none
An unauthorised change was made to Windows 0x80070426

    Question

  • Hi,

    I've been getting a similar message to others here, "An unauthorised change was made to Windows, you will no longer receive notifications, including those about your license or activation. Use the link below to find out how to fix the system."

     

    The link takes me to the validation website, which does not progress beyond "validation in progress..."

     

    The error code is 0x80070426, and description is "The service has not been started"

     

    Furthermore, every time I start up, it says my copmuter did not shut down properly, and I can't download Windows updates!

     

    I don't have Avast! installed! Any help would be appreciated. The MGAD result is below:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
    Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
    Windows Product ID: 89578-OEM-7359846-06722
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.101014-0432
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W8WVX</PKey><PID>89578-OEM-7359846-06722</PID><PIDType>3</PIDType><SID>S-1-5-21-3840245861-2515743749-3021389077</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7519</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.2</Version><SMBIOSVersion major="2" minor="5"/><Date>20080611000000.000000+000</Date></BIOS><HWID>10303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>7519MS</OEMID><OEMTableID>A7519200</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>9A7E98829D99F18</Val><Hash>9gXdDGkY6HAmF1lpviR29dvHl48=</Hash><Pid>81602-908-4113874-68178</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software Licensing service is not running.

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: SAAAAAIABgABAAEAAgAEAAAABQABAAEAJJSozWYpXWrKzeSBCieENEa84l/QWzACje/y9JqI1g0SmSBPFijyx6xWcoq+QUbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: no, invalid Windows marker
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            7519MS        A7519200
      FACP            7519MS        A7519200
      HPET            7519MS        OEMHPET
      MCFG            7519MS        OEMMCFG
      SLIC            7519MS        A7519200
      OEMB            7519MS        A7519200



     

    Tuesday, July 19, 2011 6:29 PM

Answers

  • "IainC86" wrote in message news:d6b94dbc-f537-4f15-8923-0c5a48d39f87...

    Ok so a full scan and rootkit scan with AVG free produce no threats.

     

    Malwarebyte produces this log:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7215

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    21/07/2011 01:20:48
    mbam-log-2011-07-21 (01-20-42).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 432786
    Time elapsed: 1 hour(s), 31 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 15

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Iain\favorites\cheap pharmacy online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\favorites\search online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\favorites\SMS TRAP.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\favorites\vip casino.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\search online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\SMS TRAP.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\vip casino.url (Rogue.Link) -> No action taken.
    c:\Windows\System32\c.ico (Malware.Trace) -> No action taken.
    c:\Windows\System32\m.ico (Malware.Trace) -> No action taken.
    c:\Windows\System32\p.ico (Malware.Trace) -> No action taken.
    c:\Windows\System32\s.ico (Malware.Trace) -> No action taken.
    c:\Users\Iain\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\start menu\search online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\start menu\vip casino.url (Rogue.Link) -> No action taken.

    I guess I should remove all of these?

     

    When I open Task Scheduler there is an error saying "The task image is corrupt or has been tampered with.mcupdate"

    I can still look through and there doesn't seem to be anything iffy and nothing says failed.

     

    Here are results of the CMD commands:

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\Iain>sc qc slsvc
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: slsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\SLsvc.exe
            LOAD_ORDER_GROUP   : ProfSvc_Group
            TAG                : 0
            DISPLAY_NAME       : Software Licensing
            DEPENDENCIES       : RpcSs
            SERVICE_START_NAME : NT AUTHORITY\NetworkService

    C:\Users\Iain>scqueryex slsvc
    'scqueryex' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Users\Iain>sc queryex slsvc

    SERVICE_NAME: slsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : -1073426173  (0xc004d103)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 0
            FLAGS              :

    C:\Users\Iain>sc qprivs slsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: slsvc
            PRIVILEGES       : SeAuditPrivilege
                             : SeChangeNotifyPrivilege
                             : SeCreateGlobalPrivilege
                             : SeImpersonatePrivilege

    C:\Users\Iain>sc qsidtype slsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: slsvc
    SERVICE_SID_TYPE:  UNRESTRICTED

    C:\Users\Iain>sc sdshow slsvc

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    C:\Users\Iain>


     
    Yes - please remove everything that MBAM found - it's not particularly nasty in itself, but it does mean that the system has been exposed , probably for a while.
    The error opening Task Scheduler is from McAfee, I think - you need to run the MCPR tool to get rid of the dregs of it left behind after an uninstall.
    Exit Code 0xc004d103 = The security processor reported that an error has occurred (not exactly rocket science!<g>)
     
    I can't see any problems with the CMD output apart from that.....
     
    I think that unless Darin has any better ideas, it's time to point you to WGA support, and see if they can assist - make sure that they see this thread, as it may help cut down the Q&A session.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, July 21, 2011 10:26 AM
    Moderator

All replies

  • "IainC86" wrote in message news:33076a71-36cd-42de-bce0-35f571eaa16d...

    Hi,

    I've been getting a similar message to others here, "An unauthorised change was made to Windows, you will no longer receive notifications, including those about your license or activation. Use the link below to find out how to fix the system."

     

    The link takes me to the validation website, which does not progress beyond "validation in progress..."

     

    The error code is 0x80070426, and description is "The service has not been started"

     

    Furthermore, every time I start up, it says my copmuter did not shut down properly, and I can't download Windows updates!

     

    I don't have Avast! installed! Any help would be appreciated. The MGAD result is below:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
    Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
    Windows Product ID: 89578-OEM-7359846-06722
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6002.2.00010300.2.0.003



    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W8WVX</PKey><PID>89578-OEM-7359846-06722</PID><PIDType>3</PIDType><SID>S-1-5-21-3840245861-2515743749-3021389077</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7519</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.2</Version><SMBIOSVersion major="2" minor="5"/><Date>20080611000000.000000+000</Date></BIOS


    Licensing Data-->
    Software Licensing service is not running.




     


    Your problem is at least partly because the Software Licensing Service is not running....
    this service is required to run all the time (or on demand) - if you've disabled it then that would cause your current problem.
     
    Please check that the Software Licensing service is set to startup type Automatic.
     
    Click on Start
    in the Search box, type
    SERVICES.MSC
    and hit the Enter key
    Accept the UAC prompt that comes up
    In the listing of Services, find the Software Licensing Service (SLSVC)
    right-click on it, and select Properties.
    make sure that the service Startup type is set to Automatic - click Apply if you've had to change anything.
     
    Then try starting the service.
    What is the result?
     
    If you get an error message, please report back with the EXACT details.
     
    If it succeeds, reboot - run an new MGADiag report, and post it back here
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, July 19, 2011 7:09 PM
    Moderator
  • Hmm, odd. I checked, and it was already on automatic, however it wasn't running, so I started it, and rebooted. No error any more, but the updater still doesn't work. Looking again in Services, the Software Licensing is still on automatic however was not running and needed me to start it manually. Even then the Windows Updater doesn't work

     

    Here is diagnostic after manual starting of Software Licensing. It now displays Started in the services Window:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
    Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
    Windows Product ID: 89578-OEM-7359846-06722
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.101014-0432
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W8WVX</PKey><PID>89578-OEM-7359846-06722</PID><PIDType>3</PIDType><SID>S-1-5-21-3840245861-2515743749-3021389077</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7519</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.2</Version><SMBIOSVersion major="2" minor="5"/><Date>20080611000000.000000+000</Date></BIOS><HWID>10303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>7519MS</OEMID><OEMTableID>A7519200</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>9A7E98829D99F18</Val><Hash>9gXdDGkY6HAmF1lpviR29dvHl48=</Hash><Pid>81602-908-4113874-68178</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software Licensing service is not running.

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: SAAAAAIABgABAAEAAgAEAAAABQABAAEAJJSozWYpXWrKzeSBCieENEa84l/QWzACje/y9JqI1g0SmSBPFijyx6xWcoq+QUbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: no, invalid Windows marker
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            7519MS        A7519200
      FACP            7519MS        A7519200
      HPET            7519MS        OEMHPET
      MCFG            7519MS        OEMMCFG
      SLIC            7519MS        A7519200
      OEMB            7519MS        A7519200



    Tuesday, July 19, 2011 7:56 PM
  • "IainC86" wrote in message news:4d298c5e-d449-4d85-b579-f002259a61ef...

    Hmm, odd. I checked, and it was already on automatic, however it wasn't running, so I started it, and rebooted. No error any more, but the updater still doesn't work. Looking again in Services, the Software Licensing is still on automatic however was not running and needed me to start it manually. Even then the Windows Updater doesn't work

     

    Here is diagnostic after manual starting of Software Licensing. It now displays Started in the services Window:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
    Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
    Windows Product ID: 89578-OEM-7359846-06722
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6002.2.00010300.2.0.003





    Please go to validate windows manually, at www.microsoft.com/genuine/validate  - see what it reports, and post back with another MGADiag report.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, July 19, 2011 10:31 PM
    Moderator
  • Hi, so I tried that and it just says "Windows validation in progress, please do not navigate away" and does nothing. I left it for half an hour and no change. MGDADiag is below:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
    Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
    Windows Product ID: 89578-OEM-7359846-06722
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.101014-0432
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W8WVX</PKey><PID>89578-OEM-7359846-06722</PID><PIDType>3</PIDType><SID>S-1-5-21-3840245861-2515743749-3021389077</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7519</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.2</Version><SMBIOSVersion major="2" minor="5"/><Date>20080611000000.000000+000</Date></BIOS><HWID>10303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>7519MS</OEMID><OEMTableID>A7519200</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>9A7E98829D99F18</Val><Hash>9gXdDGkY6HAmF1lpviR29dvHl48=</Hash><Pid>81602-908-4113874-68178</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software Licensing service is not running.

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: SAAAAAIABgABAAEAAgAEAAAABQABAAEAJJSozWYpXWrKzeSBCieENEa84l/QWzACje/y9JqI1g0SmSBPFijyx6xWcoq+QUbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: no, invalid Windows marker
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            7519MS        A7519200
      FACP            7519MS        A7519200
      HPET            7519MS        OEMHPET
      MCFG            7519MS        OEMMCFG
      SLIC            7519MS        A7519200
      OEMB            7519MS        A7519200



    Wednesday, July 20, 2011 5:34 PM
  • "IainC86" wrote in message news:d7ee0801-bca4-4fd8-964e-e0036cc2b260...

    Hi, so I tried that and it just says "Windows validation in progress, please do not navigate away" and does nothing. I left it for half an hour and no change. MGDADiag is below:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
    Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
    Windows Product ID: 89578-OEM-7359846-06722
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6002.2.00010300.2.0.003


    Licensing Data-->
    Software Licensing service is not running.




    Interesting - your Software Licensing Service has become stopped for some reason.
    There's no indication as to why - so try this....
    Please check that the Software Licensing service is set to startup type Automatic.
     
    Click on Start
    in the Search box, type
    SERVICES.MSC
    and hit the Enter key
    Accept the UAC prompt that comes up
    In the listing of Services, find the Software Licensing Service (SLSVC)
    right-click on it, and select Properties.
    make sure that the service Startup type is set to Automatic - click Apply if you've had to change anything.
     
    Then try starting the service.
    What is the result?
     
    If you get an error message, please report back with the EXACT details.
     
    If it succeeds, reboot - run an new MGADiag report, and post it back here
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, July 20, 2011 5:52 PM
    Moderator
  • I've tried that in response to your first post, unless I'm missing something? It's already set to automatic, but hadn't actually started so I started it. There was no error message but Windows Update still didn't work. I rebooted and the Software Licensing wasn't running anymore even with startup type as automatic
    Wednesday, July 20, 2011 6:23 PM
  • "IainC86" wrote in message news:14de5e61-4433-421a-b329-7185c1cd6192...
    I've tried that in response to your first post, unless I'm missing something? It's already set to automatic, but hadn't actually started so I started it. There was no error message but Windows Update still didn't work. I rebooted and the Software Licensing wasn't running anymore even with startup type as automatic

    Duh! - sorry 'bout that - was working on another machine at the time....
     
    There's obviously something that is actively interfering with the service.
    A couple of thoughts....
    1) malware
    2) something in the Task Scheduler (possibly left over from 1, or possibly something else)
    3) registry problems
     
    1) Do a Full System scan with a good Anti-Virus with updated definitions, and a full system scan with updated definitions using Malwarebytes Anti-Malware ( free - www.malwarebytes.org - do NOT enable the real-time protection mode, as it may conflict with your anti-virus.)
     
    2) Unfortunately the Task Scheduler in Windows Vista/7 is a rather complex and unsearchable  database even by default, and it can take ages to look through the (active) entries to find one that's relevant.
        Start by looking at the default view and see if there's any 'failures' noted, and which tasks are in the Active list - then see if there's anything that seems relevant. do NOT attempt to modify anything!!! report back with details of anything that looks 'iffy'
     
    3) Problems in the registry can be caused by malware, accident, or bad programming/applications.
        Have you used any form of Registry 'Cleaner/Optimiser'?
        Please open an Elevated (Administrator) Command Prompt window and use the following commands....
    sc qc slsvc
    sc queryex slsvc
    sc qprivs slsvc
    sc qsidtype slsvc
    sc sdshow slsvc
     
    copy and paste the results into your response. (click on the black/white icon top left of the window, click on Edit...>Select All, and hit the Enter key to copy the whole thing to the clipboard, you can then paste it to your response)
     
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, July 20, 2011 6:55 PM
    Moderator
  • Ok so a full scan and rootkit scan with AVG free produce no threats.

     

    Malwarebyte produces this log:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7215

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    21/07/2011 01:20:48
    mbam-log-2011-07-21 (01-20-42).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 432786
    Time elapsed: 1 hour(s), 31 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 15

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Iain\favorites\cheap pharmacy online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\favorites\search online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\favorites\SMS TRAP.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\favorites\vip casino.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\search online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\SMS TRAP.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\vip casino.url (Rogue.Link) -> No action taken.
    c:\Windows\System32\c.ico (Malware.Trace) -> No action taken.
    c:\Windows\System32\m.ico (Malware.Trace) -> No action taken.
    c:\Windows\System32\p.ico (Malware.Trace) -> No action taken.
    c:\Windows\System32\s.ico (Malware.Trace) -> No action taken.
    c:\Users\Iain\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\start menu\search online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\start menu\vip casino.url (Rogue.Link) -> No action taken.

    I guess I should remove all of these?

     

    When I open Task Scheduler there is an error saying "The task image is corrupt or has been tampered with.mcupdate"

    I can still look through and there doesn't seem to be anything iffy and nothing says failed.

     

    Here are results of the CMD commands:

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\Iain>sc qc slsvc
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: slsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\SLsvc.exe
            LOAD_ORDER_GROUP   : ProfSvc_Group
            TAG                : 0
            DISPLAY_NAME       : Software Licensing
            DEPENDENCIES       : RpcSs
            SERVICE_START_NAME : NT AUTHORITY\NetworkService

    C:\Users\Iain>scqueryex slsvc
    'scqueryex' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Users\Iain>sc queryex slsvc

    SERVICE_NAME: slsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : -1073426173  (0xc004d103)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 0
            FLAGS              :

    C:\Users\Iain>sc qprivs slsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: slsvc
            PRIVILEGES       : SeAuditPrivilege
                             : SeChangeNotifyPrivilege
                             : SeCreateGlobalPrivilege
                             : SeImpersonatePrivilege

    C:\Users\Iain>sc qsidtype slsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: slsvc
    SERVICE_SID_TYPE:  UNRESTRICTED

    C:\Users\Iain>sc sdshow slsvc

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
    RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    C:\Users\Iain>

    Thursday, July 21, 2011 12:22 AM
  • "IainC86" wrote in message news:d6b94dbc-f537-4f15-8923-0c5a48d39f87...

    Ok so a full scan and rootkit scan with AVG free produce no threats.

     

    Malwarebyte produces this log:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7215

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    21/07/2011 01:20:48
    mbam-log-2011-07-21 (01-20-42).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 432786
    Time elapsed: 1 hour(s), 31 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 15

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Iain\favorites\cheap pharmacy online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\favorites\search online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\favorites\SMS TRAP.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\favorites\vip casino.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\search online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\SMS TRAP.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\vip casino.url (Rogue.Link) -> No action taken.
    c:\Windows\System32\c.ico (Malware.Trace) -> No action taken.
    c:\Windows\System32\m.ico (Malware.Trace) -> No action taken.
    c:\Windows\System32\p.ico (Malware.Trace) -> No action taken.
    c:\Windows\System32\s.ico (Malware.Trace) -> No action taken.
    c:\Users\Iain\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\start menu\search online.url (Rogue.Link) -> No action taken.
    c:\Users\Iain\start menu\vip casino.url (Rogue.Link) -> No action taken.

    I guess I should remove all of these?

     

    When I open Task Scheduler there is an error saying "The task image is corrupt or has been tampered with.mcupdate"

    I can still look through and there doesn't seem to be anything iffy and nothing says failed.

     

    Here are results of the CMD commands:

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\Iain>sc qc slsvc
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: slsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\SLsvc.exe
            LOAD_ORDER_GROUP   : ProfSvc_Group
            TAG                : 0
            DISPLAY_NAME       : Software Licensing
            DEPENDENCIES       : RpcSs
            SERVICE_START_NAME : NT AUTHORITY\NetworkService

    C:\Users\Iain>scqueryex slsvc
    'scqueryex' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Users\Iain>sc queryex slsvc

    SERVICE_NAME: slsvc
            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : -1073426173  (0xc004d103)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 0
            FLAGS              :

    C:\Users\Iain>sc qprivs slsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: slsvc
            PRIVILEGES       : SeAuditPrivilege
                             : SeChangeNotifyPrivilege
                             : SeCreateGlobalPrivilege
                             : SeImpersonatePrivilege

    C:\Users\Iain>sc qsidtype slsvc
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: slsvc
    SERVICE_SID_TYPE:  UNRESTRICTED

    C:\Users\Iain>sc sdshow slsvc

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    C:\Users\Iain>


     
    Yes - please remove everything that MBAM found - it's not particularly nasty in itself, but it does mean that the system has been exposed , probably for a while.
    The error opening Task Scheduler is from McAfee, I think - you need to run the MCPR tool to get rid of the dregs of it left behind after an uninstall.
    Exit Code 0xc004d103 = The security processor reported that an error has occurred (not exactly rocket science!<g>)
     
    I can't see any problems with the CMD output apart from that.....
     
    I think that unless Darin has any better ideas, it's time to point you to WGA support, and see if they can assist - make sure that they see this thread, as it may help cut down the Q&A session.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, July 21, 2011 10:26 AM
    Moderator
  • Ok, I'll get in contact with them. Thanks very much for your suggestions! I'll keep cheking this to see if there are any more. Would you like me to post a solution if WGA support manage to come up with one?
    Thursday, July 21, 2011 10:51 AM
  • Yes please!

     

    Thanks for the offer.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, July 21, 2011 12:12 PM
    Moderator
  • Oh, by the way, running the McAfee remover didn't fix the Task Scheduler error...but I'll take that up with the support people too so don't worry!
    Thursday, July 21, 2011 4:51 PM
  • "IainC86" wrote in message news:55d476e9-6622-42a3-bd08-ed3baecd2a32...
    Oh, by the way, running the McAfee remover didn't fix the Task Scheduler error...but I'll take that up with the support people too so don't worry!

    Ah - they'll probably say that it's McAfee's fault (which it is), and tell you to contact them..... Try and force them into a fix <g>
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, July 21, 2011 9:53 PM
    Moderator