Answered by:
An unauthorised change was made to Windows 0x80070426
Question
-
Hi,
I've been getting a similar message to others here, "An unauthorised change was made to Windows, you will no longer receive notifications, including those about your license or activation. Use the link below to find out how to fix the system."
The link takes me to the validation website, which does not progress beyond "validation in progress..."
The error code is 0x80070426, and description is "The service has not been started"
Furthermore, every time I start up, it says my copmuter did not shut down properly, and I can't download Windows updates!
I don't have Avast! installed! Any help would be appreciated. The MGAD result is below:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070426
Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
Windows Product ID: 89578-OEM-7359846-06722
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W8WVX</PKey><PID>89578-OEM-7359846-06722</PID><PIDType>3</PIDType><SID>S-1-5-21-3840245861-2515743749-3021389077</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7519</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.2</Version><SMBIOSVersion major="2" minor="5"/><Date>20080611000000.000000+000</Date></BIOS><HWID>10303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>7519MS</OEMID><OEMTableID>A7519200</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>9A7E98829D99F18</Val><Hash>9gXdDGkY6HAmF1lpviR29dvHl48=</Hash><Pid>81602-908-4113874-68178</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software Licensing service is not running.
Windows Activation Technologies-->
N/A
HWID Data-->
HWID Hash Current: SAAAAAIABgABAAEAAgAEAAAABQABAAEAJJSozWYpXWrKzeSBCieENEa84l/QWzACje/y9JqI1g0SmSBPFijyx6xWcoq+QUbK
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: no, invalid Windows marker
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 7519MS A7519200
FACP 7519MS A7519200
HPET 7519MS OEMHPET
MCFG 7519MS OEMMCFG
SLIC 7519MS A7519200
OEMB 7519MS A7519200
Tuesday, July 19, 2011 6:29 PM
Answers
-
"IainC86" wrote in message news:d6b94dbc-f537-4f15-8923-0c5a48d39f87...
Ok so a full scan and rootkit scan with AVG free produce no threats.
Malwarebyte produces this log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7215
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
21/07/2011 01:20:48
mbam-log-2011-07-21 (01-20-42).txt
Scan type: Full scan (C:\|)
Objects scanned: 432786
Time elapsed: 1 hour(s), 31 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Iain\favorites\cheap pharmacy online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\favorites\search online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\favorites\SMS TRAP.url (Rogue.Link) -> No action taken.
c:\Users\Iain\favorites\vip casino.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\search online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\SMS TRAP.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\vip casino.url (Rogue.Link) -> No action taken.
c:\Windows\System32\c.ico (Malware.Trace) -> No action taken.
c:\Windows\System32\m.ico (Malware.Trace) -> No action taken.
c:\Windows\System32\p.ico (Malware.Trace) -> No action taken.
c:\Windows\System32\s.ico (Malware.Trace) -> No action taken.
c:\Users\Iain\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\start menu\search online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\start menu\vip casino.url (Rogue.Link) -> No action taken.I guess I should remove all of these?
When I open Task Scheduler there is an error saying "The task image is corrupt or has been tampered with.mcupdate"
I can still look through and there doesn't seem to be anything iffy and nothing says failed.
Here are results of the CMD commands:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Iain>sc qc slsvc
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: slsvc
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\SLsvc.exe
LOAD_ORDER_GROUP : ProfSvc_Group
TAG : 0
DISPLAY_NAME : Software Licensing
DEPENDENCIES : RpcSs
SERVICE_START_NAME : NT AUTHORITY\NetworkService
C:\Users\Iain>scqueryex slsvc
'scqueryex' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Iain>sc queryex slsvc
SERVICE_NAME: slsvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : -1073426173 (0xc004d103)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
C:\Users\Iain>sc qprivs slsvc
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: slsvc
PRIVILEGES : SeAuditPrivilege
: SeChangeNotifyPrivilege
: SeCreateGlobalPrivilege
: SeImpersonatePrivilege
C:\Users\Iain>sc qsidtype slsvc
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: slsvc
SERVICE_SID_TYPE: UNRESTRICTED
C:\Users\Iain>sc sdshow slsvc
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Users\Iain>
Yes - please remove everything that MBAM found - it's not particularly nasty in itself, but it does mean that the system has been exposed , probably for a while.The error opening Task Scheduler is from McAfee, I think - you need to run the MCPR tool to get rid of the dregs of it left behind after an uninstall.Exit Code 0xc004d103 = The security processor reported that an error has occurred (not exactly rocket science!<g>)I can't see any problems with the CMD output apart from that.....I think that unless Darin has any better ideas, it's time to point you to WGA support, and see if they can assist - make sure that they see this thread, as it may help cut down the Q&A session.North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4
Outside North America: http://support.microsoft.com/contactus/?ws=support#tab0
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked as answer by Darin Smith MS Monday, July 25, 2011 10:19 PM
Thursday, July 21, 2011 10:26 AMModerator
All replies
-
"IainC86" wrote in message news:33076a71-36cd-42de-bce0-35f571eaa16d...
Hi,
I've been getting a similar message to others here, "An unauthorised change was made to Windows, you will no longer receive notifications, including those about your license or activation. Use the link below to find out how to fix the system."
The link takes me to the validation website, which does not progress beyond "validation in progress..."
The error code is 0x80070426, and description is "The service has not been started"
Furthermore, every time I start up, it says my copmuter did not shut down properly, and I can't download Windows updates!
I don't have Avast! installed! Any help would be appreciated. The MGAD result is below:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070426
Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
Windows Product ID: 89578-OEM-7359846-06722
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6002.2.00010300.2.0.003
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W8WVX</PKey><PID>89578-OEM-7359846-06722</PID><PIDType>3</PIDType><SID>S-1-5-21-3840245861-2515743749-3021389077</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7519</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.2</Version><SMBIOSVersion major="2" minor="5"/><Date>20080611000000.000000+000</Date></BIOS
Licensing Data-->
Software Licensing service is not running.
Your problem is at least partly because the Software Licensing Service is not running....this service is required to run all the time (or on demand) - if you've disabled it then that would cause your current problem.Please check that the Software Licensing service is set to startup type Automatic.
Click on Start
in the Search box, type
SERVICES.MSC
and hit the Enter key
Accept the UAC prompt that comes up
In the listing of Services, find the Software Licensing Service (SLSVC)
right-click on it, and select Properties.
make sure that the service Startup type is set to Automatic - click Apply if you've had to change anything.
Then try starting the service.
What is the result?
If you get an error message, please report back with the EXACT details.
If it succeeds, reboot - run an new MGADiag report, and post it back here
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothTuesday, July 19, 2011 7:09 PMModerator -
Hmm, odd. I checked, and it was already on automatic, however it wasn't running, so I started it, and rebooted. No error any more, but the updater still doesn't work. Looking again in Services, the Software Licensing is still on automatic however was not running and needed me to start it manually. Even then the Windows Updater doesn't work
Here is diagnostic after manual starting of Software Licensing. It now displays Started in the services Window:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070426
Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
Windows Product ID: 89578-OEM-7359846-06722
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W8WVX</PKey><PID>89578-OEM-7359846-06722</PID><PIDType>3</PIDType><SID>S-1-5-21-3840245861-2515743749-3021389077</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7519</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.2</Version><SMBIOSVersion major="2" minor="5"/><Date>20080611000000.000000+000</Date></BIOS><HWID>10303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>7519MS</OEMID><OEMTableID>A7519200</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>9A7E98829D99F18</Val><Hash>9gXdDGkY6HAmF1lpviR29dvHl48=</Hash><Pid>81602-908-4113874-68178</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software Licensing service is not running.
Windows Activation Technologies-->
N/A
HWID Data-->
HWID Hash Current: SAAAAAIABgABAAEAAgAEAAAABQABAAEAJJSozWYpXWrKzeSBCieENEa84l/QWzACje/y9JqI1g0SmSBPFijyx6xWcoq+QUbK
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: no, invalid Windows marker
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 7519MS A7519200
FACP 7519MS A7519200
HPET 7519MS OEMHPET
MCFG 7519MS OEMMCFG
SLIC 7519MS A7519200
OEMB 7519MS A7519200
Tuesday, July 19, 2011 7:56 PM -
"IainC86" wrote in message news:4d298c5e-d449-4d85-b579-f002259a61ef...
Hmm, odd. I checked, and it was already on automatic, however it wasn't running, so I started it, and rebooted. No error any more, but the updater still doesn't work. Looking again in Services, the Software Licensing is still on automatic however was not running and needed me to start it manually. Even then the Windows Updater doesn't work
Here is diagnostic after manual starting of Software Licensing. It now displays Started in the services Window:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070426
Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
Windows Product ID: 89578-OEM-7359846-06722
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6002.2.00010300.2.0.003
Please go to validate windows manually, at www.microsoft.com/genuine/validate - see what it reports, and post back with another MGADiag report.
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothTuesday, July 19, 2011 10:31 PMModerator -
Hi, so I tried that and it just says "Windows validation in progress, please do not navigate away" and does nothing. I left it for half an hour and no change. MGDADiag is below:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070426
Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
Windows Product ID: 89578-OEM-7359846-06722
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D95B6A7B-19A2-4C3D-9DA8-1AD0A6397718}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W8WVX</PKey><PID>89578-OEM-7359846-06722</PID><PIDType>3</PIDType><SID>S-1-5-21-3840245861-2515743749-3021389077</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7519</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.2</Version><SMBIOSVersion major="2" minor="5"/><Date>20080611000000.000000+000</Date></BIOS><HWID>10303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>7519MS</OEMID><OEMTableID>A7519200</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>9A7E98829D99F18</Val><Hash>9gXdDGkY6HAmF1lpviR29dvHl48=</Hash><Pid>81602-908-4113874-68178</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software Licensing service is not running.
Windows Activation Technologies-->
N/A
HWID Data-->
HWID Hash Current: SAAAAAIABgABAAEAAgAEAAAABQABAAEAJJSozWYpXWrKzeSBCieENEa84l/QWzACje/y9JqI1g0SmSBPFijyx6xWcoq+QUbK
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: no, invalid Windows marker
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 7519MS A7519200
FACP 7519MS A7519200
HPET 7519MS OEMHPET
MCFG 7519MS OEMMCFG
SLIC 7519MS A7519200
OEMB 7519MS A7519200
Wednesday, July 20, 2011 5:34 PM -
"IainC86" wrote in message news:d7ee0801-bca4-4fd8-964e-e0036cc2b260...
Hi, so I tried that and it just says "Windows validation in progress, please do not navigate away" and does nothing. I left it for half an hour and no change. MGDADiag is below:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x80070426
Windows Product Key: *****-*****-6HKYP-27C6W-W8WVX
Windows Product Key Hash: Phz5GDSGKhgVqvfX9CSsoufAHdU=
Windows Product ID: 89578-OEM-7359846-06722
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6002.2.00010300.2.0.003
Licensing Data-->
Software Licensing service is not running.
Interesting - your Software Licensing Service has become stopped for some reason.There's no indication as to why - so try this....Please check that the Software Licensing service is set to startup type Automatic.
Click on Start
in the Search box, type
SERVICES.MSC
and hit the Enter key
Accept the UAC prompt that comes up
In the listing of Services, find the Software Licensing Service (SLSVC)
right-click on it, and select Properties.
make sure that the service Startup type is set to Automatic - click Apply if you've had to change anything.
Then try starting the service.
What is the result?
If you get an error message, please report back with the EXACT details.
If it succeeds, reboot - run an new MGADiag report, and post it back here
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, July 20, 2011 5:52 PMModerator -
I've tried that in response to your first post, unless I'm missing something? It's already set to automatic, but hadn't actually started so I started it. There was no error message but Windows Update still didn't work. I rebooted and the Software Licensing wasn't running anymore even with startup type as automaticWednesday, July 20, 2011 6:23 PM
-
"IainC86" wrote in message news:14de5e61-4433-421a-b329-7185c1cd6192...I've tried that in response to your first post, unless I'm missing something? It's already set to automatic, but hadn't actually started so I started it. There was no error message but Windows Update still didn't work. I rebooted and the Software Licensing wasn't running anymore even with startup type as automatic
Duh! - sorry 'bout that - was working on another machine at the time....There's obviously something that is actively interfering with the service.A couple of thoughts....1) malware2) something in the Task Scheduler (possibly left over from 1, or possibly something else)3) registry problems1) Do a Full System scan with a good Anti-Virus with updated definitions, and a full system scan with updated definitions using Malwarebytes Anti-Malware ( free - www.malwarebytes.org - do NOT enable the real-time protection mode, as it may conflict with your anti-virus.)2) Unfortunately the Task Scheduler in Windows Vista/7 is a rather complex and unsearchable database even by default, and it can take ages to look through the (active) entries to find one that's relevant.Start by looking at the default view and see if there's any 'failures' noted, and which tasks are in the Active list - then see if there's anything that seems relevant. do NOT attempt to modify anything!!! report back with details of anything that looks 'iffy'3) Problems in the registry can be caused by malware, accident, or bad programming/applications.Have you used any form of Registry 'Cleaner/Optimiser'?Please open an Elevated (Administrator) Command Prompt window and use the following commands....
sc qc slsvc
sc queryex slsvc
sc qprivs slsvc
sc qsidtype slsvc
sc sdshow slsvc
copy and paste the results into your response. (click on the black/white icon top left of the window, click on Edit...>Select All, and hit the Enter key to copy the whole thing to the clipboard, you can then paste it to your response)
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, July 20, 2011 6:55 PMModerator -
Ok so a full scan and rootkit scan with AVG free produce no threats.
Malwarebyte produces this log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7215
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
21/07/2011 01:20:48
mbam-log-2011-07-21 (01-20-42).txt
Scan type: Full scan (C:\|)
Objects scanned: 432786
Time elapsed: 1 hour(s), 31 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Iain\favorites\cheap pharmacy online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\favorites\search online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\favorites\SMS TRAP.url (Rogue.Link) -> No action taken.
c:\Users\Iain\favorites\vip casino.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\search online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\SMS TRAP.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\vip casino.url (Rogue.Link) -> No action taken.
c:\Windows\System32\c.ico (Malware.Trace) -> No action taken.
c:\Windows\System32\m.ico (Malware.Trace) -> No action taken.
c:\Windows\System32\p.ico (Malware.Trace) -> No action taken.
c:\Windows\System32\s.ico (Malware.Trace) -> No action taken.
c:\Users\Iain\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\start menu\search online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\start menu\vip casino.url (Rogue.Link) -> No action taken.I guess I should remove all of these?
When I open Task Scheduler there is an error saying "The task image is corrupt or has been tampered with.mcupdate"
I can still look through and there doesn't seem to be anything iffy and nothing says failed.
Here are results of the CMD commands:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Iain>sc qc slsvc
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: slsvc
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\SLsvc.exe
LOAD_ORDER_GROUP : ProfSvc_Group
TAG : 0
DISPLAY_NAME : Software Licensing
DEPENDENCIES : RpcSs
SERVICE_START_NAME : NT AUTHORITY\NetworkService
C:\Users\Iain>scqueryex slsvc
'scqueryex' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Iain>sc queryex slsvc
SERVICE_NAME: slsvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : -1073426173 (0xc004d103)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
C:\Users\Iain>sc qprivs slsvc
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: slsvc
PRIVILEGES : SeAuditPrivilege
: SeChangeNotifyPrivilege
: SeCreateGlobalPrivilege
: SeImpersonatePrivilege
C:\Users\Iain>sc qsidtype slsvc
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: slsvc
SERVICE_SID_TYPE: UNRESTRICTED
C:\Users\Iain>sc sdshow slsvc
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Users\Iain>Thursday, July 21, 2011 12:22 AM -
"IainC86" wrote in message news:d6b94dbc-f537-4f15-8923-0c5a48d39f87...
Ok so a full scan and rootkit scan with AVG free produce no threats.
Malwarebyte produces this log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7215
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
21/07/2011 01:20:48
mbam-log-2011-07-21 (01-20-42).txt
Scan type: Full scan (C:\|)
Objects scanned: 432786
Time elapsed: 1 hour(s), 31 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Iain\favorites\cheap pharmacy online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\favorites\search online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\favorites\SMS TRAP.url (Rogue.Link) -> No action taken.
c:\Users\Iain\favorites\vip casino.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\search online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\SMS TRAP.url (Rogue.Link) -> No action taken.
c:\Users\Iain\AppData\Roaming\microsoft\Windows\start menu\vip casino.url (Rogue.Link) -> No action taken.
c:\Windows\System32\c.ico (Malware.Trace) -> No action taken.
c:\Windows\System32\m.ico (Malware.Trace) -> No action taken.
c:\Windows\System32\p.ico (Malware.Trace) -> No action taken.
c:\Windows\System32\s.ico (Malware.Trace) -> No action taken.
c:\Users\Iain\start menu\cheap pharmacy online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\start menu\search online.url (Rogue.Link) -> No action taken.
c:\Users\Iain\start menu\vip casino.url (Rogue.Link) -> No action taken.I guess I should remove all of these?
When I open Task Scheduler there is an error saying "The task image is corrupt or has been tampered with.mcupdate"
I can still look through and there doesn't seem to be anything iffy and nothing says failed.
Here are results of the CMD commands:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Iain>sc qc slsvc
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: slsvc
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\SLsvc.exe
LOAD_ORDER_GROUP : ProfSvc_Group
TAG : 0
DISPLAY_NAME : Software Licensing
DEPENDENCIES : RpcSs
SERVICE_START_NAME : NT AUTHORITY\NetworkService
C:\Users\Iain>scqueryex slsvc
'scqueryex' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Iain>sc queryex slsvc
SERVICE_NAME: slsvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : -1073426173 (0xc004d103)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
C:\Users\Iain>sc qprivs slsvc
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: slsvc
PRIVILEGES : SeAuditPrivilege
: SeChangeNotifyPrivilege
: SeCreateGlobalPrivilege
: SeImpersonatePrivilege
C:\Users\Iain>sc qsidtype slsvc
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: slsvc
SERVICE_SID_TYPE: UNRESTRICTED
C:\Users\Iain>sc sdshow slsvc
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Users\Iain>
Yes - please remove everything that MBAM found - it's not particularly nasty in itself, but it does mean that the system has been exposed , probably for a while.The error opening Task Scheduler is from McAfee, I think - you need to run the MCPR tool to get rid of the dregs of it left behind after an uninstall.Exit Code 0xc004d103 = The security processor reported that an error has occurred (not exactly rocket science!<g>)I can't see any problems with the CMD output apart from that.....I think that unless Darin has any better ideas, it's time to point you to WGA support, and see if they can assist - make sure that they see this thread, as it may help cut down the Q&A session.North America: http://support.microsoft.com/contactus/cu_sc_genadv_master?ws=support&ws=support#tab4
Outside North America: http://support.microsoft.com/contactus/?ws=support#tab0
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked as answer by Darin Smith MS Monday, July 25, 2011 10:19 PM
Thursday, July 21, 2011 10:26 AMModerator -
Ok, I'll get in contact with them. Thanks very much for your suggestions! I'll keep cheking this to see if there are any more. Would you like me to post a solution if WGA support manage to come up with one?Thursday, July 21, 2011 10:51 AM
-
Yes please!
Thanks for the offer.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothThursday, July 21, 2011 12:12 PMModerator -
Oh, by the way, running the McAfee remover didn't fix the Task Scheduler error...but I'll take that up with the support people too so don't worry!Thursday, July 21, 2011 4:51 PM
-
"IainC86" wrote in message news:55d476e9-6622-42a3-bd08-ed3baecd2a32...Oh, by the way, running the McAfee remover didn't fix the Task Scheduler error...but I'll take that up with the support people too so don't worry!
Ah - they'll probably say that it's McAfee's fault (which it is), and tell you to contact them..... Try and force them into a fix <g>
--
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothThursday, July 21, 2011 9:53 PMModerator
