Remove From My Forums

Windows Activation and Project ID not displayed under system information

Question
0

Sign in to vote

It's not that it's saying "Status not available" - it's not displayed at all under system information!

I was having a problem with "Build 7601 - This copy of windows is not genuine" after I installed a new service pack and I managed to get rid of it by running this program called "removeWAT", if that makes any sense

After running this the error disappeared but now it doesn't display the status or product ID at all under the system information. What do I do? To be honest I probably shouldn't have ran it, cause I don't really know what I'm doing.

Can someone help me please.

Tuesday, April 23, 2013 6:58 PM

Answers

0

Sign in to vote
That one's not supposed to work :) - it's checked there because there's one piece of malware which appears to create the Key to hook into the system before the real SPPSVC gets a chance to start.

OMIGAWD!

I just realised what the problem is...

I've been posting replies suitable for a Vista installation, rather than Windows 7! (mea culpa!)

OK - let's correct that....

Please open an Elevated Command Prompt, and run the following commands....

REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\SLSVC /S sc create sppsvc binPath= %SystemRoot%\System32\sppsvc.exe DisplayName= "Software Protection" depend= Rpcss start= delayed-auto obj= "NT AUTHORITY\NetworkService" password= "" sc privs sppsvc SeAuditPrivilege/SeChangeNotifyPrivilege/SeCreateGlobalPrivilege/SeImpersonatePrivilege sc sdset sppsvc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LCRP;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) sc sidtype sppsvc UNRESTRICTED
.

post the results, and then reboot twice - run another MGADiag report and post that.

Sorry about the confusion - simply a case of trying to do too many things at once! :(

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.
- Marked as answer by MrBandicoot91 Saturday, April 27, 2013 9:52 AM
Saturday, April 27, 2013 9:36 AM

Moderator

All replies

0

Sign in to vote

RemoveWat is an illegal activation hack. you will have to remove it.

download watfix

unceheck the download manager, unzip it and run it

http://www.datafilehost.com/download-b529e21e.html

then:

To properly analyze and solve problems with Activation and Validation, we need to see a full copy of the diagnostic report produced by the MGADiag tool (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )

Once downloaded, run the tool.

Click on the Continue button, after a short time, the Continue button will change to a Copy button.

Click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your post. (please do not edit the report.)

Tuesday, April 23, 2013 7:42 PM

Answerer
0

Sign in to vote

Hi George. Thanks for your prompt reply.

OK I removed the "removeWat" and carried out the steps you suggested. Here's the diagnostic report as requested.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070424
Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {BFDC3C8F-6026-4B6B-AEE8-2066825B909C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Standard Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{BFDC3C8F-6026-4B6B-AEE8-2066825B909C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1311846861-47003359-73108029</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Aspire 5738 </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.16. </Version><SMBIOSVersion major="2" minor="5"/><Date>20090826000000.000000+000</Date></BIOS><HWID>9E373907018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>A5314378930F070</Val><Hash>soKeskPE8IwArxm2JqLuWWiEQ9A=</Hash><Pid>70141-056-0632897-56850</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070424' to display the error text.
Error: 0x80070424

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 4:2:2013 14:39
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070424
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAIAAAACAAAAAwABAAEAeqiu3ILDEscicK4mZBNsRykhUECIlEwBRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC ACRSYS ACRPRDCT
SSDT BrtRef DD01BRT
SSDT BrtRef DD01BRT

Wednesday, April 24, 2013 3:54 PM
0

Sign in to vote

have you been running any registry cleaners or speed up my pc type of products? if so name them.

Wednesday, April 24, 2013 4:06 PM

Answerer
0

Sign in to vote

There is a
problem with your Software Protection Service - something is preventing it from starting on demand the way it should.

Please use the following in an attempt to isolate the cause.

Click on Start

in the Search box, type

SERVICES.MSC

and hit the Enter key - accept the UAC prompt if you get one.

Look in the console for the Software Protection service, right-click on it and select
Properties.

make sure that the Startup Type is set to Automatic (Delayed Start), and click Apply.

Try starting the service now - do you get an error message?

Does it start? does it almost immediately stop again?

Post back with your results, and a new MGADiag report.

If it doesn't start, then please do the following...

Please open an Elevated (Administrator) Command Prompt window and use the following commands....

net start sppsvc

sc qc sppsvc

sc queryex sppsvc

sc qprivs sppsvc

sc qsidtype sppsvc

sc sdshow sppsvc

Copy and paste the output to your reply.

Here are some instructions to make life easier :)

1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.

2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.

3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Wednesday, April 24, 2013 5:33 PM

Moderator
0

Sign in to vote

Hi Noel

The software protection service isn't in the list under services.msc. I actually checked this yesterday as I remember reading something elsewhere about this being a potential cause of the problem.

I ran the commands anyway - here's what I got
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>net start sppsvc
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

C:\Windows\system32>sc qc sppsvc
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Windows\system32>sc queryex sppsvc
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Windows\system32>sc qprivs sppsvc
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Windows\system32>sc qsidtype sppsvc
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Windows\system32>sc sdshow sppsvc

Wednesday, April 24, 2013 6:10 PM
0

Sign in to vote

Hi George - No not that I'm aware of. I never seen much use for them. I always defragment my PC.

Wednesday, April 24, 2013 6:11 PM
0

Sign in to vote
That is almost certainly the result of either

1) using a registry cleaner

or

2) a malware infection - probably a form of Sirefef or ZeroAccess.

Highlight ALL the text (including the blank lines) code box, and hit CTRL+C (or right-click and select Copy)

sc create slsvc binPath= %SystemRoot%\System32\SLsvc.exe DisplayName= "Software Licensing" depend= Rpcss start= auto obj= "NT AUTHORITY\NetworkService" password= "" sc privs slsvc SeAuditPrivilege/SeChangeNotifyPrivilege/SeCreateGlobalPrivilege/SeImpersonatePrivilege sc sdset slsvc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) sc sidtype slsvc UNRESTRICTED

Open an Elevated Command Prompt window - click on the Start button, and in the Search box, type CMD. wait for the system to find the one file, then right-click on that and select Run as Administrator. Accept the UAC prompt if you get one

Right-click on the C:\ icon (top left of the window) and select Edit... >Paste

You should get Success responses after each line of code

when complete, reboot.

Test the outcome (MGADiag should now report properly on the state of the license), and post the MGADiag report.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.
Wednesday, April 24, 2013 6:28 PM

Moderator
0

Sign in to vote

Hi Noel

I carried out the steps you suggested and still no luck. It still says the status ID and Product ID is not available. I've provided another report. Thanks for your help so far by the way, I appreciate it.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070424
Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {BFDC3C8F-6026-4B6B-AEE8-2066825B909C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Standard Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{BFDC3C8F-6026-4B6B-AEE8-2066825B909C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1311846861-47003359-73108029</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Aspire 5738 </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.16. </Version><SMBIOSVersion major="2" minor="5"/><Date>20090826000000.000000+000</Date></BIOS><HWID>9E373907018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>A5314378930F070</Val><Hash>soKeskPE8IwArxm2JqLuWWiEQ9A=</Hash><Pid>70141-056-0632897-56850</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070424' to display the error text.
Error: 0x80070424

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 4:2:2013 14:39
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070424
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAIAAAABAAAAAwABAAEAeqiu3ILDEscicK4mZBNsR1BAiJRMAUbK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC ACRSYS ACRPRDCT
SSDT BrtRef DD01BRT
SSDT BrtRef DD01BRT

Wednesday, April 24, 2013 9:51 PM
0

Sign in to vote

- and it still says that the service is not installed :(

Please run the following commands and post the results.

REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\SLSVC

REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\SLSVC

REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\SPLDR

Then please download the Farbar Service Scanner from

http://www.bleepingcomputer.com/download/farbar-service-scanner/

Right-click on the saved file and select 'Run as Administrator', and tick all the options, then click on the Scan button - copy and paste the report to your response.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Thursday, April 25, 2013 6:39 AM

Moderator
0

Sign in to vote

Hi Noel. Here's the results from the first set of commands

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\SLSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SLSVC
Type REG_DWORD 0x10
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ C:\Windows\System32\SLsvc.exe
DisplayName REG_SZ Software Licensing
DependOnService REG_MULTI_SZ Rpcss
ObjectName REG_SZ NT AUTHORITY\NetworkService
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege\0SeChangeNotifyPrivil
ege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege
ServiceSidType REG_DWORD 0x1
DelayedAutostart REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SLSVC\Security

C:\Windows\system32>
C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\SLSVC
ERROR: The system was unable to find the specified registry key or value.

C:\Windows\system32>
C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\SPLDR

And here's the results from FSS

Farbar Service Scanner Version: 14-04-2013
Ran by Pete (administrator) on 25-04-2013 at 12:11:12
Running from "C:\Users\Pete\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Thursday, April 25, 2013 11:16 AM
0

Sign in to vote

The last registry query didn't run - please try it again...

REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\SPLDR

post the results.

Your firewall also appears to be turned off - are you using a third-party firewall?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Thursday, April 25, 2013 2:56 PM

Moderator
0

Sign in to vote

My firewall runs off Norton

Here's the results:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\SPLDR
ERROR: The system was unable to find the specified registry key or value.

C:\Windows\system32>

Thursday, April 25, 2013 6:01 PM
0

Sign in to vote

That explains a lot!

I've been playing pool tonight - so not in a fit state to prescribe :)

If you haven't heard from me in 24 hrs, SHOUT!

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Thursday, April 25, 2013 10:02 PM

Moderator
0

Sign in to vote

Haha

No problem buddy. I'll wait for your response. Thanks for your help so far.

Friday, April 26, 2013 10:38 AM
0

Sign in to vote

Ooops!

just realised that I'd posted the wrong Key name....

Please run this command - I've test it this time :)

REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /s

post the results.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Friday, April 26, 2013 11:34 AM

Moderator
0

Sign in to vote

Here's the results

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
DR /s

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
Service REG_SZ spldr
Legacy REG_DWORD 0x1
ConfigFlags REG_DWORD 0x400
Class REG_SZ LegacyDriver
ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}
DeviceDesc REG_SZ Security Processor Loader Driver
Capabilities REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control
ActiveService REG_SZ spldr

C:\Windows\system32>

Saturday, April 27, 2013 8:46 AM
0

Sign in to vote

Ok I ran the updated command and this seems to work. I posted the results in my previous comment. The second command also seems to fail though?

Here's what I get when I run the second command

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\SLSVC
ERROR: The system was unable to find the specified registry key or value.

C:\Windows\system32>

Saturday, April 27, 2013 9:18 AM
0

Sign in to vote
That one's not supposed to work :) - it's checked there because there's one piece of malware which appears to create the Key to hook into the system before the real SPPSVC gets a chance to start.

OMIGAWD!

I just realised what the problem is...

I've been posting replies suitable for a Vista installation, rather than Windows 7! (mea culpa!)

OK - let's correct that....

Please open an Elevated Command Prompt, and run the following commands....

REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\SLSVC /S sc create sppsvc binPath= %SystemRoot%\System32\sppsvc.exe DisplayName= "Software Protection" depend= Rpcss start= delayed-auto obj= "NT AUTHORITY\NetworkService" password= "" sc privs sppsvc SeAuditPrivilege/SeChangeNotifyPrivilege/SeCreateGlobalPrivilege/SeImpersonatePrivilege sc sdset sppsvc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LCRP;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) sc sidtype sppsvc UNRESTRICTED
.

post the results, and then reboot twice - run another MGADiag report and post that.

Sorry about the confusion - simply a case of trying to do too many things at once! :(

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.
- Marked as answer by MrBandicoot91 Saturday, April 27, 2013 9:52 AM
Saturday, April 27, 2013 9:36 AM

Moderator
0

Sign in to vote

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\SLSVC /S
ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.

C:\Windows\system32>sc create sppsvc binPath= %SystemRoot%\System32\sppsvc.exe D
isplayName= "Software Protection" depend= Rpcss start= delayed-auto obj= "NT AUT
HORITY\NetworkService" password= ""
[SC] CreateService FAILED 1073:

The specified service already exists.

C:\Windows\system32>sc privs sppsvc SeAuditPrivilege/SeChangeNotifyPrivilege/SeC
reateGlobalPrivilege/SeImpersonatePrivilege
[SC] ChangeServiceConfig2 SUCCESS

C:\Windows\system32>sc sdset sppsvc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRP
WPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LCRP;;
;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
[SC] SetServiceObjectSecurity SUCCESS

C:\Windows\system32>sc sidtype sppsvc UNRESTRICTED
[SC] ChangeServiceConfig2 SUCCESS

C:\Windows\system32>.

Ok about to reboot

Saturday, April 27, 2013 9:42 AM
0

Sign in to vote

Ok and here's the results of the MGA report after rebooting.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {BFDC3C8F-6026-4B6B-AEE8-2066825B909C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Standard Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{BFDC3C8F-6026-4B6B-AEE8-2066825B909C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1311846861-47003359-73108029</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Aspire 5738 </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.16. </Version><SMBIOSVersion major="2" minor="5"/><Date>20090826000000.000000+000</Date></BIOS><HWID>9E373907018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>A5314378930F070</Val><Hash>soKeskPE8IwArxm2JqLuWWiEQ9A=</Hash><Pid>70141-056-0632897-56850</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800006-02-1033-7600.0000-2332009
Installation ID: 015493000263767020935652427986298135541514616310722561
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7QJB7
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 27/04/2013 10:49:34

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 4:2:2013 14:39
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070424
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAIAAAABAAAAAwABAAEAeqiu3ILDEscicK4mZBNsR1BAiJRMAUbK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC ACRSYS ACRPRDCT
SSDT BrtRef DD01BRT
SSDT BrtRef DD01BRT

Saturday, April 27, 2013 9:50 AM
0

Sign in to vote

OMG - it worked!!. Now showing as activated and the product ID!! Thank you so much. Your a god. Hope I'm as smart as you some day. What was the problem then? Was it a Malware infection?

Saturday, April 27, 2013 9:52 AM
0

Sign in to vote

Also - What other problems might this have caused?

Saturday, April 27, 2013 10:06 AM
0

Sign in to vote

Let's see if it was malware, and if so, what other damage it did.....

Please download the Farbar Service Scanner from

http://www.bleepingcomputer.com/download/farbar-service-scanner/

Right-click on the saved file and select 'Run as Administrator', and tick all the options, then click on the Scan button - copy and paste the report to your response.

Please download and install Malwarebytes Anti-malware (free version) from http://www.malwarebytes.org/products/malwarebytes_free/ - UNtick 'Enable free trial of MBAM PRO' at the end of the installation - and update it, then run a full scan in your main account, and Quick scans in any other user accounts.

Delete everything it finds

post back with the results.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Saturday, April 27, 2013 10:13 AM

Moderator
0

Sign in to vote

Farbar Service Scanner Version: 14-04-2013
Ran by Pete (administrator) on 27-04-2013 at 11:17:40
Running from "C:\Users\Pete\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

I'm running the scan now for the malware. It has detected 6 items so far. I haven't renewed my Norton since Christmas so it's probably out of date with regards to virus definitions, might this be a potential cause??

Saturday, April 27, 2013 10:33 AM
0

Sign in to vote

Also - Would it be worth turning on my windows firewall as well as my Norton one?

Saturday, April 27, 2013 10:34 AM
0

Sign in to vote

You can check the status of Norton in their control panel. - do not try to run with both firewalls, as they will end up conflicting.

Personally, I would uninstall Norton completely, and run their removal tool, then install Microsoft Security Essentials

First uninstall Norton using the entry in Programs&Features

then download the Norton Removal Tool from here https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

Close all other programs, then run the tool. When it's complete, reboot the machine whether it asks for it or not.

After the reboot, open an Elevated Command Prompt, and run the following command

NETSH WINSOCK RESET

You'll be advised to reboot - do so.

The download MSE from here...

http://windows.microsoft.com/en-GB/windows/security-essentials-download

It has the big advantage of being free - and almost hassle-free so long as the initial install is OK.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Saturday, April 27, 2013 11:13 AM

Moderator
0

Sign in to vote

I just checked my subscription. It was renewed. But I haven't ran any scans. I need to look into this. Here's the report from the malware scanner. Detected 10 in total. I've deleted them. Can you shed any light on this and explained what has happened. Just so I can avoid the problem in the future.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pete :: PETE-PC [administrator]

27/04/2013 11:22:23
MBAM-log-2013-04-27 (12-40-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 396681
Time elapsed: 1 hour(s), 14 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.536.0\firefox\extensions -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> No action taken.

Files Detected: 4
C:\$Recycle.Bin\S-1-5-21-1311846861-47003359-73108029-1000\$RSIQWV7.rar (HackTool.Wpakill) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-1311846861-47003359-73108029-1000\$RZHCXL5.5\RemoveWAT.2.2.5.Hazar.carter67\RemoveWAT.exe (HackTool.Wpakill) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> No action taken.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> No action taken.

(end)

Saturday, April 27, 2013 11:44 AM
0

Sign in to vote

I see that you didn't remove any of the found items?

Most of them aren't too bad (just adware) but there are two which MUST be removed or your system is likely to become re-infected.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.

Both may have come as part of the package when you attempted to use the two activation hacks that are in the Recycle bin :)

Please run the following command as a final check that the SPPSVC is now properly configured.

REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\SPPSVC /S

post the results and then I think we can say we're done :)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Saturday, April 27, 2013 2:24 PM

Moderator
0

Sign in to vote

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\SPPSVC /S

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPPSVC
Type REG_DWORD 0x10
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ C:\Windows\System32\sppsvc.exe
DisplayName REG_SZ Software Protection
DependOnService REG_MULTI_SZ Rpcss
ObjectName REG_SZ NT AUTHORITY\NetworkService
DelayedAutostart REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege\0SeChangeNotifyPrivil
ege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege
ServiceSidType REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPPSVC\Security
Security REG_BINARY 01001480A0000000AC000000140000003000000002001C0001
00000002801400FF010F00010100000000000100000000020070000500000000001400FD01020001
010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D
010200010100000000000504000000000014009D0102000101000000000005060000000000140014
00000001010000000000050B000000010100000000000512000000010100000000000512000000

C:\Windows\system32>

Sorry, I copied the results before I deleted them. I'm going to run the malware scanner one last time just for safety.

Saturday, April 27, 2013 2:31 PM
0

Sign in to vote

There's just the minor error of missing Failure actions....

Click on the Start button

In the Search box, type

services.msc

and hit the Enter key

The Services console should open

Find the Software Protection service and double-click on it.

Click on the Recovery tab in the resulting popup.

Set the following settings....

First failure - Restart the Service

Second failure - Restart the Service

Subsequent failures - Take No Action

Reset fail count after - 1 day

Restart service after - 2 minutes

Click Apply, and the OK.

...and we're done :)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Saturday, April 27, 2013 3:03 PM

Moderator
0

Sign in to vote

Ok - What does this do?

Saturday, April 27, 2013 7:40 PM
0

Sign in to vote

It just ensures that the service restarts properly if it gets blocked for any reason.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Saturday, April 27, 2013 7:57 PM

Moderator
0

Sign in to vote

OK excellent. Thanks again for all your help :)

Sunday, April 28, 2013 11:51 AM
0

Sign in to vote

Good luck :)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.

Monday, April 29, 2013 9:28 AM

Moderator

Answered by:

Windows Activation and Project ID not displayed under system information

Question

Answers

All replies