData NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\Networkservice
C:\Windows\ServiceProfiles\Networkservice NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles
C:\Windows\ServiceProfiles NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows
C:\Windows NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32
C:\Windows\System32 NT SERVICE\TrustedInstaller:(F)NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 filesFriday, September 14, 2012 9:21 PM -
C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\NetworkService\AppData
C:\Windows\ServiceProfiles\NetworkService\AppData NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\Networkservice
C:\Windows\ServiceProfiles\Networkservice NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)Seem to be the cause of the problem - the services don't have any permissions, and the existing permissions are wrong.
Please run the following commands in an Elevated Command Prompt
ICACLS C:\Windows\ServiceProfiles\Networkservice /grant:r Administrators:(OI)(CI)(F)
ICACLS C:\Windows\ServiceProfiles\Networkservice /grant:r "NETWORK SERVICE":(OI)(CI)(F)
ICACLS C:\Windows\ServiceProfiles\Networkservice /grant:r SYSTEM:(OI)(CI)(F)
ICACLS C:\Windows\ServiceProfiles\Networkservice\AppData /grant:r Administrators:(OI)(CI)(F)
ICACLS C:\Windows\ServiceProfiles\Networkservice\AppData /grant:r "NETWORK SERVICE":(OI)(CI)(F)
ICACLS C:\Windows\ServiceProfiles\Networkservice\AppData /grant:r SYSTEM:(OI)(CI)(F)
Once complete, reboot and run another MGADiag report - post the results.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Friday, September 14, 2012 10:02 PMModerator -
I think that did it!
MGADiag still throws up an error when I hit Copy -- as of now, it's 0x800706b5 -- but of course it copies ok, so here it is.[EDIT] Not so fast... I just now got a popup with the window title "Windows Activation Technologies" saying it's still not genuine, with the error code 0x8004FE21.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-BFK42-C2FFR-MQVK8
Windows Product Key Hash: FFmViCyrREe9oJqY5bDq91/FCoc=
Windows Product ID: 00359-030-1202835-85167
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {6782A0EB-3A1F-400E-8E7F-A4F4449CE101}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6782A0EB-3A1F-400E-8E7F-A4F4449CE101}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MQVK8</PKey><PID>00359-030-1202835-85167</PID><PIDType>5</PIDType><SID>S-1-5-21-1968992023-205071136-760349905</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DXC061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>2.4.0 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070524000000.000000+000</Date></BIOS><HWID>69253C07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B8K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-030-120283-01-1033-7601.0000-2582012
Installation ID: 020555999504445036330772525183246516309593344574792801
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: MQVK8
License Status: Initial grace period
Time remaining: 43200 minute(s) (30 day(s))
Remaining Windows rearm count: 5
Trusted time: 9/14/2012 5:12:22 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEAJJQS9/h9QktCbrDO8gSyM8KDkewqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B8K
FACP DELL B8K
HPET DELL B8K
BOOT DELL B8K
MCFG DELL B8K
SSDT DELL st_ex
DUMY DELL B8K
SLIC DELL B8K
- Edited by GarrettW87 Saturday, September 15, 2012 4:44 AM still not fixed :(
Friday, September 14, 2012 11:44 PM -
That one relatively common - I hope......
This may simply be caused by a bad set of Intel Rapid Storage Technology drivers -
Installing the Intel Rapid Storage Drivers
try downloading and installing them from here - http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=2101&DwnldID=21730
Once complete, please reboot twice, then post another MGADiag report.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Saturday, September 15, 2012 8:19 AMModerator -
That one won't install on my system (it says my computer "doesn't meet the minimum requirements for installation") and I believe that's not the exact one I need.
I've already looked into this fix and determined that what mine needs is the Matrix Storage Manager, but there's one problem: when I try to install that, the installer crashes about halfway through, so not all of the files get installed.Saturday, September 15, 2012 12:39 PM -
Have you checked to see if a version of it is already installed? (It may appear in the Programs & Features list) - I assume that it was the IATA89ENU.exe file that you downloaded?
What response did you get from the NET STOP CRYPTSVC command above? - if it said 'not running' then that may be the problem.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Saturday, September 15, 2012 12:46 PMModerator -
Yes there was an older version installed -- yes that's the file I downloaded -- and I believe "net stop cryptsvc" did stop the service successfully.Saturday, September 15, 2012 3:54 PM
-
What is the EXACT error message you get when you try to install the Matrix driver?
I have a link for a slightly older version, which has worked for some...
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Saturday, September 15, 2012 4:06 PMModerator -
I just tried uninstalling the old one and then installing the new one again, and it gave me the same problem.
I'll try the older version now.
[EDIT] Aaaand it has the same issue.
- Edited by GarrettW87 Saturday, September 15, 2012 4:35 PM
Saturday, September 15, 2012 4:28 PM -
Interesting - there are reports that this error/crash can be caused by Comodo firewall.
http://www.overclock.net/t/942913/solved-intel-r-install-frame-has-stopped-working
Please check in your Event Viewer, and see if you can find what's crashing here.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Saturday, September 15, 2012 4:35 PMModerator -
Interesting. I think that was installed on this computer at one time but it hasn't been for a while.
Anyway, when I tried to open up Event Viewer I discovered that the Event Log service was not started -- and when I tried to start it, it said "Error 5: Access is denied." So I googled that and was able to solve it fairly easily.Fixing the Event Log service allowed the Intel installer (8.9.x version) to complete successfully.
Diagnostic Report (1.9.0027.0):
So here's the latest MGADiag.
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-BFK42-C2FFR-MQVK8
Windows Product Key Hash: FFmViCyrREe9oJqY5bDq91/FCoc=
Windows Product ID: 00359-030-1202835-85167
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {6782A0EB-3A1F-400E-8E7F-A4F4449CE101}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6782A0EB-3A1F-400E-8E7F-A4F4449CE101}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MQVK8</PKey><PID>00359-030-1202835-85167</PID><PIDType>5</PIDType><SID>S-1-5-21-1968992023-205071136-760349905</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DXC061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>2.4.0 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070524000000.000000+000</Date></BIOS><HWID>69253C07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B8K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-030-120283-01-1033-7601.0000-2582012
Installation ID: 020555999504445036330772525183246516309593344574792801
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: MQVK8
License Status: Initial grace period
Time remaining: 42120 minute(s) (29 day(s))
Remaining Windows rearm count: 5
Trusted time: 9/15/2012 12:07:37 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 7:19:2012 18:34
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEAJJQS9/h9QktCbrDO8gSyM8KDkewqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B8K
FACP DELL B8K
HPET DELL B8K
BOOT DELL B8K
MCFG DELL B8K
SSDT DELL st_ex
DUMY DELL B8K
SLIC DELL B8K
- Edited by GarrettW87 Saturday, September 15, 2012 5:09 PM added version installed
Saturday, September 15, 2012 5:08 PM -
Interesting - please reboot, then run the following commands and post the results
NET START EVENTLOG
SC QC EVENTLOG
SC QUERYEX EVENTLOG
SC SDSHOW EVENTLOG
SC QSIDTYPE EVENTLOG
SC QPRIVS EVENTLOG
also export and upload the System and Application Event logs.
Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Saturday, September 15, 2012 5:51 PM
Saturday, September 15, 2012 5:46 PMModerator -
Download:
Application Event Log
System Event Log-----
Command output:
C:\Windows\system32>net start eventlog
The requested service has already been started.
More help is available by typing NET HELPMSG 2182.
C:\Windows\system32>sc qc eventlog
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: eventlog
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalServiceNetw
orkRestricted
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : Windows Event Log
DEPENDENCIES :
SERVICE_START_NAME : NT AUTHORITY\LocalService
C:\Windows\system32>sc queryex eventlog
SERVICE_NAME: eventlog
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1012
FLAGS :
C:\Windows\system32>sc sdshow eventlog
D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCR
RC;;;SY)S:(AU;SA;DCRPWPDTCRSDWDWO;;;WD)(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\system32>sc qsidtype eventlog
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: eventlog
SERVICE_SID_TYPE: UNRESTRICTED
C:\Windows\system32>sc qprivs eventlog
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: eventlog
PRIVILEGES : SeChangeNotifyPrivilege
: SeImpersonatePrivilege
Sunday, September 16, 2012 3:07 AM -
The SC output looks normal
Please run the following commands in an Elevated Command Prompt
net stop cryptsvc
esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
post the results.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, September 16, 2012 9:14 AMModerator -
SOme of the errors in the event logs appear to be associated with malware -
Please download and install Malwarebytes Anti-malware (free version) from www.malwarebytes.org - UNtick 'Enable free trial of MBAM PRO' at the end of the installation - and update it, then run a full scan in your main account, and Quick scans in any other user accounts.
Delete everything it finds
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, September 16, 2012 9:29 AMModerator -
C:\Windows\system32>net stop cryptsvc
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
C:\Windows\system32>esentutl /p %systemroot%\System32\catroot2\{F750E6C3-38EE-11
D1-85E5-00C04FC295EE}\catdb
Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.1
Copyright (C) Microsoft Corporation. All Rights Reserved.
Error: Access to source database 'C:\Windows\System32\catroot2\{F750E6C3-38EE-11
D1-85E5-00C04FC295EE}\catdb' failed with Jet error -1811.
Operation terminated with error -1811 (JET_errFileNotFound, File not found) afte
r 0.15 seconds.Sunday, September 16, 2012 4:33 PM -
Very Interesting!
- but not terribly informative, since all it means as far as I can tell is that the database wasn't rebuilt properly when we renamed it earlier. This implies that there is a problem in that area
let's just check that the folder isn't tagged as read-only, amongst other things....
Please run the following in an Elevated Command Prompt, and post the results.
DIR C:\Windows\System32 /AR /S
ICACLS C:\Windows\System32\Catroot2
REG QUERY HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck
REG QUERY HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\
DIR C:\Windows\wintrust.dll.* /s
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, September 16, 2012 5:05 PMModerator -
C:\Windows\system32>DIR C:\Windows\System32 /AR /S
Volume in drive C is OS
Volume Serial Number is 266C-E9DC
Directory of C:\Windows\System32
06/23/2006 09:09 AM 19,968 cpuinf32.dll
11/28/2007 05:34 AM 41,296 hlp95en.dll
07/05/2006 02:42 PM 81,920 mplaa6.dll
07/05/2006 02:42 PM 69,632 mplam6.dll
07/05/2006 02:42 PM 69,632 mplapx.dll
07/05/2006 02:42 PM 81,920 mplaw7.dll
07/05/2006 02:42 PM 1,679,360 mplva6.dll
07/05/2006 02:42 PM 1,585,152 mplvm6.dll
07/05/2006 02:42 PM 1,159,168 mplvpx.dll
07/05/2006 02:42 PM 1,654,784 mplvw7.dll
08/17/2004 09:14 PM 442,368 vp6vfw.dll
11 File(s) 6,885,200 bytes
Directory of C:\Windows\System32\config\systemprofile
06/14/2012 07:58 PM <DIR> Desktop
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Desktop
06/14/2012 07:58 PM <DIR> .
06/14/2012 07:58 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Windows\System32\inetsrv\config\schema
11/04/2010 08:52 PM 38,809 ASPNET_schema.xml
06/10/2009 04:18 PM 31,863 Ftp_schema.xml
11/04/2010 08:53 PM 27,105 FX_schema.xml
11/04/2010 08:53 PM 82,037 IIS_schema.xml
06/10/2009 04:20 PM 4,757 WebDAV_schema.xml
5 File(s) 184,571 bytes
Directory of C:\Windows\System32\Macromed\Flash
09/05/2012 03:35 PM 9,639,624 Flash32_11_4_402_265.ocx
1 File(s) 9,639,624 bytes
Directory of C:\Windows\System32\oobe
07/14/2009 04:26 AM 84,480 drvmgrtn.dll
07/14/2009 04:26 AM 10,883 envmig.xml
07/14/2009 04:26 AM 146,432 hwcompat.dll
07/14/2009 04:26 AM 101,888 migisol.dll
07/14/2009 04:26 AM 36,864 migtestplugin.dll
07/14/2009 04:26 AM 587,704 oscomps.xml
07/14/2009 04:26 AM 21,026 osfilter.inf
07/14/2009 04:26 AM 1,824 sfcn.dat
07/14/2009 04:26 AM 1,644 sflcid.dat
07/14/2009 04:26 AM 3,225,610 sflistlh.dat
07/14/2009 04:26 AM 2,119,152 sflistw7.dat
07/14/2009 04:26 AM 1,445,052 sflistxp.dat
07/14/2009 04:26 AM 10,457 sfpat.inf
07/14/2009 04:26 AM 9,665 sfpatlh.inf
07/14/2009 04:26 AM 462 sfpatpg.inf
07/14/2009 04:26 AM 3,371 sfpatw7.inf
07/14/2009 04:26 AM 4,386 sfpatxp.inf
07/14/2009 04:26 AM 164,352 upgcmi2migxml.dll
07/14/2009 04:26 AM 5,815,808 upgcore.dll
07/14/2009 04:26 AM 329,216 upgcsiagent.dll
07/14/2009 04:26 AM 689,664 upgdriver.dll
07/14/2009 04:26 AM 258,560 upghost.exe
07/14/2009 04:26 AM 111,616 upgmxeagent.dll
07/14/2009 04:26 AM 2,820,096 upgradeagent.dll
07/14/2009 04:26 AM 59,673 upgradeagent.xml
07/14/2009 04:26 AM 167,756 upgrade_bulk.xml
07/14/2009 04:26 AM 36,864 upgres.dll
07/14/2009 04:26 AM 189,952 wdscore.dll
28 File(s) 18,454,457 bytes
Directory of C:\Windows\System32\oobe\en-US
07/14/2009 04:26 AM 6,656 upgdriver.dll.mui
07/14/2009 04:26 AM 9,216 upgres.dll.mui
2 File(s) 15,872 bytes
Directory of C:\Windows\System32\restore
10/24/2009 12:08 AM 76 MachineGuid.txt
1 File(s) 76 bytes
Total Files Listed:
48 File(s) 35,179,800 bytes
3 Dir(s) 254,171,545,600 bytes free
C:\Windows\system32>ICACLS C:\Windows\System32\Catroot2
C:\Windows\System32\Catroot2 NT SERVICE\CryptSvc:(OI)(CI)(F)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trus
t\CertCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{00
AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{09
6CE0A5-8160-4557-866E-3A80540F34A1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{18
9A3842-3041-11D1-85E1-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{31
D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{57
3E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{57
3E31F8-DDBA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{64
B9D180-8DA2-11CF-8736-00AA00A485EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{78
01EBD0-CF4B-11D0-851F-0060979387EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{A7
F4C378-21BE-494e-BA0F-BB12C5D208C5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6
B2E8D0-E005-11CF-A134-00C04FD7BF43}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{D4
1E4F1D-A407-11D1-8BC9-00C04FA30A41}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{D4
1E4F1F-A407-11D1-8BC9-00C04FA30A41}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{F7
50E6C3-38EE-11D1-85E5-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC
451C16-AC75-11D1-B4B8-00C04FB66EA0}
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Pr
oviders\Trust\CertCheck\
ERROR: The system was unable to find the specified registry key or value.
C:\Windows\system32>DIR C:\Windows\wintrust.dll.* /s
Volume in drive C is OS
Volume Serial Number is 266C-E9DC
Directory of C:\Windows\System32
03/01/2012 12:37 AM 172,544 wintrust.dll
1 File(s) 172,544 bytes
Directory of C:\Windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364
e35_6.1.7600.16385_none_ef848fe8fb647a74
07/13/2009 08:16 PM 172,544 wintrust.dll
1 File(s) 172,544 bytes
Directory of C:\Windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364
e35_6.1.7600.16493_none_ef77c14efb6e60de
12/29/2009 01:55 AM 172,032 wintrust.dll
1 File(s) 172,032 bytes
Directory of C:\Windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364
e35_6.1.7600.16970_none_ef8a69c6fb60ceba
03/01/2012 12:49 AM 172,544 wintrust.dll
1 File(s) 172,544 bytes
Directory of C:\Windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364
e35_6.1.7600.20605_none_f064afe014413504
12/29/2009 02:11 AM 172,032 wintrust.dll
1 File(s) 172,032 bytes
Directory of C:\Windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364
e35_6.1.7600.21160_none_f01eaea0147685d5
03/01/2012 12:29 AM 172,544 wintrust.dll
1 File(s) 172,544 bytes
Directory of C:\Windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364
e35_6.1.7601.17514_none_f1b5a3b0f852fe0e
11/20/2010 07:21 AM 172,032 wintrust.dll
1 File(s) 172,032 bytes
Directory of C:\Windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364
e35_6.1.7601.17787_none_f16cf8e6f88907f8
03/01/2012 12:37 AM 172,544 wintrust.dll
1 File(s) 172,544 bytes
Directory of C:\Windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364
e35_6.1.7601.21933_none_f228a60c1181b3d8
03/01/2012 12:23 AM 172,544 wintrust.dll
1 File(s) 172,544 bytes
Total Files Listed:
9 File(s) 1,551,360 bytes
0 Dir(s) 254,170,984,448 bytes free
- Edited by GarrettW87 Sunday, September 16, 2012 7:48 PM removed a duplicate command
Sunday, September 16, 2012 6:25 PM -
You have some very odd folders tagged as read-only! - namely :-
C:\ Windows\System32\oobe
C:\Windows\System32\oobe\en-US
C:\Windows\Config\Systemprofile
We need to correct those before we can see the wood for the trees!
Open Windows
Explorer (Computer)Navigate to the C:\Windows folder
Find the System32 sub-folder and right-click on it
select Properties
Clear the 'blob'
from the 'Read-only (Only applies to files in folder)' box by clicking on it
until it's plain white.Click on Apply.
Make sure that the
radio button for 'Apply changes to this folder, subfolders and files' is set,
and click OK.Accept the
Administrator prompt. After a couple of seconds, you'll be told there is an
error - click on the 'Ignore all' button.Wait for it to finish - it could take a couple
of minutes.OK out, and exit
Windows Explorer.Reboot twice
Then run the following command again
DIR C:\Windows\System32\*.* /AR /S
and post the results.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, September 16, 2012 8:15 PMModerator -
C:\Windows\system32>DIR C:\Windows\System32\*.* /AR /S
Volume in drive C is OS
Volume Serial Number is 266C-E9DC
Directory of C:\Windows\System32\config\systemprofile
06/14/2012 07:58 PM <DIR> Desktop
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Desktop
06/14/2012 07:58 PM <DIR> .
06/14/2012 07:58 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Windows\System32\inetsrv\config\schema
11/04/2010 08:52 PM 38,809 ASPNET_schema.xml
06/10/2009 04:18 PM 31,863 Ftp_schema.xml
11/04/2010 08:53 PM 27,105 FX_schema.xml
11/04/2010 08:53 PM 82,037 IIS_schema.xml
06/10/2009 04:20 PM 4,757 WebDAV_schema.xml
5 File(s) 184,571 bytes
Directory of C:\Windows\System32\Macromed\Flash
09/05/2012 03:35 PM 9,639,624 Flash32_11_4_402_265.ocx
1 File(s) 9,639,624 bytes
Directory of C:\Windows\System32\restore
10/24/2009 12:08 AM 76 MachineGuid.txt
1 File(s) 76 bytes
Total Files Listed:
7 File(s) 9,824,271 bytes
3 Dir(s) 256,281,489,408 bytes free
Sunday, September 16, 2012 9:18 PM -
That's a little better :)
Please run the following commands in an Elevated Command prompt, and post the results.
ICACLS C:\Windows\System32\config\Systemprofile
ICACLS C:\Windows\System32\config\Systemprofile\Desktop
DIR C:\Windows\System32 /AL /S
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, September 16, 2012 9:58 PMModerator -
C:\Windows\system32>ICACLS C:\Windows\System32\config\Systemprofile
C:\Windows\System32\config\Systemprofile NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32\config\Systemprofile\Desktop
C:\Windows\System32\config\Systemprofile\Desktop NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>DIR C:\Windows\System32 /AL /S
Volume in drive C is OS
Volume Serial Number is 266C-E9DC
File Not FoundSunday, September 16, 2012 10:06 PM -
VERY strange!
I was expecting a Junction for the desktop item there. please run the following n=in an elevated Command prompt, and post the results.
ICACLS C:\Windows\System32\config\Systemprofile /grant SYSTEM:(OI)(CI)(F)
ICACLS C:\Windows\System32\config\Systemprofile /grant Administrators:(OI)(CI)(F)
DIR C:\Windows\System32\config\Systemprofile\Desktop
Run another MGADiag report and post that as well
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, September 16, 2012 10:17 PMModerator -
C:\Windows\system32>ICACLS C:\Windows\System32\config\Systemprofile /grant SYSTEM:(OI)(CI)(F)
processed file: C:\Windows\System32\config\Systemprofile
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32\config\Systemprofile /grant Administrators:(OI)(CI)(F)
processed file: C:\Windows\System32\config\Systemprofile
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>DIR C:\Windows\System32\config\Systemprofile\Desktop
Volume in drive C is OS
Volume Serial Number is 266C-E9DC
Directory of C:\Windows\System32\config\Systemprofile\Desktop
06/14/2012 07:58 PM <DIR> .
06/14/2012 07:58 PM <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 256,276,484,096 bytes free
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-BFK42-C2FFR-MQVK8
Windows Product Key Hash: FFmViCyrREe9oJqY5bDq91/FCoc=
Windows Product ID: 00359-030-1202835-85167
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {6782A0EB-3A1F-400E-8E7F-A4F4449CE101}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6782A0EB-3A1F-400E-8E7F-A4F4449CE101}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MQVK8</PKey><PID>00359-030-1202835-85167</PID><PIDType>5</PIDType><SID>S-1-5-21-1968992023-205071136-760349905</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DXC061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>2.4.0 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070524000000.000000+000</Date></BIOS><HWID>69253C07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B8K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-030-120283-01-1033-7601.0000-2582012
Installation ID: 020555999504445036330772525183246516309593344574792801
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: MQVK8
License Status: Initial grace period
Time remaining: 40320 minute(s) (28 day(s))
Remaining Windows rearm count: 5
Trusted time: 9/16/2012 5:39:32 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 7:19:2012 18:34
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEAJJQS9/h9QktCbrDO8gSyM8KDkewqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B8K
FACP DELL B8K
HPET DELL B8K
BOOT DELL B8K
MCFG DELL B8K
SSDT DELL st_ex
DUMY DELL B8K
SLIC DELL B8K
Sunday, September 16, 2012 10:39 PM -
I'm pretty sure that we're getting close to the solution :)
please run the following and post the result
DIR C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft /s
ICACLS C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, September 16, 2012 11:01 PMModerator -
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>DIR C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft /s
Volume in drive C is OS
Volume Serial Number is 266C-E9DC
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft
11/15/2010 06:48 PM <DIR> .
11/15/2010 06:48 PM <DIR> ..
11/15/2010 06:48 PM <DIR> IdentityCRL
10/23/2009 11:16 PM <DIR> Media Player
05/02/2010 01:24 PM <DIR> Portable Devices
03/07/2010 05:28 PM <DIR> Vault
10/23/2009 11:28 PM <DIR> Windows
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\IdentityCRL
11/15/2010 06:48 PM <DIR> .
11/15/2010 06:48 PM <DIR> ..
11/15/2010 06:48 PM <DIR> production
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\IdentityCRL\production
11/15/2010 06:48 PM <DIR> .
11/15/2010 06:48 PM <DIR> ..
11/15/2010 06:48 PM <DIR> temp
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\IdentityCRL\production\temp
11/15/2010 06:48 PM <DIR> .
11/15/2010 06:48 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Media Player
10/23/2009 11:16 PM <DIR> .
10/23/2009 11:16 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Portable Devices
05/02/2010 01:24 PM <DIR> .
05/02/2010 01:24 PM <DIR> ..
05/24/2010 05:35 AM 284 wpdlog00.sqm
09/05/2012 01:45 PM 284 wpdlog01.sqm
05/02/2010 01:24 PM 284 wpdlog02.sqm
3 File(s) 852 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Vault
03/07/2010 05:28 PM <DIR> .
03/07/2010 05:28 PM <DIR> ..
03/07/2010 05:28 PM <DIR> 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28
03/07/2010 05:28 PM <DIR> .
03/07/2010 05:28 PM <DIR> ..
03/07/2010 05:28 PM 186 FEC87291-14F6-40B6-BD98-7FF245986B26.vsch
03/07/2010 05:28 PM 1,478 Policy.vpol
2 File(s) 1,664 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Windows
10/23/2009 11:28 PM <DIR> .
10/23/2009 11:28 PM <DIR> ..
07/13/2009 11:37 PM <DIR> Caches
10/23/2009 11:28 PM <DIR> WER
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Windows\Caches
07/13/2009 11:37 PM <DIR> .
07/13/2009 11:37 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MK0O5ILC
11/06/2010 10:17 PM 17,163 IDR_XML_DEFAULT_TRANSFORM[1]
1 File(s) 17,163 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7YCJ1JB
03/01/2010 09:46 PM 2,648 wpad[1].dat
1 File(s) 2,648 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLH1CA1W
09/04/2012 11:38 AM 17,163 IDR_XML_DEFAULT_TRANSFORM[1]
1 File(s) 17,163 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Windows\WER
10/23/2009 11:28 PM <DIR> .
10/23/2009 11:28 PM <DIR> ..
10/23/2009 11:28 PM <DIR> ReportQueue
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Windows\WER\ReportQueue
10/23/2009 11:28 PM <DIR> .
10/23/2009 11:28 PM <DIR> ..
10/23/2009 11:28 PM <DIR> NonCritical_win7_rtm_ed4518af73fd7bd39feb5e4284f015249b50f3_cab_033dd789
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_win7_rtm_ed4518af73fd7bd39feb5e4284f015249b50f3_cab_033dd789
10/23/2009 11:28 PM <DIR> .
10/23/2009 11:28 PM <DIR> ..
10/24/2009 01:49 AM 38,162 cbs.log
10/23/2009 11:16 PM 32,483 diagerr.xml
10/23/2009 11:28 PM 4,092 Report.wer
10/23/2009 11:28 PM 29,002,150 setupact.log
10/23/2009 11:27 PM 213,735 setupapi.app.log
10/23/2009 10:59 PM 2,291,025 setupapi.dev.log
10/24/2009 01:49 AM 806,804 setupapi.offline.log
7 File(s) 32,388,451 bytes
Total Files Listed:
15 File(s) 32,427,941 bytes
38 Dir(s) 256,274,628,608 bytes free
C:\Windows\system32>ICACLS C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft
C:\Windows\System32\config\Systemprofile\AppData\Local\Microsoft NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
Successfully processed 1 files; Failed processing 0 files
Sunday, September 16, 2012 11:08 PM -
that looks normal enough
Please run the following commands and post the results
ICACLS C:\Windows\System32\config\*.
ICACLS C:\Windows\System32
ICACLS C:\Windows
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, September 16, 2012 11:31 PMModerator -
C:\Windows\system32>ICACLS C:\Windows\System32\config\*.
C:\Windows\System32\config\BCD-Template NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
C:\Windows\System32\config\components NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
C:\Windows\System32\config\default NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
C:\Windows\System32\config\Journal NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
C:\Windows\System32\config\RegBack NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
C:\Windows\System32\config\sam NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
C:\Windows\System32\config\security NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
C:\Windows\System32\config\software NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
C:\Windows\System32\config\system NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
C:\Windows\System32\config\systemprofile NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
C:\Windows\System32\config\TxR NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
C:\Windows\System32\config\userdiff NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
Successfully processed 12 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32
C:\Windows\System32 NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows
C:\Windows NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
Sunday, September 16, 2012 11:35 PM -
Interesting - but it needs me to be fresh to work out the implications.
It's 00:45 here now - so I'll get to bad. Back tomorrow.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Sunday, September 16, 2012 11:41 PMModerator -
The permissions are somewhat screwed, to say the least!
let's see what we can do about it....
Please run the following in an Elevated Command Prompt
ICACLS C:\Windows\System32\config /grant TrustedInstaller:(CI)(F)
ICACLS C:\Windows\System32\config /grant SYSTEM:(OI)(CI)(F)
ICACLS C:\Windows\System32\config /grant Administrators:(OI)(CI)(F)
ICACLS C:\Windows\System32\config /grant "CREATOR OWNER":(OI)(CI)(F)
ICACLS C:\Windows\System32\config\*.
post the results.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, September 17, 2012 8:20 AMModerator -
C:\Windows\system32>ICACLS C:\Windows\System32\config /grant TrustedInstaller:(CI)(F)
TrustedInstaller: No mapping between account names and security IDs was done.
Successfully processed 0 files; Failed processing 1 files
C:\Windows\system32>ICACLS C:\Windows\System32\config /grant SYSTEM:(OI)(CI)(F)
processed file: C:\Windows\System32\config
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32\config /grant Administrators:(OI)(CI)(F)
processed file: C:\Windows\System32\config
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32\config /grant "CREATOR OWNER":(OI)(CI)(F)
processed file: C:\Windows\System32\config
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\System32\config\*.
C:\Windows\System32\config\BCD-Template NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
C:\Windows\System32\config\components BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
C:\Windows\System32\config\default NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
C:\Windows\System32\config\Journal NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
C:\Windows\System32\config\RegBack NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
C:\Windows\System32\config\sam NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
C:\Windows\System32\config\security NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
C:\Windows\System32\config\software NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
C:\Windows\System32\config\system NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
C:\Windows\System32\config\systemprofile NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
C:\Windows\System32\config\TxR NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
C:\Windows\System32\config\userdiff NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
Successfully processed 12 files; Failed processing 0 filesMonday, September 17, 2012 1:39 PM -
Looks like I may have goofed on the first command...
please run this one
ICACLS C:\Windows\System32\config /grant "NT SERVICE\TrustedInstaller":(CI)(F)
then reboot and run an MGADiag report and post that
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, September 17, 2012 1:49 PMModerator -
That one worked.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-BFK42-C2FFR-MQVK8
Windows Product Key Hash: FFmViCyrREe9oJqY5bDq91/FCoc=
Windows Product ID: 00359-030-1202835-85167
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {6782A0EB-3A1F-400E-8E7F-A4F4449CE101}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6782A0EB-3A1F-400E-8E7F-A4F4449CE101}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MQVK8</PKey><PID>00359-030-1202835-85167</PID><PIDType>5</PIDType><SID>S-1-5-21-1968992023-205071136-760349905</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DXC061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>2.4.0 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070524000000.000000+000</Date></BIOS><HWID>69253C07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B8K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-030-120283-01-1033-7601.0000-2582012
Installation ID: 020555999504445036330772525183246516309593344574792801
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: MQVK8
License Status: Initial grace period
Time remaining: 39360 minute(s) (27 day(s))
Remaining Windows rearm count: 5
Trusted time: 9/17/2012 9:33:38 AM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 7:19:2012 18:34
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEAJJQS9/h9QktCbrDO8gSyM8KDkewqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B8K
FACP DELL B8K
HPET DELL B8K
BOOT DELL B8K
MCFG DELL B8K
SSDT DELL st_ex
DUMY DELL B8K
SLIC DELL B8K
Monday, September 17, 2012 2:35 PM -
OK -
run the following commands and post the results
Attrib C:\windows\system32\config\ntuser.* /s
dir C:\windows\system32\config\ntuser.* /s
dir C:\windows\system32\config\ntuser.* /ah /s
ICACLS C:\windows\system32\config\SystemProfile\ntuser.dat
REG QUERY HKU
REG QUERY HKU\S-1-5-18\Software
ICACLS C:\Windows\ServiceProfiles
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, September 17, 2012 3:05 PMModerator -
C:\Windows\system32>Attrib C:\windows\system32\config\ntuser.* /s
A C:\windows\system32\config\systemprofile\ntuser.dat
A H C:\windows\system32\config\systemprofile\ntuser.dat.LOG
A SH C:\windows\system32\config\systemprofile\ntuser.dat.LOG1
A SH C:\windows\system32\config\systemprofile\ntuser.dat.LOG2
A SH C:\windows\system32\config\systemprofile\ntuser.dat{5e4c29fa-c050-11de-8faf-806e6f6e6963}.TM.blf
A SH C:\windows\system32\config\systemprofile\ntuser.dat{5e4c29fa-c050-11de-8faf-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
A SH C:\windows\system32\config\systemprofile\ntuser.dat{5e4c29fa-c050-11de-8faf-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
C:\Windows\system32>dir C:\windows\system32\config\ntuser.* /s
Volume in drive C is OS
Volume Serial Number is 266C-E9DC
Directory of C:\windows\system32\config\systemprofile
09/11/2012 09:43 PM 262,144 ntuser.dat
1 File(s) 262,144 bytes
Total Files Listed:
1 File(s) 262,144 bytes
0 Dir(s) 255,166,869,504 bytes free
C:\Windows\system32>dir C:\windows\system32\config\ntuser.* /ah /s
Volume in drive C is OS
Volume Serial Number is 266C-E9DC
Directory of C:\windows\system32\config\systemprofile
07/14/2009 02:18 AM 1,024 ntuser.dat.LOG
06/14/2012 08:13 PM 9,216 ntuser.dat.LOG1
07/13/2009 11:57 PM 0 ntuser.dat.LOG2
10/23/2009 10:50 PM 65,536 ntuser.dat{5e4c29fa-c050-11de-8faf-806e6f6e6963}.TM.blf
10/23/2009 10:50 PM 524,288 ntuser.dat{5e4c29fa-c050-11de-8faf-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
10/23/2009 10:50 PM 524,288 ntuser.dat{5e4c29fa-c050-11de-8faf-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
6 File(s) 1,124,352 bytes
Total Files Listed:
6 File(s) 1,124,352 bytes
0 Dir(s) 255,166,345,216 bytes free
C:\Windows\system32>ICACLS C:\windows\system32\config\SystemProfile\ntuser.dat
C:\windows\system32\config\SystemProfile\ntuser.dat BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>REG QUERY HKU
HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-20
HKEY_USERS\S-1-5-21-1968992023-205071136-760349905-1005
HKEY_USERS\S-1-5-21-1968992023-205071136-760349905-1005_Classes
HKEY_USERS\S-1-5-18
C:\Windows\system32>REG QUERY HKU\S-1-5-18\Software
HKEY_USERS\S-1-5-18\Software\Apple Computer, Inc.
HKEY_USERS\S-1-5-18\Software\Apple Inc.
HKEY_USERS\S-1-5-18\Software\Auslogics
HKEY_USERS\S-1-5-18\Software\BAE
HKEY_USERS\S-1-5-18\Software\Classes
HKEY_USERS\S-1-5-18\Software\Google
HKEY_USERS\S-1-5-18\Software\JavaSoft
HKEY_USERS\S-1-5-18\Software\Microsoft
HKEY_USERS\S-1-5-18\Software\Policies
HKEY_USERS\S-1-5-18\Software\SupportSoft
HKEY_USERS\S-1-5-18\Software\TeamViewer
C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles
C:\Windows\ServiceProfiles NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 filesMonday, September 17, 2012 3:09 PM -
That all looks OK
Please run the following commands, then reboot and post a new MGADiag report
REGSVR32 WINTRUST.DLL
C:\Windows\SysWOW64\regsvr32 C:\Windows\SysWOW64\wintrust.dll
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, September 17, 2012 3:45 PMModerator -
It's only a 32-bit system, so the second command won't work.
I'm scanning with Microsoft Safety Scanner right now, and it's actually finding a few things (that neither MBAM or AVG caught), so as soon as that's complete I'll reboot and post a report.
Monday, September 17, 2012 3:58 PM -
Sorry about the extra line there! - I tend to go into autopilot typing that kind of instruction, and forgot that you're x86 rather than x64.
Safety Scanner is definitely a good idea - especially if you download it on another machine nown to be clean. running Offline scanners is almost always necessary if a rootkit is suspected, as they tend to be able to at least partially hide from installed scanners.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, September 17, 2012 4:30 PMModerator -
Found and removed 29 infected objects.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-BFK42-C2FFR-MQVK8
Windows Product Key Hash: FFmViCyrREe9oJqY5bDq91/FCoc=
Windows Product ID: 00359-030-1202835-85167
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {6782A0EB-3A1F-400E-8E7F-A4F4449CE101}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6782A0EB-3A1F-400E-8E7F-A4F4449CE101}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MQVK8</PKey><PID>00359-030-1202835-85167</PID><PIDType>5</PIDType><SID>S-1-5-21-1968992023-205071136-760349905</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DXC061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>2.4.0 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070524000000.000000+000</Date></BIOS><HWID>69253C07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B8K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-030-120283-01-1033-7601.0000-2582012
Installation ID: 020555999504445036330772525183246516309593344574792801
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: MQVK8
License Status: Initial grace period
Time remaining: 39240 minute(s) (27 day(s))
Remaining Windows rearm count: 5
Trusted time: 9/17/2012 11:55:06 AM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 7:19:2012 18:34
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEAJJQS9/h9QktCbrDO8gSyM8KDkewqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B8K
FACP DELL B8K
HPET DELL B8K
BOOT DELL B8K
MCFG DELL B8K
SSDT DELL st_ex
DUMY DELL B8K
SLIC DELL B8K
Monday, September 17, 2012 4:56 PM -
Incidentally, I'm getting error 80070005 from Windows Update, which seems to be all about bad permissions.Monday, September 17, 2012 5:04 PM
-
It's certainly related - the literal translation of the code is 'Access Denied'
Please run the following commands.
ICACLS C:\Windows\SoftwareDistribution
ICACLS C:\Windows\System32\Catroot2
ATTRIB C:\Windows\System32\Catroot2\*.*
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, September 17, 2012 5:20 PMModerator -
C:\Windows\system32>icacls ..\SoftwareDistribution
C:\Windows\SoftwareDistribution NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>icacls catroot2
catroot2 NT SERVICE\CryptSvc:(OI)(CI)(F)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>attrib catroot2\*.*
A I C:\Windows\system32\catroot2\dberr.txt
A I C:\Windows\system32\catroot2\edb.chk
A I C:\Windows\system32\catroot2\edb.log
A I C:\Windows\system32\catroot2\edb00023.log
A I C:\Windows\system32\catroot2\edbres00001.jrs
A I C:\Windows\system32\catroot2\edbres00002.jrsMonday, September 17, 2012 5:24 PM -
The permissions on the SoftwareDistribution folder are way off.
ICACLS C:\Windows\SoftwareDistribution /grant "NT SERVICE\TrustedInstaller":(I)(F) ICACLS C:\Windows\SoftwareDistribution /grant "NT SERVICE\TrustedInstaller":(CI)(IO)(F) ICACLS C:\Windows\SoftwareDistribution /grant SYSTEM:(I)(F) ICACLS C:\Windows\SoftwareDistribution /grant SYSTEM:(OI)(CI)(IO)(F) ICACLS C:\Windows\SoftwareDistribution /grant Administrators:(OI)(CI)(IO)(F) ICACLS C:\Windows\SoftwareDistribution /grant Users:(I)(RX) ICACLS C:\Windows\SoftwareDistribution /grant Users:(OI)(CI)(IO)(GR,GE) ICACLS C:\Windows\SoftwareDistribution /grant "CREATOR OWNER":(OI)(CI)(IO)(F)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Edited by Noel D PatonModerator Monday, September 17, 2012 5:44 PM
Monday, September 17, 2012 5:40 PMModerator -
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant "NT SERVICE\TrustedInstaller":(I)(F)
Invalid parameter "NT SERVICE\TrustedInstaller:(I)(F)"
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant "NT SERVICE\TrustedInstaller":(CI)(IO)(F)
processed file: C:\Windows\SoftwareDistribution
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant SYSTEM:(I)(F)
Invalid parameter "SYSTEM:(I)(F)"
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant SYSTEM:(OI)(CI)(IO)(F)
processed file: C:\Windows\SoftwareDistribution
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant Administrators:(OI)(CI)(IO)(F)
processed file: C:\Windows\SoftwareDistribution
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant Users:(I)(RX)
Invalid parameter "Users:(I)(RX)"
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant Users:(OI)(CI)(IO)(GR,GE)
processed file: C:\Windows\SoftwareDistribution
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant "CREATOR OWNER":(OI)(CI)(IO)(F)
processed file: C:\Windows\SoftwareDistribution
Successfully processed 1 files; Failed processing 0 filesMonday, September 17, 2012 5:49 PM -
I could sworn I'd changed the (I) parameters!
ICACLS C:\Windows\SoftwareDistribution /grant Users:(RX)
ICACLS C:\Windows\SoftwareDistribution /grant SYSTEM:(F)
ICACLS C:\Windows\SoftwareDistribution /grant "NT SERVICE\TrustedInstaller":(F)
ICACLS C:\Windows\SoftwareDistribution
(Please post the results - we need to see whether they are right, now)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, September 17, 2012 6:02 PMModerator -
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant Users:(RX)
processed file: C:\Windows\SoftwareDistribution
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant SYSTEM:(F)
processed file: C:\Windows\SoftwareDistribution
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution /grant "NT SERVICE\Tr
ustedInstaller":(F)
processed file: C:\Windows\SoftwareDistribution
Successfully processed 1 files; Failed processing 0 files
C:\Windows\system32>ICACLS C:\Windows\SoftwareDistribution
C:\Windows\SoftwareDistribution NT SERVICE\TrustedInstaller:(F)
BUILTIN\Users:(RX)
NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
CREATOR OWNER:(OI)(CI)(IO)(F)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 filesMonday, September 17, 2012 7:24 PM -
I think it's right now (somewhere in there - if you use Windows Explorer, you can tidy up the duplicates yourself whenever you feel like it)
Please attempt validation at www.microsoft.com/genuine/validate and see what happens, then run another MGADiag report
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, September 17, 2012 7:51 PMModerator -
The site still wants me to buy a new license, and Windows Update still has the same error. Should I just do a repair install of Windows?
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-BFK42-C2FFR-MQVK8
Windows Product Key Hash: FFmViCyrREe9oJqY5bDq91/FCoc=
Windows Product ID: 00359-030-1202835-85167
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {6782A0EB-3A1F-400E-8E7F-A4F4449CE101}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6782A0EB-3A1F-400E-8E7F-A4F4449CE101}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MQVK8</PKey><PID>00359-030-1202835-85167</PID><PIDType>5</PIDType><SID>S-1-5-21-1968992023-205071136-760349905</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DXC061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>2.4.0 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070524000000.000000+000</Date></BIOS><HWID>69253C07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B8K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-030-120283-01-1033-7601.0000-2582012
Installation ID: 020555999504445036330772525183246516309593344574792801
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: MQVK8
License Status: Initial grace period
Time remaining: 39000 minute(s) (27 day(s))
Remaining Windows rearm count: 5
Trusted time: 9/17/2012 3:18:18 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 9:17:2012 15:14
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEAJJQS9/h9QktCbrDO8gSyM8KDkewqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B8K
FACP DELL B8K
HPET DELL B8K
BOOT DELL B8K
MCFG DELL B8K
SSDT DELL st_ex
DUMY DELL B8K
SLIC DELL B8K
Monday, September 17, 2012 8:20 PM -
Just ran "sfc /scannow" and got the logs from it (10 MB), if that helps any. It did say it found "corrupted" files that it was unable to fix.Monday, September 17, 2012 8:48 PM
-
There's no sign of any such SFC problems in the log?
However there are indications that the Catroot2 folder is corrupt - not surprising if the content was locked by permissions problems elsewhere.
http://support.microsoft.com/kb/822798 probably applies.
I have to admit to considering a repair install myself - there do seem to be a large number of permissions problems, and I doubt that we've found all of them.
Do you have an SP1 disk? - iif not, Download the SP1
Refresh for your language and edition from the links on these pages...Heidoc - Microsoft DR Download links
The links are for downloads from the Digital River servers run for MS, so are about as safe as
you can get :)Once you have it downloaded, you then need to burn the DVD from it - use either the Windows Disk
Image Burner, or (better still) your favourite burning application at the slowest speed possible.Note that you do NOT 'drag and drop' the file to the disk, you must use the 'burn an image' option
from your app - or you'll end up with a useless coaster :)Once you have the disk burnt, check that it boots the (or any other) system OK - but do NOT start
the repair from there - you must start the repair from within a normal Windows boot.Follow the instructions in this tutorial - http://www.sevenforums.com/tutorials/3413-repair-install.html?ltr=R
- and they should help you get through it (it's not as difficult as it looks!)
Always ask questions first if you're unsure - either here, or in sevenforums.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Marked as answer by GarrettW87 Tuesday, September 18, 2012 2:59 PM
Monday, September 17, 2012 9:19 PMModerator -
Well again, thanks a ton for all the help. I've done the repair install and it's working on updates right now.Tuesday, September 18, 2012 2:59 PM
-
Just for completeness, please post an MGADiag report :)
Thanks for bearing with me as long as you did - it gave me a chance to refine some ideas, and learn a little myself.
Well done with the repair!
Good luck!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Tuesday, September 18, 2012 3:21 PMModerator