New
#61
lol
not to be pushy, but is there anything I can do to move this along?
Sorry about the hiatus! - you got lost in the current rush.... mea culpa.
Please post a new MGADiag report (which is what I should have asked for 4 days ago!)
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0x8004FE21 Cached Online Validation Code: 0x0 Windows Product Key: *****-*****-MHV7X-QY9P2-PVVTT Windows Product Key Hash: 8eb+5HEPRzYNL/i4dAfQT5muLFo= Windows Product ID: 00371-153-9199894-85465 Windows Product ID Type: 5 Windows License Type: Retail Windows OS version: 6.1.7601.2.00010100.1.0.048 ID: {A666936B-6FE8-4C09-92EA-8E5B6B489AD1}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Professional Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.120503-2030 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Users\Jason Cain Cross\AppData\Local\Google\Chrome\Application\chrome.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003 File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003 File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x80092003 File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x80092003 File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003 File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x80092003 File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x80092003 File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003 File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003 File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100 Other data--> Office Details: <GenuineResults><MachineData><UGUID>{A666936B-6FE8-4C09-92EA-8E5B6B489AD1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PVVTT</PKey><PID>00371-153-9199894-85465</PID><PIDType>5</PIDType><SID>S-1-5-21-4179402701-3199430408-1481344762</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS M1530 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A12</Version><SMBIOSVersion major="2" minor="4"/><Date>20081119000000.000000+000</Date></BIOS><HWID>FC853407018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> Software licensing service version: 6.1.7601.17514 Name: Windows(R) 7, Professional edition Description: Windows Operating System - Windows(R) 7, RETAIL channel Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9 Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f Extended PID: 00371-00170-153-919989-01-1033-7601.0000-2882012 Installation ID: 009564515042418536695803860984591725453521049404496584 Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338 Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339 Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341 Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340 Partial Product Key: PVVTT License Status: Licensed Remaining Windows rearm count: 2 Trusted time: 12/3/2012 2:52:55 PM Windows Activation Technologies--> HrOffline: 0x8004FE21 HrOnline: N/A HealthStatus: 0x000000000001EFF0 Event Time Stamp: 12:2:2012 23:39 ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Registered, Version: 7.1.7600.16395 HealthStatus Bitmask Output: Tampered File: %systemroot%\system32\sppobjs.dll Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui Tampered File: %systemroot%\system32\sppwinob.dll Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui Tampered File: %systemroot%\system32\drivers\spsys.sys HWID Data--> HWID Hash Current: PAAAAAEABgABAAIAAQABAAAAAwABAAEAln1kNXTHTmpGg5p6Mg8SeR6zom++fa4pXA+w5FtLMGFEUUbK OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x0 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC DELL M08 FACP DELL M08 HPET DELL M08 BOOT DELL M08 MCFG DELL M08 SLIC DELL M08 OSFR DELL M08 SSDT PmRef CpuPm
Please download the Farbar Service Scanner from
http://www.bleepingcomputer.com/download/farbar-service-scanner/
Run it, and tick all the options, then click on the Scan button - copy and paste the report to your response.
Code:Farbar Service Scanner Version: 01-12-2012 02 Ran by Jason Cain Cross (administrator) on 03-12-2012 at 15:11:41 Running from "C:\Users\Jason Cain Cross\Downloads" Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
That's normal.
I've asked Tom892 to review the thread when he has a minute - please wait (if you don't hear from one of us in 24hours, please SHOUT!)
Hi tejuna,
I know this must be getting tedious after 7 pages of posts, but hang in there and we'll get this sorted :)
I would preferably like a clean CBS log. Could you reboot, then follow these instructions please:
SFC Scan
- Click on the Start button and in the search box, type Command Prompt
- When you see Command Prompt on the list, right-click on it and select Run as administrator
- When command prompt opens, copy and paste the following commands into it, press enter after each
sfc /scannow
Wait for this to finish before you continue
copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
- This will create a file, cbs.txt on your Desktop. Please attach this to your next post.
Tom
no worries at all m8, I am an MCITP with 23 years under belt and I have never seen such a simple problem so utterly refusing to go away before, and I tried everything I could think of other than a format/reinstall. the bad part is I bought this direct from microsoft and they couldn't/wouldn't help me. you guys have been of way more help, so my patience is endless. :)
anyway, it didn't create a clean cbs.txt file, but it's a lot smaller than before...it's attached.
edit: by the way, I have had experiences with techs not doing exactly as I said because they thought they knew better than me. let me assure you that since the beginning I have run all commands and reported what I saw exactly as stated with no interference from me (other than obvious typos and syntax errors).