none
Another "You may be a victim of Software Counterfeiting" issue timcos RRS feed

  • Question

  • Howdy,

    Been using my Sony Vaio for about 2 years.  In the past couple weeks I have gotten the following warning.  I cannot run defrag, windowsupdate etc.

    I get this warning when trying to copy my MCDiag.

    Here are my MCDiag screens

    Thanks in advance for all your help.

    Tim

    Sunday, September 2, 2012 1:56 PM

Answers

  • uh-oooh! :(

    I think we could have problems here.

    It looks like all your MUI files have the same spurious date.

    All the file sizes appear to be right.

    I think your best route forward is going to be a repair install - while you shouldn't lose any data, there is a risk, so back up all data to external media first.

     

    Download the SP1 Refresh for your language and edition from the links on these pages...

     

    Heidoc -Microsoft DR Download links

     

    The links are for downloads from the Digital River servers run for MS, so are about as safe as
    you can get :)

     

    Once you have it downloaded, you then need to burn the DVD from it - use either the Windows Disk Image Burner, or (better still) your favourite burning application at the slowest speed possible.

     

    Note that you do NOT  'drag and drop' the file to the disk, you must use the 'burn an image' option
    from your app - or you'll end up with a useless coaster :)

     

    Once you have the disk burnt, check that it boots the (or any other) system OK - but do NOT start
    the repair from there - you must start the repair from within a normal Windows boot.

     

    Follow the instructions in this tutorial - http://www.sevenforums.com/tutorials/3413-repair-install.html  - and they should help you get through it (it's not as difficult as it looks!)

     

    Always ask questions first if you're unsure - either here, or in sevenforums.

     

    Good luck with it!



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 2, 2012 5:53 PM
    Moderator

All replies

  • PPLEASE DELETE ALL THE MGADIAG PICTURES - AND INSTEAD POST THE REPORT AS REQUESTED

    To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool
    (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
     Once saved, run the tool.
    Click on the Continue button, which will produce the report.
     To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
      - **in your own thread**, please

    Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine (or inside the battery compartment), but do NOT quote the Key on the sticker!
    http://www.microsoft.com/en-us/howtotell/Hardware.aspx


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Sunday, September 2, 2012 2:11 PM
    Moderator
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-VGV87-C7XPK-CGKHQ
    Windows Product Key Hash: sdEjrEJjW0FuXAhegYxl8GAkBYg=
    Windows Product ID: 00359-OEM-8992687-00016
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {7299CA7C-794F-46C7-8B95-B8AD1EE314F0}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office FrontPage 2003 - 100 Genuine
    Microsoft Office Ultimate 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7299CA7C-794F-46C7-8B95-B8AD1EE314F0}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-CGKHQ</PKey><PID>00359-OEM-8992687-00016</PID><PIDType>2</PIDType><SID>S-1-5-21-1412868741-2912094190-1034765360</SID><SYSTEM><Manufacturer>Sony Corporation</Manufacturer><Model>VGN-NW270F</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R1120Y4</Version><SMBIOSVersion major="2" minor="4"/><Date>20090820000000.000000+000</Date></BIOS><HWID>82E53B07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>Sony</OEMID><OEMTableID>VAIO</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91170409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office FrontPage 2003</Name><Ver>11</Ver><Val>37F7758232EEDFA</Val><Hash>BMxhHIMl8QMkKZrYHUeoATjCV90=</Hash><Pid>72079-765-1627273-55474</Pid><PidType>1</PidType></Product><Product GUID="{91120000-002E-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Ultimate 2007</Name><Ver>12</Ver><Val>812E1DC95388EC0</Val><Hash>ISMo6CdKinHlBKURzbolmOMeuHc=</Hash><Pid>81608-864-4241073-65729</Pid><PidType>8</PidType></Product></Products><Applications><App Id="17" Version="11" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
    Error: 0xC004F012

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000300000003EFF6
    Event Time Stamp: 6:13:2012 03:58
    ActiveX: Not Registered - 0x80070003
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys
    Tampered Service: sppsvc
    Tampered Service: sppuinotify


    HWID Data-->
    HWID Hash Current: NAAAAAEAAwABAAIAAAABAAAAAwABAAEA6GFcMMJXMsG+lSBA4D5EUeihzkf2DcJ6qgJGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            Sony        VAIO
      FACP            Sony        VAIO
      HPET            Sony        VAIO
      MCFG            Sony        VAIO
      SLIC            Sony        VAIO
      SSDT            Sony        VAIO
      SSDT            Sony        VAIO

    Sunday, September 2, 2012 2:16 PM
  • Much better :)

    You appear to have had this problem since at least 13th June - so there's no point in attempting System Restore.

    You have two Tampered services, and a number of tamered files - although the files are probably a result of the service problems (or vice-versa)

    Let's check the service problems first. - beginning with the SPPSVC, because it's the one we know best :)

    Please use the following in an attempt to isolate the cause.

     

    Click on Start in the Search box, type

    SERVICES.MSC

    and hit the Enter key - accept the UAC prompt if you get one.

    Look in the console for the Software Protection service, right-click on it and select Properties.

    make sure that the Startup Type is set to Automatic (Delayed Start), and click Apply.

     

    Try starting the service now - do you get an error message? Does it start? does it almost
    immediately stop again?

    Post back with your results, and a new MGADiag report.

     

    If it doesn't start,
    then please do the following...

    Please open an Elevated (Administrator) Command Prompt window and use the following
    commands....

     

    net start sppsvc

    sc qc sppsvc

    sc queryex sppsvc

    sc qprivs sppsvc

    sc qsidtype sppsvc

    sc sdshow sppsvc

     

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     

    Copy and paste the
    output to your reply

     



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 2, 2012 2:34 PM
    Moderator
  • Software Protection did start.  I verified by right clicking on it and Start was shaded and Stop was solid text.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-VGV87-C7XPK-CGKHQ
    Windows Product Key Hash: sdEjrEJjW0FuXAhegYxl8GAkBYg=
    Windows Product ID: 00359-OEM-8992687-00016
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {7299CA7C-794F-46C7-8B95-B8AD1EE314F0}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office FrontPage 2003 - 100 Genuine
    Microsoft Office Ultimate 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7299CA7C-794F-46C7-8B95-B8AD1EE314F0}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-CGKHQ</PKey><PID>00359-OEM-8992687-00016</PID><PIDType>2</PIDType><SID>S-1-5-21-1412868741-2912094190-1034765360</SID><SYSTEM><Manufacturer>Sony Corporation</Manufacturer><Model>VGN-NW270F</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R1120Y4</Version><SMBIOSVersion major="2" minor="4"/><Date>20090820000000.000000+000</Date></BIOS><HWID>82E53B07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>Sony</OEMID><OEMTableID>VAIO</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91170409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office FrontPage 2003</Name><Ver>11</Ver><Val>37F7758232EEDFA</Val><Hash>BMxhHIMl8QMkKZrYHUeoATjCV90=</Hash><Pid>72079-765-1627273-55474</Pid><PidType>1</PidType></Product><Product GUID="{91120000-002E-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Ultimate 2007</Name><Ver>12</Ver><Val>812E1DC95388EC0</Val><Hash>ISMo6CdKinHlBKURzbolmOMeuHc=</Hash><Pid>81608-864-4241073-65729</Pid><PidType>8</PidType></Product></Products><Applications><App Id="17" Version="11" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
    Error: 0xC004F012

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000300000003EFF6
    Event Time Stamp: 6:13:2012 03:58
    ActiveX: Not Registered - 0x80070003
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys
    Tampered Service: sppsvc
    Tampered Service: sppuinotify


    HWID Data-->
    HWID Hash Current: NAAAAAEAAwABAAIAAAABAAAAAwABAAEA6GFcMMJXMsG+lSBA4D5EUeihzkf2DcJ6qgJGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            Sony        VAIO
      FACP            Sony        VAIO
      HPET            Sony        VAIO
      MCFG            Sony        VAIO
      SLIC            Sony        VAIO
      SSDT            Sony        VAIO
      SSDT            Sony        VAIO

    Sunday, September 2, 2012 3:09 PM
  • The service still shows as being tampered -

    please repeat the exercise with the SPPUINOTIFY service -

    Please post the CMD promopt results whatever the result of attempting to start it


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Please open an Elevated (Administrator) Command Prompt window and use the following
    commands....

    net start sppuinotify

    sc qc sppuinotify

    sc queryex sppuinotify

    sc qprivs sppuinotify

    sc qsidtype sppuinotify

    sc sdshow sppuinotify

    Sunday, September 2, 2012 3:21 PM
    Moderator
  • The elevated command prompt is not opening.
    Sunday, September 2, 2012 3:27 PM
  • 'Not opening?

    What happens? - do you get the standard Command Prompt window, or an error message, or what?

    Can you open a normal command prompt window?

    To open a normal Command Prompt window, click on Start, All Programs, Accessories – then Command Prompt,

    To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.

    If that doesn't work, then perhaps the shortcut has been redirected somehow - what opens instead, if anything?

    try this instead

    Click on teh Start button

    In the Search box, type CMD.EXE

    wait for the file to be found, and right-click on the found file, and select Run as Administrator.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 2, 2012 3:42 PM
    Moderator
  • Must have been redirected...I could do it from cmd

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved

    C:\Windows\system32>net start sppuinotify
    The SPP Notification Service service is starting.
    The SPP Notification Service service was started successfully.


    C:\Windows\system32>sc qc sppuinotify
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: sppuinotify
            TYPE               : 20  WIN32_SHARE_PROCESS
            START_TYPE         : 3   DEMAND_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : SPP Notification Service
            DEPENDENCIES       : EventSystem
            SERVICE_START_NAME : NT AUTHORITY\LocalService

    C:\Windows\system32>sc queryex sppuinotify

    SERVICE_NAME: sppuinotify
            TYPE               : 20  WIN32_SHARE_PROCESS
            STATE              : 4  RUNNING
                                    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 1208
            FLAGS              :

    C:\Windows\system32>sc qprivs sppuinotify
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: sppuinotify
            PRIVILEGES       : SeChangeNotifyPrivilege
                             : SeImpersonatePrivilege

    C:\Windows\system32>sc qsidtype sppuinotify
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: sppuinotify
    SERVICE_SID_TYPE:  UNRESTRICTED

    C:\Windows\system32>sc sdshow sppuinotify

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWRPWPDTLOCRRC;;;S-1-5-80-123231216-259288
    3651-3715271367-3753151631-4175906628)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CC
    LCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CR;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDR
    CWDWO;;;WD)

    C:\Windows\system32>

    Sunday, September 2, 2012 3:56 PM
  • that all looks normal enough.

    let's have a look at the files involved, and a couple of the major registry entries.

    Again, run them in an elevated Command Prompt window, and post the results.

    DIR C:\Windows\sppuinotify.* /S
    ICACLS C:\Windows\System32\sppuinotify.* /T
    REG QUERY "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost"
    REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 2, 2012 4:10 PM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    \Svchost"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
        RPCSS    REG_MULTI_SZ    RpcEptMapper\0RpcSs
        defragsvc    REG_MULTI_SZ    defragsvc
        LocalSystemNetworkRestricted    REG_MULTI_SZ    UxSms\0WdiSystemHost\0Netman
    \0trkwks\0AudioEndpointBuilder\0WUDFSvc\0IPBusEnum\0hidserv\0dot3svc\0irmon\0sys
    main\0PcaSvc\0homegrouplistener\0WPDBusEnum\0wlansvc\0TabletInputService
        LocalService    REG_MULTI_SZ    nsi\0WdiServiceHost\0w32time\0EventSystem\0R
    emoteRegistry\0WinHttpAutoProxySvc\0sppuinotify\0THREADORDER\0netprofm\0lltdsvc\
    0fdphost\0SstpSvc\0WebClient
        netsvcs    REG_MULTI_SZ    AeLookupSvc\0CertPropSvc\0SCPolicySvc\0lanmanserv
    er\0gpsvc\0IKEEXT\0AudioSrv\0FastUserSwitchingCompatibility\0Ias\0Irmon\0Nla\0Nt
    mssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0SENS\0Sharedac
    cess\0SRService\0Tapisrv\0Wmi\0WmdmPmSp\0TermService\0wuauserv\0BITS\0ShellHWDet
    ection\0LogonHours\0PCAudit\0helpsvc\0uploadmgr\0iphlpsvc\0seclogon\0AppInfo\0ms
    iscsi\0MMCSS\0winmgmt\0SessionEnv\0browser\0EapHost\0schedule\0hkmsvc\0wercplsup
    port\0ProfSvc\0Themes\0BDESVC
        WerSvcGroup    REG_MULTI_SZ    wersvc
        LocalServiceNoNetwork    REG_MULTI_SZ    DPS\0PLA\0BFE\0mpssvc\0WwanSvc
        termsvcs    REG_MULTI_SZ    TermService
        swprv    REG_MULTI_SZ    swprv
        LocalServiceNetworkRestricted    REG_MULTI_SZ    DHCP\0eventlog\0AudioSrv\0B
    thHFSrv\0LmHosts\0wscsvc\0homegroupprovider\0WPCSvc
        LocalServicePeerNet    REG_MULTI_SZ    PNRPSvc\0p2pimsvc\0p2psvc\0PnrpAutoRe
    g
        NetworkServiceAndNoImpersonation    REG_MULTI_SZ    KtmRm
        regsvc    REG_MULTI_SZ    RemoteRegistry
        LocalServiceAndNoImpersonation    REG_MULTI_SZ    SSDPSRV\0upnphost\0SCardSv
    r\0TBS\0fdrespub\0FontCache\0AppIDSvc\0QWAVE\0wcncsvc\0SensrSvc\0Mcx2Svc
        DcomLaunch    REG_MULTI_SZ    Power\0PlugPlay\0DcomLaunch
        NetworkServiceNetworkRestricted    REG_MULTI_SZ    PolicyAgent
        NetworkService    REG_MULTI_SZ    CryptSvc\0DHCP\0TermService\0DNSCache\0lan
    manworkstation\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv
        sdrsvc    REG_MULTI_SZ    sdrsvc
        WbioSvcGroup    REG_MULTI_SZ    WbioSrvc
        imgsvc    REG_MULTI_SZ    StiSvc
        wcssvc    REG_MULTI_SZ    WcsPlugInService
        AxInstSVGroup    REG_MULTI_SZ    AxInstSV
        secsvcs    REG_MULTI_SZ    WinDefend
        bthsvcs    REG_MULTI_SZ    bthserv

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AxInstSV
    Group
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\defragsv
    c
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSer
    vice
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSer
    viceAndNoImpersonation
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSer
    viceNetworkRestricted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSer
    viceNoNetwork
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSys
    temNetworkRestricted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkS
    ervice
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkS
    erviceRemoteDesktopHyperVAgent
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkS
    erviceRemoteDesktopPublishing
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\swprv
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wercplsu
    pport

    C:\Windows\system32>REG QUERY "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\Cu
    rrentVersion\Svchost"

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost
        netsvcs    REG_MULTI_SZ    AeLookupSvc\0CertPropSvc\0SCPolicySvc\0lanmanserv
    er\0gpsvc\0AudioSrv\0FastUserSwitchingCompatibility\0Ias\0Irmon\0Nla\0Ntmssvc\0N
    WCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0SENS\0Sharedaccess\0SR
    Service\0Tapisrv\0Wmi\0WmdmPmSp\0TermService\0wuauserv\0BITS\0ShellHWDetection\0
    LogonHours\0PCAudit\0helpsvc\0uploadmgr\0iphlpsvc\0msiscsi\0schedule\0SessionEnv
    \0winmgmt
        LocalService    REG_MULTI_SZ    RemoteRegistry\0WinHttpAutoProxySvc\0sppuino
    tify\0netprofm\0WebClient
        LocalSystemNetworkRestricted    REG_MULTI_SZ    Netman\0AudioEndpointBuilder
    \0dot3svc\0WPDBusEnum\0wlansvc
        LocalServiceNoNetwork    REG_MULTI_SZ    PLA
        rpcss    REG_MULTI_SZ    RpcSs
        LocalServiceNetworkRestricted    REG_MULTI_SZ    AudioSrv\0BthHFSrv\0LmHosts
    \0wscsvc\0WPCSvc
        LocalServiceAndNoImpersonation    REG_MULTI_SZ    SSDPSRV\0upnphost\0SCardSv
    r\0TBS\0QWAVE\0wcncsvc
        DcomLaunch    REG_MULTI_SZ    Power\0PlugPlay\0DcomLaunch
        NetworkService    REG_MULTI_SZ    CryptSvc\0DHCP\0TermService\0DNSCache\0Nap
    Agent\0nlasvc\0WinRM\0WECSVC\0Tapisrv
        imgsvc    REG_MULTI_SZ    StiSvc
        wcssvc    REG_MULTI_SZ    WcsPlugInService
        Akamai    REG_MULTI_SZ    Akamai

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\LocalService
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\LocalServiceAndNoImpersonation
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\LocalServiceNetworkRestricted
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\LocalServiceNoNetwork
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\LocalSystemNetworkRestricted
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\netsvcs
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\NetworkService
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\NetworkServiceRemoteDesktopHyperVAgent
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\NetworkServiceRemoteDesktopPublishing
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\termsvcs
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svch
    ost\wcssvc

    C:\Windows\system32>
    Sunday, September 2, 2012 4:29 PM
  • C:\Windows\system32>dir C:\Windows\sppuinotify.* /S
     Volume in drive C has no label.
     Volume Serial Number is 0E05-D0FE

     Directory of C:\Windows\System32

    07/13/2009  08:41 PM            65,536 sppuinotify.dll
                   1 File(s)         65,536 bytes

     Directory of C:\Windows\System32\en-US

    09/03/2009  04:17 AM             3,072 sppuinotify.dll.mui
                   1 File(s)          3,072 bytes

     Directory of C:\Windows\winsxs\amd64_microsoft-windows-s..ty-spp-ux.resources_3
    1bf3856ad364e35_6.1.7600.16385_en-us_54dae2e5153375ce

    09/03/2009  04:17 AM             3,072 sppuinotify.dll.mui
                   1 File(s)          3,072 bytes

     Directory of C:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856
    ad364e35_6.1.7600.16385_none_b7b69062b883381f

    07/13/2009  08:41 PM            65,536 sppuinotify.dll
                   1 File(s)         65,536 bytes

     Directory of C:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856
    ad364e35_6.1.7601.17514_none_b9e7a42ab571bbb9

    07/13/2009  08:41 PM            65,536 sppuinotify.dll
                   1 File(s)         65,536 bytes

         Total Files Listed:
                   5 File(s)        202,752 bytes
                   0 Dir(s)  123,196,358,656 bytes free

    C:\Windows\system32>icacls C:\Windows\System32\sppuinotify.* /T
    C:\Windows\System32\sppuinotify.dll NT SERVICE\TrustedInstaller:(F)
                                        BUILTIN\Administrators:(RX)
                                        NT AUTHORITY\SYSTEM:(RX)
                                        BUILTIN\Users:(RX)

    C:\Windows\System32\en-US\sppuinotify.dll.mui NT SERVICE\TrustedInstaller:(F)
                                                  BUILTIN\Administrators:(RX)
                                                  NT AUTHORITY\SYSTEM:(RX)
                                                  BUILTIN\Users:(RX)
    Sunday, September 2, 2012 4:30 PM
  • Interesting - for some reason, you appear to have the wrong version of the .MUI file installed.

    We will need to change that.

    Let's first dee if the same problem exists for the SPPSVC

    DIR C:\Windows\sppsvc.* /S

    ICACLS C:\Windows\system32\sppsvc.* /T

    This sounds as if perhaps malware is involved - what Anti-Virus are you using, and what other AV has ever been installed in this systsem?

    What other security software do you have installed?

    Please download and install  Malwarebytes Anti-malware (free version) from  www.malwarebytes.org - UNtick 'Enable free trial of MBAM PRO' at the end of the installation -  and update it, then run a full scan  in your main account, and Quick scans in any other user accounts.

    Delete everything it finds   


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 2, 2012 4:49 PM
    Moderator
  • I use AVG.  Something was on this PC when I bought it.  Can't remember but it was a trial of either McAfee or Norton.

    I am behind a firewall, don't open attachments in email...etc

    C:\Windows\system32>dir C:\Windows\sppsvc.* /S
     Volume in drive C has no label.
     Volume Serial Number is 0E05-D0FE

     Directory of C:\Windows\Prefetch

    09/02/2012  11:38 AM            30,022 SPPSVC.EXE-96070FE0.pf
                   1 File(s)         30,022 bytes

     Directory of C:\Windows\System32

    11/20/2010  08:25 AM         3,524,608 sppsvc.exe
                   1 File(s)      3,524,608 bytes

     Directory of C:\Windows\System32\en-US

    09/03/2009  04:17 AM            18,944 sppsvc.exe.mui
                   1 File(s)         18,944 bytes

     Directory of C:\Windows\winsxs\amd64_microsoft-windows-security-spp.resources_3
    1bf3856ad364e35_6.1.7600.16385_en-us_f8bce8b9508ba1f6

    09/03/2009  04:17 AM            18,944 sppsvc.exe.mui
                   1 File(s)         18,944 bytes

     Directory of C:\Windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad3
    64e35_6.1.7600.16385_none_7656491f3aa3f98d

    07/13/2009  08:39 PM         3,524,608 sppsvc.exe
                   1 File(s)      3,524,608 bytes

     Directory of C:\Windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad3
    64e35_6.1.7601.17514_none_78875ce737927d27

    11/20/2010  08:25 AM         3,524,608 sppsvc.exe
                   1 File(s)      3,524,608 bytes

         Total Files Listed:
                   6 File(s)     10,641,734 bytes
                   0 Dir(s)  123,195,514,880 bytes free

    C:\Windows\system32>ICACLS C:\Windows\system32\sppsvc.* /T
    C:\Windows\system32\sppsvc.exe NT SERVICE\TrustedInstaller:(F)
                                   BUILTIN\Administrators:(RX)
                                   NT AUTHORITY\SYSTEM:(RX)
                                   BUILTIN\Users:(RX)

    C:\Windows\system32\en-US\sppsvc.exe.mui NT SERVICE\TrustedInstaller:(F)
                                             BUILTIN\Administrators:(RX)
                                             NT AUTHORITY\SYSTEM:(RX)
                                             BUILTIN\Users:(RX)

    C:\Windows\system32\LogFiles\WMI\RtBackup\sppsvc.*: Access is denied.
    Successfully processed 2 files; Failed processing 1 files

    C:\Windows\system32>

    Sunday, September 2, 2012 4:54 PM
  • Yep - that also has the same 'non-possible' date for the .MUI file as does sppuinotify. The file date is later than the release date for that version of the file

    Not only that - but your system is apparently at the Service Pack 1 level - the files in question are at the RTM level (or previous)

    First let's see what happens if we attempt to use SFC to replace them.

    In an Elevated Command Prompt, run

    SFC /SCANFILE=C:\Windows\System32\en-US\sppuinotify.dll.mui

    SFC /SCANFILE=C:\Windows\System32\en-US\sppsvc.exe.mui

    DIR C:\Windows\System32\en-US\spp*.*

    post the results.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 2, 2012 5:16 PM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>SFC /SCANFILE=C:\Windows\System32\en-us\sppuinotify.dll.mui


    Windows Resource Protection did not find any integrity violations.

    C:\Windows\system32>SFC /SCANFILE=C:\Windows\System32\en-us\sppsvc.exe.mui


    Windows Resource Protection did not find any integrity violations.

    C:\Windows\system32>dir C:\Windows\System32\en-US\spp*.*
     Volume in drive C has no label.
     Volume Serial Number is 0E05-D0FE

     Directory of C:\Windows\System32\en-US

    09/03/2009  04:17 AM             4,608 spp.dll.mui
    09/03/2009  04:17 AM            54,784 sppc.dll.mui
    09/03/2009  04:17 AM            16,384 sppcc.dll.mui
    09/03/2009  04:17 AM            17,408 sppcext.dll.mui
    09/03/2009  04:17 AM             6,656 sppcomapi.dll.mui
    09/03/2009  04:17 AM            52,224 sppcommdlg.dll.mui
    09/03/2009  04:17 AM             2,560 sppnp.dll.mui
    09/03/2009  04:17 AM            18,944 sppsvc.exe.mui
    09/03/2009  04:17 AM             3,072 sppuinotify.dll.mui
                   9 File(s)        176,640 bytes
                   0 Dir(s)  123,153,350,656 bytes free

    C:\Windows\system32>
    Sunday, September 2, 2012 5:36 PM
  • uh-oooh! :(

    I think we could have problems here.

    It looks like all your MUI files have the same spurious date.

    All the file sizes appear to be right.

    I think your best route forward is going to be a repair install - while you shouldn't lose any data, there is a risk, so back up all data to external media first.

     

    Download the SP1 Refresh for your language and edition from the links on these pages...

     

    Heidoc -Microsoft DR Download links

     

    The links are for downloads from the Digital River servers run for MS, so are about as safe as
    you can get :)

     

    Once you have it downloaded, you then need to burn the DVD from it - use either the Windows Disk Image Burner, or (better still) your favourite burning application at the slowest speed possible.

     

    Note that you do NOT  'drag and drop' the file to the disk, you must use the 'burn an image' option
    from your app - or you'll end up with a useless coaster :)

     

    Once you have the disk burnt, check that it boots the (or any other) system OK - but do NOT start
    the repair from there - you must start the repair from within a normal Windows boot.

     

    Follow the instructions in this tutorial - http://www.sevenforums.com/tutorials/3413-repair-install.html  - and they should help you get through it (it's not as difficult as it looks!)

     

    Always ask questions first if you're unsure - either here, or in sevenforums.

     

    Good luck with it!



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 2, 2012 5:53 PM
    Moderator
  • Thanks Noel.  I will check back in here with the results in a few hours.

    Cheers,

    Tim

    Sunday, September 2, 2012 6:04 PM
  • Took about 7 hours....

    had 2 Malware threats.  MyWebSearch was the cause of both.

    Did the restore as mentioned above.

    All seems pretty good now.

    Here is my Diag.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-DKGMQ-QJTWR-3KP6H
    Windows Product Key Hash: 0qV0odmTgXJtCFCq938K6CHlClQ=
    Windows Product ID: 00359-OEM-9803107-75750
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {7299CA7C-794F-46C7-8B95-B8AD1EE314F0}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_rtm.101119-1850
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office FrontPage 2003 - 100 Genuine
    Microsoft Office Ultimate 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7299CA7C-794F-46C7-8B95-B8AD1EE314F0}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3KP6H</PKey><PID>00359-OEM-9803107-75750</PID><PIDType>8</PIDType><SID>S-1-5-21-1412868741-2912094190-1034765360</SID><SYSTEM><Manufacturer>Sony Corporation</Manufacturer><Model>VGN-NW270F</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R1120Y4</Version><SMBIOSVersion major="2" minor="4"/><Date>20090820000000.000000+000</Date></BIOS><HWID>82E53B07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>Sony</OEMID><OEMTableID>VAIO</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91170409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office FrontPage 2003</Name><Ver>11</Ver><Val>37F7758232EEDFA</Val><Hash>BMxhHIMl8QMkKZrYHUeoATjCV90=</Hash><Pid>72079-765-1627273-55474</Pid><PidType>1</PidType></Product><Product GUID="{91120000-002E-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Ultimate 2007</Name><Ver>12</Ver><Val>812E1DC95388EC0</Val><Hash>ISMo6CdKinHlBKURzbolmOMeuHc=</Hash><Pid>81608-864-4241073-65729</Pid><PidType>8</PidType></Product></Products><Applications><App Id="17" Version="11" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: 5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00196-031-075750-02-1033-7601.0000-2462012
    Installation ID: 017772224095008402209672830215494994542782246382193184
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3KP6H
    License Status: Initial grace period
    Time remaining: 43020 minute(s) (29 day(s))
    Remaining Windows rearm count: 4
    Trusted time: 9/2/2012 8:21:20 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 6:13:2012 03:58
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NAAAAAEAAgABAAIAAAACAAAAAwABAAEA6GFcMMJXMsF6f7DZRFHooc5H1F/2DcJ6qgJGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            Sony        VAIO
      FACP            Sony        VAIO
      HPET            Sony        VAIO
      MCFG            Sony        VAIO
      SLIC            Sony        VAIO
      SSDT            Sony        VAIO
      SSDT            Sony        VAIO

    Monday, September 3, 2012 1:23 AM
  • You have the usual post-repair problem of a broken WAT update :) - but everything else looks fine.

    You should uninstall the update KB971033 from Installed Updates and then reinstall it from a fresh download http://support.microsoft.com/kb/971033 .

    If you can't find it in the listing, use the manual uninstall method. -

    Close all open windows.

    Open an Elevated Command Prompt window, and type the following command

    wusa /uninstall /kb:971033

    and hit the Enter key

    Accept the warnings/confirmations, and wait for it to complete.



    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, September 3, 2012 9:43 AM
    Moderator