New
#11
SFC output:
Windows Resource Protection found corrupt files but was unable to fix some of them.
CBS file attached.
Thank you.
SFC output:
Windows Resource Protection found corrupt files but was unable to fix some of them.
CBS file attached.
Thank you.
Download WATFix - make sure that you UNTICK the box for the 'download manager, and click on the link on the left of the page, not the big shiny button on the right (which is an ad for the download manager!!) - and use that - extract the .exe file, and run it, then reboot.
Post back with an MGADiag report, and we'll then see what we can do.
we need to see a full copy of the report produced by the MGADiag tool
(download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
Once saved, run the tool.
Click on the Continue button, which will produce the report.
To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
Hi,
Done them.
MGADiag output:
(The "sppcomapi" files still seem to be tampered.)Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0x8004FE22 Cached Online Validation Code: N/A, hr = 0xc004f012 Windows Product Key: *****-*****-CF66B-YBBPF-8HGJ8 Windows Product Key Hash: 8b3KXN3WYp8U8TBOYhESMKSoL7Y= Windows Product ID: 00426-383-2990305-06527 Windows Product ID Type: 5 Windows License Type: Retail Windows OS version: 6.1.7601.2.00010100.1.0.001 ID: {C448DCA9-78F4-4E41-9C52-EBC1B33F0943}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Ultimate Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.140706-1506 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{C448DCA9-78F4-4E41-9C52-EBC1B33F0943}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-8HGJ8</PKey><PID>00426-383-2990305-06527</PID><PIDType>5</PIDType><SID>S-1-5-21-2639045236-29053441-75679838</SID><SYSTEM><Manufacturer>FUJITSU</Manufacturer><Model>LIFEBOOK A531</Model></SYSTEM><BIOS><Manufacturer>FUJITSU // Phoenix Technologies Ltd.</Manufacturer><Version>1.24</Version><SMBIOSVersion major="2" minor="6"/><Date>20110927000000.000000+000</Date></BIOS><HWID>B1083307018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> Software licensing service version: 6.1.7601.17514 Name: Windows(R) 7, Ultimate edition Description: Windows Operating System - Windows(R) 7, RETAIL channel Activation ID: c619d61c-c2f2-40c3-ab3f-c5924314b0f3 Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f Extended PID: 00426-00212-383-299030-00-1033-7601.0000-2772014 Installation ID: 014721111234195036068823229023783983005272048681734361 Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338 Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339 Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341 Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340 Partial Product Key: 8HGJ8 License Status: Initial grace period Time remaining: 23580 minute(s) (16 day(s)) Remaining Windows rearm count: 1 Trusted time: 10/22/2014 8:50:27 AM Windows Activation Technologies--> HrOffline: 0x8004FE22 HrOnline: N/A HealthStatus: 0x0000000000002000 Event Time Stamp: 10:17:2014 09:07 ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Registered, Version: 7.1.7600.16395 HealthStatus Bitmask Output: Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui HWID Data--> HWID Hash Current: MAAAAAEAAQABAAEAAAABAAAABAABAAEA6GGk/wSxUpyEEoiW1N4ypkaAKGtszy5z OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes, but no SLIC table Windows marker version: N/A OEMID and OEMTableID Consistent: N/A BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC FUJ PC FACP FUJ PC HPET FUJ PC MCFG FUJ PC SSDT FUJ PtidDevc ASF! FUJ PC SSDT FUJ PtidDevc SSDT FUJ PtidDevc UEFI FUJ PC UEFI FUJ PC UEFI FUJ PC
Good - that seems to have fixed some of the problems, at least.
Now please run another SFC /SCANNOW and post the new CBS data - and with any luck it'll show that we only need to fix one or two files.
Actually, I haven't experienced the "Not genuine" popup right after rebooting... Let me keep using it for another day, and get back to you later; it might have sorted the problem...
Thank you!
It will come back, I promise you!
Please do the scans when you can, and then we can get the rest of the problems sorted.
Hi,
It indeed has... So I've done the sfc scan twice, then the SURT, then sfc again (sfc giving the "corrupted files couldn't be fixed" message all the time).
CBS attached.
Cheers,
Joe
SFC now has the following errors...
I'll post a fix protocol for these errors later.Code:Line 17321: 2014-10-23 08:35:55, Info CSI 00000357 [SR] Repairing 8 components Line 17322: 2014-10-23 08:35:55, Info CSI 00000358 [SR] Beginning Verify and Repair transaction Line 17323: 2014-10-23 08:35:55, Info CSI 00000359 [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked Line 17324: 2014-10-23 08:35:55, Info CSI 0000035a [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked Line 17325: 2014-10-23 08:35:55, Info CSI 0000035b [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked Line 17326: 2014-10-23 08:35:55, Info CSI 0000035c [SR] Cannot repair member file [l:26{13}]"sppcomapi.dll" of Microsoft-Windows-Security-SPP-UX, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked Line 17327: 2014-10-23 08:35:55, Info CSI 0000035d [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked Line 17328: 2014-10-23 08:35:55, Info CSI 0000035e [SR] Cannot repair member file [l:26{13}]"systemcpl.dll" of Microsoft-Windows-systemcpl, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked Line 17329: 2014-10-23 08:35:55, Info CSI 0000035f [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked Line 17330: 2014-10-23 08:35:55, Info CSI 00000360 [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
Looking at the error type in more detail, it looks to me as if the files are present, but that the permissions on them have been badly altered.
Let's try and see what's happened...
Open an Elevated Command Prompt, and run the following commands...
DIR C:\Windows\System32\slmgr.vbs
ICACLS C:\Windows\System32\slmgr.vbs
ATTRIB C:\Windows\System32\slmgr.vbs
Post the results...
Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
Hi,
There you go:
Code:C:\Windows\system32>DIR C:\Windows\System32\slmgr.vbs Volume in drive C has no label. Volume Serial Number is 6233-B53D Directory of C:\Windows\System32 06/10/2009 09:59 PM 113,629 slmgr.vbs 1 File(s) 113,629 bytes 0 Dir(s) 64,122,568,704 bytes free C:\Windows\system32>ICACLS C:\Windows\System32\slmgr.vbs C:\Windows\System32\slmgr.vbs NT AUTHORITY\SYSTEM:(N) Everyone:(F) NT SERVICE\TrustedInstaller:(F) BUILTIN\Administrators:(RX) BUILTIN\Users:(RX) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ATTRIB C:\Windows\System32\slmgr.vbs A C:\Windows\System32\slmgr.vbs C:\Windows\system32>