Is there a way to run MGADiag via CLI? As I said, it takes 2 hours to get this kicked off and running in normal mode.
The sticker says "Windows 7 Home Prem OA". Under that is the barcode (Asus) and the product key. Is there something else?
Is there anything in the log pointing to a service or file that can be fixed to return performance to normal mode? I don't know that MGADiag will complete in normal mode. It ran for 2 hours last time before normal mode locked.
After 3 hours, MGADiag had not even popped up on the screen. I went back to safemode and disabled all services that were not running then went back to normal mode. I can now run things...it's still a bit herky-jerky...there are delays when clicking on files, folders or executables.
Here is the output:
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0x8004FE21 Cached Online Validation Code: N/A, hr = 0x80070422 Windows Product Key: *****-*****-BJD6C-K3YVH-DVQJG Windows Product Key Hash: WFqPPaNJ0hrc3E/8MgITJa2Xf0M= Windows Product ID: 00359-OEM-8992687-00118 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010300.1.0.003 ID: {A75E65D6-7D3B-4C4C-A69D-AE006962FF9A}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Home Premium Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.140303-2144 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{A75E65D6-7D3B-4C4C-A69D-AE006962FF9A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-DVQJG</PKey><PID>00359-OEM-8992687-00118</PID><PIDType>2</PIDType><SID>S-1-5-21-612552391-2311362538-1607580098</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>EB1503</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0502</Version><SMBIOSVersion major="2" minor="7"/><Date>20120523000000.000000+000</Date></BIOS><HWID>F9613807018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070422' to display the error text. Error: 0x80070422 Windows Activation Technologies--> HrOffline: 0x8004FE21 HrOnline: N/A HealthStatus: 0x0001000000000000 Event Time Stamp: 10:1:2014 21:36 ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Registered, Version: 7.1.7600.16395 HealthStatus Bitmask Output: Tampered Service: sppsvc HWID Data--> HWID Hash Current: LgAAAAEAAQABAAEAAAACAAAAAgABAAEA6GHOoBa2yGMgzxDd/KtGTB52FIcEGg== OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC ALASKA A M I FACP ALASKA A M I HPET ALASKA A M I MCFG ALASKA A M I RTCF A1234 RTCONFIG IFEU ALASKA A M I SLIC _ASUS_ Notebook
I went back to run these:
net start sppsvc
sc qc sppsvc
sc queryex sppsvc
sc qprivs sppsvc
sc qsidtype sppsvc
sc sdshow sppsvcAs soon as I start sppsvc, everything locks up. I try to stop it, but cannot stop it...have to go back to Safe Mode and disable it.Code:C:\Windows\system32>net start sppsvc The Software Protection service is starting. The Software Protection service was started successfully. C:\Windows\system32>sc qc sppsvc [SC] QueryServiceConfig SUCCESS SERVICE_NAME: sppsvc TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START (DELAYED) ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\sppsvc.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Software Protection DEPENDENCIES : RpcSs SERVICE_START_NAME : NT AUTHORITY\NetworkService C:\Windows\system32>sc queryex sppsvc SERVICE_NAME: sppsvc TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1772 FLAGS : C:\Windows\system32>sc qprivs sppsvc [SC] QueryServiceConfig2 SUCCESS SERVICE_NAME: sppsvc PRIVILEGES : SeAuditPrivilege : SeChangeNotifyPrivilege : SeCreateGlobalPrivilege : SeImpersonatePrivilege C:\Windows\system32>sc qsidtype sppsvc [SC] QueryServiceConfig2 SUCCESS SERVICE_NAME: sppsvc SERVICE_SID_TYPE: UNRESTRICTED C:\Windows\system32>sc sdshow sppsvc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO CRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LCRP;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCW DWO;;;WD) C:\Windows\system32>
Last edited by Triton46; 09 Nov 2014 at 22:28.
Odd.
While in Safe Mode with Networking, run SFC /SCANNOW - copy the CBS.log file to the desktop, and compress the copy before uploading it to your reply.
Last night: I went back and found in the Event Log that the crash was either due to Server service or COM+ service not running. I restarted those and the computer seems stable...still a bit slow but working. I received a notice to download a Windows Authentication program and run it. After it completes, you have to go to a MS website to validate. The website restarts sppsvc and sppuinotify even though both were disabled.
That ran for about 30 min before I left it and went to bed.
This morning: the website is not responding so I don't know if it completed or not. I'll send the CBS log when I get off work.
Last edited by Triton46; 10 Nov 2014 at 10:36.
I restarted the PC in normal mode to see if the update completed. It is back to where I was when I first opened this thread...very slow, cannot click on anything, 30 min to shutdown. I powered it off and went to Safe Mode with Networking and ran sfc /scannow.
The logs show the same error again on the Korean dll file (I replaced it yesterday and got a clean scannow). Something is corrupting it.
Attachment 339977Code:2014-11-08 15:21:12, Error CSI 0000011c (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #2511023# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysReadFile(h = a10 ("\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-ime-korean-hwresource_31bf3856ad364e35_6.1.7600.16385_none_ac4a6957c5dbd4bb\mshwkorrIME.dll"), evt = 0, apcr = NULL, apcc = NULL, iosb = @0xa3cd20, data = {l:0 b:}, byteoffset = 458752 (0x0000000000070000), key = (null)) [gle=0xd0000185] 2014-11-08 15:21:12, Error CSI 0000011d@2014/11/8:20:21:12.162 (F) d:\win7sp1_gdr\base\wcp\sil\merged\ntu\ntsystem.cpp(2155): Error c0000185 [Error,Facility=(system),Code=389 (0x0185)] originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysReadFile expression: (null) [gle=0x80004005] 2014-11-08 15:21:17, Error CSI 0000011e (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #2511022# from Windows::Rtl::SystemImplementation::CFile_IRtlFileTearoff::ReadFile(Flags = 3, Buffer = {l:0 ml:65536 b:}, Offset = 458752 (0x0000000000070000), Disposition = 0)[gle=0xd0000185] ... 2014-11-10 07:48:26, Error CSI 0000011c (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #2510259# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysReadFile(h = a10 ("\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-ime-korean-hwresource_31bf3856ad364e35_6.1.7600.16385_none_ac4a6957c5dbd4bb\mshwkorrIME.dll"), evt = 0, apcr = NULL, apcc = NULL, iosb = @0x95d1c0, data = {l:0 b:}, byteoffset = 1310720 (0x0000000000140000), key = (null)) [gle=0xd0000185] 2014-11-10 07:48:26, Error CSI 0000011d@2014/11/10:12:48:26.316 (F) d:\win7sp1_gdr\base\wcp\sil\merged\ntu\ntsystem.cpp(2155): Error c0000185 [Error,Facility=(system),Code=389 (0x0185)] originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysReadFile expression: (null) [gle=0x80004005] 2014-11-10 07:48:28, Error CSI 0000011e (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #2510258# from Windows::Rtl::SystemImplementation::CFile_IRtlFileTearoff::ReadFile(Flags = 3, Buffer = {l:0 ml:65536 b:}, Offset = 1310720 (0x0000000000140000), Disposition = 0)[gle=0xd0000185]
Last edited by Triton46; 10 Nov 2014 at 09:39.
This type of thing sounds more like enemy action than anything else..
In Safe Mode with Networking...
Please downloadand install Malwarebytes Anti-malware(free version) from http://www.malwarebytes.org/products/malwarebytes_free/- UNtick 'Enable free trial of MBAM Premium' at the end of the installation- and update it, then run a fullscan in your main account, and Quickscans in any other user accounts.
Quarantineeverything it finds
Houston, we have a problem. I replaced the bad dll and ran sfc /scannow, success.
I started Malwarebytes and it got all the way to the end and froze, on a directory that no longer exists. I tried to stop it but Safe Mode was frozen. Power off, back on and I cleaned the registry and restarted Malwarebytes, this time it got to the windows update token file (tokens.dat).
At this point I am getting worried that the disk is bad. I already backed up all my media files, but I have been getting timeouts on the files in my partition for the OS. I started moving all the Program Files and got two errors:
Semaphore Timeout - Error 0x80070079
IO Device Error - Error 0x80070450
It's frozen again in Safe Mode just moving 2GB of data from Program Files.
How can I conclusively rule which part is the problem?
Last edited by Triton46; 10 Nov 2014 at 18:21.
Quote