Windows 7: Windows activation popups.

NoelDP · 22 Sep 2012

Interesting - most of the files in the Catroot2 folder have gone AWOL.... have you recently renamed it in an attempt at repair?

Please run the following commands and post the results

ICACLS C:\Windows\System32\Catroot2
NET START VSS
NET START WUAUSERV
NET START BITS
NET START BFE

TekkenJam · 22 Sep 2012

Code:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\anon>
C:\Users\anon>ICACLS C:\Windows\System32\Catroot2
C:\Windows\System32\Catroot2 NT SERVICE\CryptSvc:(F)
                             NT SERVICE\CryptSvc:(OI)(CI)(IO)(F)
                             NT SERVICE\TrustedInstaller:(I)(F)
                             NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                             NT AUTHORITY\SYSTEM:(I)(F)
                             NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                             BUILTIN\Administrators:(I)(F)
                             BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                             BUILTIN\Users:(I)(RX)
                             BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                             CREATOR OWNER:(I)(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

C:\Users\anon>NET START VSS
The Volume Shadow Copy service is starting.
The Volume Shadow Copy service was started successfully.


C:\Users\anon>NET START WUAUSERV
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


C:\Users\anon>NET START BITS
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


C:\Users\anon>NET START BFE
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


C:\Users\anon>

NoelDP · 22 Sep 2012

I'll have to sleep on this - it's 02:30!

back tomorrow

TekkenJam · 22 Sep 2012

alright thanks for your time!

NoelDP · 23 Sep 2012

Please run the following commands, and post the results

REG QUERY HKU
REG QUERY HKU\S-1-5-20
REG QUERY HKU\S-1-5-20\Environment
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20"

TekkenJam · 23 Sep 2012

Code:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\anon>REG QUERY HKU REG QUERY HKU\S-1-5-20 REG QUERY HKU\S-1-5-20\Enviro
nment REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S
-1-5-20"
ERROR: Invalid syntax.
Type "REG QUERY /?" for usage.

C:\Users\anon>REG QUERY HKU

HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-20
HKEY_USERS\S-1-5-21-2448664860-236786111-2952155252-1000
HKEY_USERS\S-1-5-21-2448664860-236786111-2952155252-1000_Classes
HKEY_USERS\S-1-5-18

C:\Users\anon>REG QUERY HKU\S-1-5-20

HKEY_USERS\S-1-5-20\AppEvents
HKEY_USERS\S-1-5-20\Console
HKEY_USERS\S-1-5-20\Control Panel
HKEY_USERS\S-1-5-20\Environment
HKEY_USERS\S-1-5-20\EUDC
HKEY_USERS\S-1-5-20\Keyboard Layout
HKEY_USERS\S-1-5-20\Network
HKEY_USERS\S-1-5-20\Printers
HKEY_USERS\S-1-5-20\Software
HKEY_USERS\S-1-5-20\System

C:\Users\anon>REG QUERY HKU\S-1-5-20\Environment

HKEY_USERS\S-1-5-20\Environment
    TEMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp
    TMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp


C:\Users\anon>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Profi
leList\S-1-5-20"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-20
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkServi
ce
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0


C:\Users\anon>

NoelDP · 23 Sep 2012

That all looks normal

(or should it be

? )

please run the following command....

REG QUERY HKCR\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}

post the results

TekkenJam · 23 Sep 2012

Code:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\anon>
C:\Users\anon>REG QUERY HKCR\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}
ERROR: The system was unable to find the specified registry key or value.

C:\Users\anon>

NoelDP · 23 Sep 2012

AHAH!

I'm not certain (by an means!) that this will work, but it's easy enough to undo if necessary.

Please copy teh code in the box to a Notepad window, and then save it to your desktop as WMIFIX.REG

Code:

 
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}]
 
[HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2]
@="Microsoft WMI Scripting V1.2 Library"
 
[HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0]
 
[HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,62,00,\
 65,00,6d,00,5c,00,77,00,62,00,65,00,6d,00,64,00,69,00,73,00,70,00,2e,00,54,\
 00,4c,00,42,00,00,00
 
[HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\FLAGS]
@="0"
 
[HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\HELPDIR]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,62,00,\
 65,00,6d,00,5c,00,00,00

Once saved, close all applications.

now right-click on the new file, and select Merge.
You'll get a couple of warnings - accept them.
You should get a 'success' message.
(post back if not, and we'll try the hard way)

reboot, and run another MGADiag report - post the results together with the output from the following command.

REG QUERY HKCR\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}

(just to check that it went in properly)

TekkenJam · 23 Sep 2012

Code:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-6MKCX-QRFBQ-P8BWG
Windows Product Key Hash: y/SufN6tBcExL36cN26MQAGgivI=
Windows Product ID: 00359-OEM-8703737-42228
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {3E2C1ABD-7D3C-4F7B-BAFA-A1BCAB6B0293}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.111118-2330
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3E2C1ABD-7D3C-4F7B-BAFA-A1BCAB6B0293}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-P8BWG</PKey><PID>00359-OEM-8703737-42228</PID><PIDType>3</PIDType><SID>S-1-5-21-2448664860-236786111-2952155252</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0706</Version><SMBIOSVersion major="2" minor="6"/><Date>20110805000000.000000+000</Date></BIOS><HWID>3DB83907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
C:\Windows\system32\slmgr.vbs(22, 1) (null): Library not registered. 

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 9:22:2012 22:12
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys


HWID Data-->
HWID Hash Current: NgAAAAIAAQABAAEAAgADAAAAAgABAAEAln2YFGPocFwaXVpB2J4Op6yLYj284kVydo6oli5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            ALASKA        A M I
  FACP            ALASKA        A M I
  HPET            ALASKA        A M I
  MCFG            ALASKA        A M I
  SSDT            AMICPU        PROC

C:\Users\anon>REG QUERY HKCR\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}

HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2

C:\Users\anon>

Windows 7: Windows activation popups.

Windows activation popups. problems?