New
#51
Interesting - please post a new MGADiag report, as it may show differences now.
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: N/A, hr = 0x80070005 Windows Product Key: *****-*****-RBV79-QMVK9-PTMXQ Windows Product Key Hash: RVPQaUf1pt3sdh4lgPOLdnLL830= Windows Product ID: 00346-OEM-8992752-50213 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010300.1.0.002 ID: {922BD9E8-F0DF-41C2-808C-26871A646456}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Home Basic Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.130104-1431 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\windows\system32\wat\watadminsvc.exe[Hr = 0x80070003] File Mismatch: C:\windows\system32\wat\npwatweb.dll[Hr = 0x80070003] File Mismatch: C:\windows\system32\wat\watux.exe[Hr = 0x80070003] File Mismatch: C:\windows\system32\wat\watweb.dll[Hr = 0x80070003] Other data--> Office Details: <GenuineResults><MachineData><UGUID>{922BD9E8-F0DF-41C2-808C-26871A646456}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.002</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PTMXQ</PKey><PID>00346-OEM-8992752-50213</PID><PIDType>2</PIDType><SID>S-1-5-21-1836982260-1520228119-2296431884</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>20079 </Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>40CN08WW(V2.07)</Version><SMBIOSVersion major="2" minor="7"/><Date>20110523000000.000000+000</Date></BIOS><HWID>9CB33A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>CB-01 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text. Error: 0x46 Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: 0x00000000 HealthStatus: 0x0000000000000000 Event Time Stamp: 3:27:2013 06:53 ActiveX: Not Registered - 0x80040154 Admin Service: Not Registered - 0x80040154 HealthStatus Bitmask Output: HWID Data--> HWID Hash Current: MgAAAAEAAQABAAMAAAABAAAAAwABAAEA6GGGwwx0xOXW8SRD1FJkkRwJNAUwbXybLnM= OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC INSYDE HR CRB FACP LENOVO CB-01 HPET LENOVO CB-01 BOOT INSYDE HR CRB MCFG LENOVO CB-01 WDAT INSYDE HR CRB SLIC LENOVO CB-01 ASF! INSYDE HR CRB SSDT INSYDE HR CRB ASPT INSYDE HR CRB SSDT INSYDE HR CRB SSDT INSYDE HR CRB SSDT INSYDE HR CRB
Open Windows Explorer (Computer)
Navigate to the C:\Windows folder
Find the System32 sub-folder and right-click on it
select Properties
Clear the 'blob' from the 'Read-only (Only applies to files in folder)' box by clicking on it until it's plain white.
Click on Apply.
Make sure that the radio button for 'Apply changes to this folder, subfolders and files' is set, and click OK.
Accept the Administrator prompt. After a couple of seconds, you'll be told there is an error - click on the 'Ignore all' button.
Wait for it to finish - it could take a couple of minutes.
OK out, and exit Windows Explorer.
Reboot twice
Post another MGADiag report.
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: N/A, hr = 0x80070005 Windows Product Key: *****-*****-RBV79-QMVK9-PTMXQ Windows Product Key Hash: RVPQaUf1pt3sdh4lgPOLdnLL830= Windows Product ID: 00346-OEM-8992752-50213 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010300.1.0.002 ID: {922BD9E8-F0DF-41C2-808C-26871A646456}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Home Basic Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.130104-1431 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\windows\system32\wat\watadminsvc.exe[Hr = 0x80070003] File Mismatch: C:\windows\system32\wat\npwatweb.dll[Hr = 0x80070003] File Mismatch: C:\windows\system32\wat\watux.exe[Hr = 0x80070003] File Mismatch: C:\windows\system32\wat\watweb.dll[Hr = 0x80070003] Other data--> Office Details: <GenuineResults><MachineData><UGUID>{922BD9E8-F0DF-41C2-808C-26871A646456}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.002</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PTMXQ</PKey><PID>00346-OEM-8992752-50213</PID><PIDType>2</PIDType><SID>S-1-5-21-1836982260-1520228119-2296431884</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>20079 </Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>40CN08WW(V2.07)</Version><SMBIOSVersion major="2" minor="7"/><Date>20110523000000.000000+000</Date></BIOS><HWID>9CB33A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>CB-01 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text. Error: 0x46 Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: 0x00000000 HealthStatus: 0x0000000000000000 Event Time Stamp: 3:27:2013 06:53 ActiveX: Not Registered - 0x80040154 Admin Service: Not Registered - 0x80040154 HealthStatus Bitmask Output: HWID Data--> HWID Hash Current: MgAAAAEAAQABAAMAAAABAAAAAwABAAEA6GGGwwx0xOXW8dRSZJEkQxwJNAUwbXybLnM= OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC INSYDE HR CRB FACP LENOVO CB-01 HPET LENOVO CB-01 BOOT INSYDE HR CRB MCFG LENOVO CB-01 WDAT INSYDE HR CRB SLIC LENOVO CB-01 ASF! INSYDE HR CRB SSDT INSYDE HR CRB ASPT INSYDE HR CRB SSDT INSYDE HR CRB SSDT INSYDE HR CRB SSDT INSYDE HR CRB
I'm missing something, somewhere...
Please run these commands (again?)
post the results.
Please run the following command from an Elevated Command Prompt window(1)
Copy and paste set of commands below into the window – once completed, hit the Enter Key to ensure that the last command has run (2)
REG QUERY HKU
REG QUERY HKU\S-1-5-20
REG QUERY HKU\S-1-5-20\Environment
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20"
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
Copy the whole output to your response(3)
Code:Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\WINSTON>REG QUERY HKU HKEY_USERS\.DEFAULT HKEY_USERS\S-1-5-19 HKEY_USERS\S-1-5-20 HKEY_USERS\S-1-5-21-1836982260-1520228119-2296431884-1000 HKEY_USERS\S-1-5-21-1836982260-1520228119-2296431884-1000_Classes HKEY_USERS\S-1-5-18 C:\Users\WINSTON>REG QUERY HKU\S-1-5-20 HKEY_USERS\S-1-5-20\AppEvents HKEY_USERS\S-1-5-20\Console HKEY_USERS\S-1-5-20\Control Panel HKEY_USERS\S-1-5-20\Environment HKEY_USERS\S-1-5-20\EUDC HKEY_USERS\S-1-5-20\Keyboard Layout HKEY_USERS\S-1-5-20\Printers HKEY_USERS\S-1-5-20\Software HKEY_USERS\S-1-5-20\System C:\Users\WINSTON>REG QUERY HKU\S-1-5-20\Environment HKEY_USERS\S-1-5-20\Environment TEMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp TMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp C:\Users\WINSTON>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Pr ofileList\S-1-5-20" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1- 5-20 ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkServi ce Flags REG_DWORD 0x0 State REG_DWORD 0x0 C:\Users\WINSTON>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Pr ofileList" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users Default REG_EXPAND_SZ %SystemDrive%\Users\Default Public REG_EXPAND_SZ %SystemDrive%\Users\Public ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1- 5-18 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1- 5-19 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1- 5-20 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1- 5-21-1836982260-1520228119-2296431884-1000 C:\Users\WINSTON> C:\Users\WINSTON>
(By the way - the problems in the thread you linked to were very different to yours, which is why I hadn't offered that solution)
Please run the following commands, and post the results...
REG QUERY HKLM\System\CurrentControlSet\Services\SPPSVC /s
REG QUERY HKLM\System\CurrentControlSet\Services\SPPUINotify /s
REG QUERY HKLM\System\CurrentControlSet\Services\SPLDR /s
REG QUERY HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SPLDR /s
SC QUERYEX SPLDR
Code:Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\WINSTON>REG QUERY HKLM\System\CurrentControlSet\Services\SPPSVC /s HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPPSVC DisplayName REG_SZ @%SystemRoot%\system32\sppsvc.exe,-101 Description REG_SZ @%SystemRoot%\system32\sppsvc.exe,-100 ObjectName REG_SZ NT AUTHORITY\NetworkService ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x2 DelayedAutoStart REG_DWORD 0x1 Type REG_DWORD 0x10 DependOnService REG_MULTI_SZ RpcSs ServiceSidType REG_DWORD 0x1 RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege\0SeChangeNotifyPrivil ege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege FailureActions REG_BINARY 80510100000000000000000003000000140000000100 0000C0D4010001000000E09304000000000000000000 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPPSVC\Security Security REG_BINARY 010014804C00000058000000140000003000000002001C0001 00000002801400FF010F0001010000000000010000000002001C000100000000001400FD01020001 0100000000000512000000010100000000000512000000010100000000000512000000 C:\Users\WINSTON>REG QUERY HKLM\System\CurrentControlSet\Services\SPPUINotify /s HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPPUINotify DisplayName REG_SZ @%SystemRoot%\system32\sppuinotify.dll,-103 ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalServ ice Description REG_SZ @%SystemRoot%\system32\sppuinotify.dll,-102 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x3 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ EventSystem ServiceSidType REG_DWORD 0x1 RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeImpersonate Privilege FailureActions REG_BINARY 80510100000000000000000003000000140000000100 0000E093040001000000E09304000000000000000000 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPPUINotify\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\sppuinotify.dll ServiceDllUnloadOnStop REG_DWORD 0x1 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPPUINotify\Security Security REG_BINARY 01001480C8000000D4000000140000003000000002001C0001 00000002801400FF010F00010100000000000100000000020098000600000000001400FD01020001 010000000000051200000000002800FD010200010600000000000550000000F05B5807C3438C9AC7 8A72DD8F8CB4DF4447E7F800001800FF010F0001020000000000052000000020020000000014008D 010200010100000000000504000000000014008D0102000101000000000005060000000000140000 01000001010000000000050B000000010100000000000512000000010100000000000512000000 C:\Users\WINSTON>REG QUERY HKLM\System\CurrentControlSet\Services\SPLDR /s HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPLDR DisplayName REG_SZ Security Processor Loader Driver ErrorControl REG_DWORD 0x3 Start REG_DWORD 0x0 Type REG_DWORD 0x1 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPLDR\Enum 0 REG_SZ Root\LEGACY_SPLDR\0000 Count REG_DWORD 0x1 NextInstance REG_DWORD 0x1 C:\Users\WINSTON>REG QUERY HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SPLDR /s HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_SPLDR NextInstance REG_DWORD 0x1 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000 Service REG_SZ spldr Legacy REG_DWORD 0x1 ConfigFlags REG_DWORD 0x400 Class REG_SZ LegacyDriver ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1} DeviceDesc REG_SZ Security Processor Loader Driver Capabilities REG_DWORD 0x0 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control ActiveService REG_SZ spldr C:\Users\WINSTON>SC QUERYEX SPLDR SERVICE_NAME: SPLDR TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : C:\Users\WINSTON>
That does explain something, at least!
Please run the following command
SC CONFIG SPPSVC /binPath= %SystemRoot%\System32\sspsvc.exe
post the results, then reboot and run another MGADiag report.
Code:Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\WINSTON>SC CONFIG SPPSVC /binPath= %SystemRoot%\System32\sspsvc.exe DESCRIPTION: Modifies a service entry in the registry and Service Database. USAGE: sc <server> config [service name] <option1> <option2>... OPTIONS: NOTE: The option name includes the equal sign. A space is required between the equal sign and the value. type= <own|share|interact|kernel|filesys|rec|adapt> start= <boot|system|auto|demand|disabled|delayed-auto> error= <normal|severe|critical|ignore> binPath= <BinaryPathName> group= <LoadOrderGroup> tag= <yes|no> depend= <Dependencies(separated by / (forward slash))> obj= <AccountName|ObjectName> DisplayName= <display name> password= <password> C:\Users\WINSTON>