New
#31
ok trying this again. :)
ok trying this again. :)
did this one work?
That one worked :)
Unfortunately, it's been so long since the original SFC was run that the results have gone.
Please run another SFC, and post a new copy of the CBS.log file
SFC -System File Checker - Instructions
Click on the Start button
type in the Search box
CMD.EXE
right-click on the only file that is found
Select Run as Administrator - the Elevated Command Prompt window should pop up
At the Command prompt, type
SFC /SCANNOW
and hit the Enter key
Wait for the scan to finish - make a note of any error messages - and then reboot.
Post an MGADiag report with details of any error messages encountered, and your CBS.log file
I think i'm in trouble Noel nothing is working right now i did the SFC scan these are my results
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\windows\system32>SFC /SCANNOW
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 81% complete.
Windows Resource Protection could not perform the requested operation.
C:\windows\system32>
I rebooted and tried it again same thing, then I ran the MDAG and got a error message saying
MGAD tool Failed to create output files, hr =0x80070002 please contact support
so then I tried the CBSlog here it is.
Thanks again for your help!
You have two problems showing in the part of the scan that did complete.
This is sounding more and more like malware or a hardware fault.
Please download and install Malwarebytes Anti-malware (free version) www.malwarebytes.org and update it, and run a full scan (DO NOT enable the Real-Time protection option!) in your main account, and Quick scans in any other user accounts.
Delete everything it finds
let us know how many infections it found - if there are only one or two, then it'sprobably nothing to worry about, but
This is my malware results it says it has no malicious found
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.20.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tina's :: TINAS-PC [administrator]
7/20/2012 4:29:21 PM
mbam-log-2012-07-20 (16-29-21).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384850
Time elapsed: 1 hour(s), 25 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
I was looking at some of my programs and I have Advanced System care program that made 79 registry changes on my computer and i believe it was the day that these problems started occuring. these are the changes it shows not sure if you know what all this means but it says i can restore rescue these if you think i should.
[HKEY_CLASSES_ROOT\.jtp]
[HKEY_CLASSES_ROOT\.wtf]
@=""
[HKEY_CLASSES_ROOT\.xht]
@="ChromeHTML"
"Content Type"="application/xhtml+xml"
[HKEY_CLASSES_ROOT\.xhtml]
@="ChromeHTML"
"Content Type"="application/xhtml+xml"
[HKEY_CLASSES_ROOT\interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}]
@="IStatusEvents"
@="{00020420-0000-0000-C000-000000000046}"
@="{00020420-0000-0000-C000-000000000046}"
"Version"="1.0"
@="{47A7A4B0-2723-41BA-865E-EBBB7081A602}"
[HKEY_CLASSES_ROOT\interface\{7EA23D88-569E-4EFD-9851-A1528A7745F9}\ProxyStubClsid32]
@="{7EA23D88-569E-4EFD-9851-A1528A7745F9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}]
"InstallSource"="C:\\Users\\Administrator\\AppData\\Local\\Temp\\TC10015900F.temp\\WORKSSETUP\\MSWor ks\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FB}]
"DisplayIcon"="C:\\Program Files (x86)\\Java\\jre6\\\\bin\\javaws.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216023FB}]
"DisplayIcon"="C:\\Program Files (x86)\\Java\\jre6\\\\bin\\javaws.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216024FB}]
"DisplayIcon"="C:\\Program Files (x86)\\Java\\jre6\\\\bin\\javaws.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216026FB}]
"DisplayIcon"="C:\\Program Files (x86)\\Java\\jre6\\\\bin\\javaws.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216030FB}]
"DisplayIcon"="C:\\Program Files (x86)\\Java\\jre6\\\\bin\\javaws.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
"InstallSource"="c:\\54c975664a6778e6b2a1210301\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}]
"InstallSource"="C:\\Users\\Administrator\\AppData\\Local\\Temp\\TC10015900F.temp\\WORKSSETUP\\MSWor ks\\redist\\ocp\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00AF-0409-0000-0000000FF1CE}]
"InstallSource"="C:\\Users\\Administrator\\AppData\\Local\\Temp\\TC10015900F.temp\\WORKSSETUP\\MSWor ks\\redist\\ppv\\"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids]
"QuickTime.aac"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\OpenWithProgids]
"QuickTime.adts"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
"ChromeHTML"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
"ChromeHTML"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
"ChromeHTML"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\Directory\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\Directory\OpenWithProg ids]
"File Folder"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\Directory]
[HKEY_CLASSES_ROOT\.jtp]
[HKEY_CLASSES_ROOT\.wtf]
[HKEY_CLASSES_ROOT\.xht]
@="xhtmlfile"
"Content Type"="application/xhtml+xml"
[HKEY_CLASSES_ROOT\.xhtml]
@="xhtmlfile"
"Content Type"="application/xhtml+xml"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU]
"MRUListEx"=hex:00,00,00,00,FF,FF,FF,FF
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU]
"0"=hex:14,00,1F,78,40,F0,5F,64,81,50,1B,10,9F,08,00,AA,00,2F,95,4E,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU]
"0"=hex:50,00,68,00,6F,00,74,00,6F,00,53,00,63,00,61,00,70,00,65,00,2E,00,65,00,78,00,65,00,00,00,00 ,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0 0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0 0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0 0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0 0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0 0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,F9,FF,FF,FF,F9,FF,FF,FF,07,05,00 ,00,B1,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,51,01,00,00,48,00,00,00,D1,03,00,00, 28,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU]
"MRUListEx"=hex:00,00,00,00,FF,FF,FF,FF
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU]
"MRUListEx"=hex:00,00,00,00,FF,FF,FF,FF
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU]
"0"=hex:50,00,68,00,6F,00,74,00,6F,00,53,00,63,00,61,00,70,00,65,00,2E,00,65,00,78,00,65,00,00,00,14 ,00,1F,44,47,1A,03,59,72,3F,A7,44,89,C5,55,95,FE,6B,30,EE,20,00,00,00,1A,00,EE,BB,FE,23,00,00,10,00, 30,81,E2,33,1E,4E,76,46,83,5A,98,39,5C,3B,C3,BB,00,00,50,00,31,00,00,00,00,00,D7,40,E5,0B,10,00,4A,4 1,59,43,45,45,00,00,3A,00,08,00,04,00,EF,BE,BC,3E,1D,04,D7,40,E5,0B,2A,00,00,00,A0,51,02,00,00,00,AD ,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4A,00,41,00,59,00,43,00,45,00,45,00,00,00,16,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*]
"0"=hex:14,00,1F,44,47,1A,03,59,72,3F,A7,44,89,C5,55,95,FE,6B,30,EE,20,00,00,00,1A,00,EE,BB,FE,23,00 ,00,10,00,30,81,E2,33,1E,4E,76,46,83,5A,98,39,5C,3B,C3,BB,00,00,50,00,31,00,00,00,00,00,D7,40,E5,0B, 10,00,4A,41,59,43,45,45,00,00,3A,00,08,00,04,00,EF,BE,BC,3E,1D,04,D7,40,E5,0B,2A,00,00,00,A0,51,02,0 0,00,00,AD,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4A,00,41,00,59,00,43,00,45,00,45,00,00,00,16 ,00,64,00,32,00,00,00,00,00,00,00,00,00,80,00,65,64,69,74,65,64,20,74,69,6E,6B,65,72,00,48,00,08,00, 04,00,EF,BE,00,00,00,00,00,00,00,00,2A,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0 0,00,00,00,00,65,00,64,00,69,00,74,00,65,00,64,00,20,00,74,00,69,00,6E,00,6B,00,65,00,72,00,00,00,1C ,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*]
"MRUListEx"=hex:00,00,00,00,FF,FF,FF,FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
"InstallSource"="C:\\08506e8ae58bcd10c1\\"
Oh Dear - ASC is one of the major sources of problems that I come accross - it's a registry 'cleaner' that seems to have little regard for machine functionality.
Please UNDO anything it's ever done (if possible!) and uninstall it.
Then test validation again and post a new MGADiag report.
still won't validate and i got the same error message with the MGADiag report here are the results
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-4F8HK-M4P73-W8DQG
Windows Product Key Hash: Xs1iQgVeo0C+sObJxS7eu+FuBPQ=
Windows Product ID: 00359-OEM-8992687-00057
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {E339D1B5-57ED-4E6B-936F-55322B093FD5}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 102
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\windows\system32\sppobjs.dll[Hr = 0x80092003]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E339D1B5-57ED-4E6B-936F-55322B093FD5}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-W8DQG</PKey><PID>00359-OEM-8992687-00057</PID><PIDType>2</PIDType><SID>S-1-5-21-3377014041-2379755326-1275547391</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite P505</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V3.10 </Version><SMBIOSVersion major="2" minor="5"/><Date>20091130000000.000000+000</Date></BIOS><HWID>1C503C07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSQCI</OEMID><OEMTableID>TOSQCI00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
Error: 0xC004F012
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0000000000000010
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAIAAgABAAAAAgABAAEAonZsuGzDWglWfM7bFJaSTeiZgAV+JYQHRso=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP T0SQCI TOSQCI00
HPET TOSQCI TOSQCI00
BOOT PTLTD $SBFTBL$
MCFG TOSQCI TOSQCI00
SLIC TOSQCI TOSQCI00
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
i also noticed that i've lost all my system restore points and i never shut off system restore and it says its on.