Windows 7 Home Premium Build 7600 This copy of Windows is not Genuine

Trev57 · 02 Apr 2014

Hi,
Newbie here. I managed to read a few threads and apply the excellent directions in an attempt to solve the "Windows is not genuine" issue on a Toshiba Satellite C660 laptop computer.

I have successfully used SLMGR to instal the product key which was confirmed by Windows Script Host dialogue box.

I still have the dreaded "Windows ..not genuine" message in the lower right corner of the display.

I have run the Diagnostic tool and pasted the results below. I hope i have complied with posting requirements.
Thanks

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE22
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-HWYW4-9D99Q-3P2FD
Windows Product Key Hash: yHNVz8gKHrscMEqWqTBICH+aHX8=
Windows Product ID: 00359-OEM-9813687-19285
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {37644056-B144-49D8-A177-8A6F0D9BD03F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.130318-1532
TTS Error: T:20140213215912267-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{37644056-B144-49D8-A177-8A6F0D9BD03F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3P2FD</PKey><PID>00359-OEM-9813687-19285</PID><PIDType>8</PIDType><SID>S-1-5-21-2726392665-2964894350-1358461022</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite C660</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>1.20</Version><SMBIOSVersion major="2" minor="6"/><Date>20101126000000.000000+000</Date></BIOS><HWID>23B83607018400FC</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAACAAAADc+AAAAAAAAYWECAAAAAADypwLGwyjPAWbXGpOihAOpMHzDmWxsjuox2VzmMSscf8fJIpWAptp1rIKC 8PE9gDb3V5qFDKBwZDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WN aAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3Ou rH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsx s/sxaQSZh6DCEuBH3fN6Cybv40XOINRicCK/TK+AvEm0C0eeFG2XOSFLwDozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66s fsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb 1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
Activation ID: 5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00196-136-819285-02-3081-7600.0000-0922014
Installation ID: 010863856084567426256500023306534034077482982043249775
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3P2FD
License Status: Notification
Notification Reason: 0xC004F200 (non-genuine).
Remaining Windows rearm count: 4
Trusted time: 3/04/2014 12:05:21 AM

Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 4:2:2014 22:07
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAEAAAABAAAAAwABAAEA6GHqvxKJpF9+SxRBAlvqleBvEq9cXQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC TOSCPL TOSCPL00
FACP TOSCPL TOSCPL00
HPET TOSCPL TOSCPL00
MCFG TOSCPL TOSCPL00
ASF! TOSCPL TOSCPL00
SLIC TOSCPL TOSCPL00
SSDT PmRef CpuPm
UEFI PTL PTLBUFB
UEFI PTL PTLBUFB
UEFI PTL PTLBUFB

NoelDP · 02 Apr 2014

You've had a Trusted Store Tamper - often the result of malware (or conflicting AV's)

What Anti-Virus programs have ever been installed?

Please download and install Malwarebytes Anti-malware (free version) from http://www.malwarebytes.org/products/malwarebytes_free/ - UNtick 'Enable free trial of MBAM PRO' at the end of the installation - and update it, then run a full scan in your main account, and Quick scans in any other user accounts.

Delete everything it finds

post back with a new MGADiag report, and we'll see if anything has changed

Trev57 · 02 Apr 2014

Hi Noel

Thanks for the response.

I was hoping you would respond as I have followed your excellent, clear and informative posts and solutions here.

After cloning the hdd I uninstalled the long expired Norton's Anti-virus software, and installed AVG 2014-free version. This was an attempt to limit or manage Trojans when downloading drivers and updates.

After experiencing the "Windows not Genuine" issue, I removed the new hdd and reinstalled the original (failing hdd) and found it too started to display 'WNG' - the WNG was exteneded to the installed version of Microsoft Office as well. If I tried to open a word document a WNG warning would pop up asking for validation and product key...

I have downloaded Malware Bytes and will post the results later today.

Trev57 · 03 Apr 2014

I have run Malware Bytes and MGAdiag. Both reports were too long to include in a single reply.

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 3/04/2014
Scan Time: 6:10:41 PM
Logfile: MalwareBytes Log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.03.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274049
Time Elapsed: 22 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe, 2520, , [658962c3c2b991a56672c5853ac710f0]
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe, 2880, , [69853de8c4b7a096597ffb4f52af7888]

Modules: 0
(No malicious items detected)

Registry Keys: 56
PUP.Optional.SerialTrunc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update SerialTrunc, , [658962c3c2b991a56672c5853ac710f0],
PUP.Optional.SerialTrunc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util SerialTrunc, , [69853de8c4b7a096597ffb4f52af7888],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{63599F73-B5BF-D062-4E70-C8B6EEAE7774}, , [39b5170ed7a42a0c6e2dd86a748d1fe1],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{63599F73-B5BF-D062-4E70-C8B6EEAE7774}, , [39b5170ed7a42a0c6e2dd86a748d1fe1],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{63599F73-B5BF-D062-4E70-C8B6EEAE7774}, , [39b5170ed7a42a0c6e2dd86a748d1fe1],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2726392665-2964894350-1358461022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{63599F73-B5BF-D062-4E70-C8B6EEAE7774}, , [39b5170ed7a42a0c6e2dd86a748d1fe1],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{63599F73-B5BF-D062-4E70-C8B6EEAE7774}, , [39b5170ed7a42a0c6e2dd86a748d1fe1],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{63599F73-B5BF-D062-4E70-C8B6EEAE7774}, , [39b5170ed7a42a0c6e2dd86a748d1fe1],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{63599F73-B5BF-D062-4E70-C8B6EEAE7774}\INPROCSERVER32, , [39b5170ed7a42a0c6e2dd86a748d1fe1],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{8D156F1C-9595-B148-62ED-99782DC0D890}, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8D156F1C-9595-B148-62ED-99782DC0D890}, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\safeweb.safeweb, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\safeweb.safeweb.1.1, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\safeweb.safeweb, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\safeweb.safeweb.1.1, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8D156F1C-9595-B148-62ED-99782DC0D890}, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2726392665-2964894350-1358461022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8D156F1C-9595-B148-62ED-99782DC0D890}, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8D156F1C-9595-B148-62ED-99782DC0D890}, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8D156F1C-9595-B148-62ED-99782DC0D890}, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{8D156F1C-9595-B148-62ED-99782DC0D890}\INPROCSERVER32, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{BD686B79-18F9-1490-449D-1AAFCA48086D}, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BD686B79-18F9-1490-449D-1AAFCA48086D}, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\SNT.SNT, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\SNT.SNT.2.1, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SNT.SNT, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SNT.SNT.2.1, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BD686B79-18F9-1490-449D-1AAFCA48086D}, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2726392665-2964894350-1358461022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BD686B79-18F9-1490-449D-1AAFCA48086D}, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BD686B79-18F9-1490-449D-1AAFCA48086D}, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BD686B79-18F9-1490-449D-1AAFCA48086D}, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{BD686B79-18F9-1490-449D-1AAFCA48086D}\INPROCSERVER32, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [6e80ec392952f3434139a69a20e2f808],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [6e80ec392952f3434139a69a20e2f808],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e76b4f24-4a2f-4e65-ad36-e2aa934e547c}, , [dc12e342f18a2b0bd4c331da9e647f81],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{033A4BE2-42B1-4ACB-A69F-D362922136F0}, , [dc12e342f18a2b0bd4c331da9e647f81],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6BA82436-C754-4B49-B6AD-075AFA9FC625}, , [dc12e342f18a2b0bd4c331da9e647f81],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6BA82436-C754-4B49-B6AD-075AFA9FC625}, , [dc12e342f18a2b0bd4c331da9e647f81],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{033A4BE2-42B1-4ACB-A69F-D362922136F0}, , [dc12e342f18a2b0bd4c331da9e647f81],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E76B4F24-4A2F-4E65-AD36-E2AA934E547C}, , [dc12e342f18a2b0bd4c331da9e647f81],
PUP.Optional.SerialTrunc.A, HKU\S-1-5-21-2726392665-2964894350-1358461022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E76B4F24-4A2F-4E65-AD36-E2AA934E547C}, , [dc12e342f18a2b0bd4c331da9e647f81],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}, , [7a74cd58374473c30b909ea4ed14c23e],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SerialTrunc, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\SerialTrunc, , [08e6ae77abd0f24496ea373241c111ef],
PUP.Optional.SerialTrunc.A, HKU\S-1-5-21-2726392665-2964894350-1358461022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SerialTrunc, , [19d59f865a21aa8c3a45b9b06b9732ce],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2726392665-2964894350-1358461022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [0de19d88f388ea4ca5486a0157abfe02],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2726392665-2964894350-1358461022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [f7f7b96cc1ba3303a8879ee4b74cd729],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-2726392665-2964894350-1358461022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [ae4034f1700bb97daaea642c57acde22],
PUP.Optional.EZDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1, , [3cb274b1f78470c66397173bf01220e0],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2726392665-2964894350-1358461022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, , [f7f7b96cc1ba3303a8879ee4b74cd729]

Registry Data: 1
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, Search, Good: (Google), Bad: (Search),,[a14de73e314a96a0fd9a4fb980843cc4]

Folders: 9
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\plugins, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.YourfileDownloader.A, C:\Program Files (x86)\YourFileDownloader, , [e509c065f98261d5297c077846bd9967],
PUP.Optional.YourfileDownloader.A, C:\Program Files (x86)\YourFileDownloader\language, , [e509c065f98261d5297c077846bd9967],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader, , [3cb274b1f78470c66397173bf01220e0],
PUP.Optional.Multiplug, C:\Program Files (x86)\YoutubeAdblocker, , [8c6252d3413a3df947f1aca97b87d32d],
PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, , [14dab471572445f1520062f5cc365ca4],

Files: 67
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe, , [658962c3c2b991a56672c5853ac710f0],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe, , [69853de8c4b7a096597ffb4f52af7888],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\AhQbZmiitN.x64.dll, , [39b5170ed7a42a0c6e2dd86a748d1fe1],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\safeweb\bwK.x64.dll, , [40ae9e873843f1458d0eb191cf32d22e],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\LHKKX93h.x64.dll, , [e30b28fdf487e84e1c7f1e24e8198b75],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\SerialTruncBHO.dll, , [dc12e342f18a2b0bd4c331da9e647f81],
PUP.Optional.MultiPlug.A, C:\ProgramData\safeweb\539S.exe, , [b33b160ffa817eb8f7a445fd7e83ac54],
PUP.Optional.MultiPlug.A, C:\ProgramData\SNT\Hs7RhXJxTtX.exe, , [9b53e1446b1060d6dcbf1d2522df8c74],
PUP.Optional.MultiPlug.A, C:\ProgramData\SNT\wxjeaXbHd.exe, , [7a74cd58374473c30b909ea4ed14c23e],
HackTool.Wpakill, C:\Users\michael\Desktop\REMOVEWAT.EXE, , [f3fb0e174833c076211fae955ea217e9],
PUP.Optional.Installrex, C:\Users\michael\Desktop\Wat Remover Tool For Windows 7 Free Download Wat Remover.exe, , [0de10025601b61d52bed580d847dc33d],
PUP.Optional.ToolBarInstaller.A, C:\Users\michael\AppData\Local\Temp\UNT1EBB.tmp, , [de10160fcab11026789805e717ecdd23],
PUP.Optional.SearchProtect.A, C:\Users\michael\AppData\Local\Temp\nsgD1E.exe, , [ffefb471f8830531ded3150c46bb847c],
PUP.Optional.SearchProtect.A, C:\Users\michael\AppData\Local\Temp\nsiB9A2.exe, , [13dbc2635f1cd85e07aad74a659ca65a],
PUP.Optional.SearchProtect.A, C:\Users\michael\AppData\Local\Temp\nsl104A.exe, , [31bd59cce596c175357c65bc70919868],
PUP.Optional.SearchProtect.A, C:\Users\michael\AppData\Local\Temp\nsl2C55.exe, , [39b51c09cbb0c0761998fc259071cb35],
PUP.Optional.SearchProtect.A, C:\Users\michael\AppData\Local\Temp\nsl2FB0.exe, , [f4fadf46601b5fd75e53ba675ea301ff],
PUP.Optional.Conduit, C:\Users\michael\AppData\Local\Temp\verifier.exe, , [0ce24bda88f340f627aa99116b986a96],
PUP.Optional.Conduit.A, C:\Users\michael\AppData\Local\Temp\nslDC7C\SpSetup.exe, , [608e58cd3348c670287963b338c90000],
PUP.Optional.RegCleanPro, C:\Users\michael\AppData\Local\Temp\is838815544\1352169_stp\rcpsetup_adppi12_adppi12.exe, , [4ca2f530ef8c26102862fc38f80817e9],
HackTool.Wpakill, C:\Users\michael\AppData\Local\Temp\wz83af\WAT_Remover_by_digipassion.com.exe, , [8866e93cf586de5872ce6bd844bca957],
PUP.Optional.4shared, C:\Users\michael\Downloads\removewat 2.2.7 (2012).exe, , [6d81a97c2754bd7966161d479f6259a7],
PUP.Optional.Installrex, C:\Users\michael\Downloads\RemoveWAT 2.2.7 Windows 7 activation working(1).exe, , [7e7082a3adce74c255c3d194827f3cc4],
PUP.Optional.Installrex, C:\Users\michael\Downloads\RemoveWAT 2.2.7 Windows 7 activation working.exe, , [509e2ef712690c2a9b7d382d0ef3d32d],
PUP.Optional.Installrex, C:\Users\michael\Downloads\RemoveWAT 2.2.7 Windows 7 Genuine Activation.exe, , [9c5248dd5b20bf77b0a5401dfd04d32d],
PUP.Optional.SWBooster.A, C:\Windows\Tasks\SW-Booster-S-5121721648.job, , [da1422033b40201694aac7967b877987],
PUP.Optional.SWBooster.A, C:\Windows\Tasks\SW-Booster-S-917353282.job, , [707e91941b60eb4b46f85b02cd35cf31],
PUP.Optional.Conduit.A, C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\mmq5a3kh.default\searchplugins\conduit-search.xml, , [dc12091c0477cd695a5aa6ba7f83768a],
PUP.Optional.SerialTrunc.A, C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\mmq5a3kh.default\extensions\{47351c22-0d6c-4658-a617-795d251145e2}.xpi, , [628c0f167308ad895a0fea77ea184ab6],
PUP.Optional.WebSearch.A, C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\mmq5a3kh.default\searchplugins\WebSearch.x ml, , [af3fde4792e93501acf7bda4d62cf30d],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [e00eb66f582379bdc1e31352b64cef11],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\SerialTrunc.ico, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\0, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\7za.exe, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\SerialTruncUninstall.exe, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.InstallState, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\FilterApp_C64.exe, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\sqlite3.dll, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.InstallState, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\plugins\SerialTrunc.Bromon.dll, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\plugins\SerialTrunc.BrowserAdapterS.dll, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\plugins\SerialTrunc.CompatibilityChecker.dll, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\plugins\SerialTrunc.FFUpdate.dll, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\plugins\SerialTrunc.IEUpdate.dll, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\plugins\SerialTrunc.PurBrowseG.dll, , [21cd57ce80fb66d0cab499d033cf8f71],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\AhQbZmiitN.tlb, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\AhQbZmiitN.dat, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\Jg2A.dat, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\Jg2A.tlb, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\LHKKX93h.dat, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\LHKKX93h.tlb, , [8866a382ccaff145e45b9bd03fc312ee],
PUP.Optional.YourfileDownloader.A, C:\Program Files (x86)\YourFileDownloader\htmlayout.dll, , [e509c065f98261d5297c077846bd9967],
PUP.Optional.YourfileDownloader.A, C:\Program Files (x86)\YourFileDownloader\Downloader.exe, , [e509c065f98261d5297c077846bd9967],
PUP.Optional.YourfileDownloader.A, C:\Program Files (x86)\YourFileDownloader\YourFile.exe, , [e509c065f98261d5297c077846bd9967],
PUP.Optional.EZDownloader.A, C:\Users\Public\Desktop\EZDownloader.lnk, , [34ba31f4b5c688aeebb5671a877c2dd3],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Core.dll, , [3cb274b1f78470c66397173bf01220e0],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.exe.config, , [3cb274b1f78470c66397173bf01220e0],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Extension.dll, , [3cb274b1f78470c66397173bf01220e0],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Spider.dll, , [3cb274b1f78470c66397173bf01220e0],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\ICSharpCode.SharpZipLib.dll, , [3cb274b1f78470c66397173bf01220e0],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\Interop.SHDocVw.dll, , [3cb274b1f78470c66397173bf01220e0],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\TabStrip.dll, , [3cb274b1f78470c66397173bf01220e0],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\unins000.dat, , [3cb274b1f78470c66397173bf01220e0],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\unins000.exe, , [3cb274b1f78470c66397173bf01220e0],
PUP.Optional.Multiplug, C:\Program Files (x86)\YoutubeAdblocker\_.dat, , [8c6252d3413a3df947f1aca97b87d32d],
PUP.Optional.Multiplug, C:\Program Files (x86)\YoutubeAdblocker\_.tlb, , [8c6252d3413a3df947f1aca97b87d32d],
PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker\z4.dat, , [14dab471572445f1520062f5cc365ca4],

Physical Sectors: 0
(No malicious items detected)

(end)

Trev57 · 03 Apr 2014

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE22
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-HWYW4-9D99Q-3P2FD
Windows Product Key Hash: yHNVz8gKHrscMEqWqTBICH+aHX8=
Windows Product ID: 00359-OEM-9813687-19285
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {37644056-B144-49D8-A177-8A6F0D9BD03F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.130318-1532
TTS Error: T:20140213215912267-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{37644056-B144-49D8-A177-8A6F0D9BD03F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3P2FD</PKey><PID>00359-OEM-9813687-19285</PID><PIDType>8</PIDType><SID>S-1-5-21-2726392665-2964894350-1358461022</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite C660</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>1.20</Version><SMBIOSVersion major="2" minor="6"/><Date>20101126000000.000000+000</Date></BIOS><HWID>23B83607018400FC</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAACAAAADc+AAAAAAAAYWECAAAAAADypwLGwyjPAWbXGpOihAOpMHzDmWxsjuox2VzmMSscf8fJIpWAptp1rIKC 8PE9gDb3V5qFDKBwZDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WN aAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3Ou rH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsx s/sxaQSZh6DCEuBH3fN6Cybv40XOINRicCK/TK+AvEm0C0eeFG2XOSFLwDozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66s fsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb 1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
Activation ID: 5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00196-136-819285-02-3081-7600.0000-0922014
Installation ID: 010863856084567426256500023306534034077482982043249775
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3P2FD
License Status: Notification
Notification Reason: 0xC004F200 (non-genuine).
Remaining Windows rearm count: 4
Trusted time: 3/04/2014 6:26:18 PM

Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 4:2:2014 22:07
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAEAAAABAAAAAwABAAEA6GHqvxKJpF9+SxRBAlvqleBvEq9cXQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC TOSCPL TOSCPL00
FACP TOSCPL TOSCPL00
HPET TOSCPL TOSCPL00
MCFG TOSCPL TOSCPL00
ASF! TOSCPL TOSCPL00
SLIC TOSCPL TOSCPL00
SSDT PmRef CpuPm
UEFI PTL PTLBUFB
UEFI PTL PTLBUFB
UEFI PTL PTLBUFB

NoelDP · 03 Apr 2014

There's nothing too serious in the MBAM report - but I hope you removed them all anyhow?

The Tamper doesn't appear to have updated, which probably means that it's no longer active - but the problem which we now need to deal with is this one...

Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

To confirm that the problem is what I think it is, please run the following commands in an Elevated Command Prompt window and post the results.

REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S
REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S
REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.

Trev57 · 03 Apr 2014

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\windows\system32>
C:\windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE57495
7-4077-4AD6-8658-327C2C86C5AA} /S

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0
(Default) REG_SZ SPPUI 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0\win32
(Default) REG_EXPAND_SZ %SystemRoot%\System32\slui.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\FLAGS
(Default) REG_SZ 0

C:\windows\system32>REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-
8658-327C2C86C5AA} /S

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0
(Default) REG_SZ SPPUI 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0\0\win32
(Default) REG_EXPAND_SZ %SystemRoot%\System32\slui.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
A}\1.0\FLAGS
(Default) REG_SZ 0

C:\windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE57495
7-4077-4AD6-8658-327C2C86C5AA} /S

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0
(Default) REG_SZ SPPUI 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\0\win32
(Default) REG_EXPAND_SZ %SystemRoot%\System32\slui.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
-327C2C86C5AA}\1.0\FLAGS
(Default) REG_SZ 0

C:\windows\system32>

Trev57 · 03 Apr 2014

Yes I removed all the issues identified by Malware Bytes.

NoelDP · 12 Apr 2014

The CMD output looks normal enough - we'll have to look elsewhere for the problem.
Since it's obvious that you've at some time ha RemoveWAT installed in an attempt to get around the problem, I would suggest that we start by running the cleanup tool to get rid of any after-effects.

Best way to fix it now (since we don't know which version of RemoveWAT was used) is to run WATFix....

Download WATFix - make sure that you UNTICK the box for the 'download manager', and click on the link on the left of the page, not the big shiny button on the right (which is an ad for the download manager!!) - and use that - extract the .exe file, and run it, then reboot.

Post back with another MGADiag report, and we'll then see what we can do.

Trev57 · 15 Apr 2014

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-HWYW4-9D99Q-3P2FD
Windows Product Key Hash: yHNVz8gKHrscMEqWqTBICH+aHX8=
Windows Product ID: 00359-OEM-9813687-19285
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {37644056-B144-49D8-A177-8A6F0D9BD03F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.130318-1532
TTS Error: T:20140213215912267-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{37644056-B144-49D8-A177-8A6F0D9BD03F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3P2FD</PKey><PID>00359-OEM-9813687-19285</PID><PIDType>8</PIDType><SID>S-1-5-21-2726392665-2964894350-1358461022</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite C660</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>1.20</Version><SMBIOSVersion major="2" minor="6"/><Date>20101126000000.000000+000</Date></BIOS><HWID>23B83607018400FC</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAACAAAADc+AAAAAAAAYWECAAAAAADypwLGwyjPAWbXGpOihAOpMHzDmWxsjuox2VzmMSscf8fJIpWAptp1rIKC 8PE9gDb3V5qFDKBwZDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WN aAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3Ou rH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsx s/sxaQSZh6DCEuBH3fN6Cybv40XOINRicCK/TK+AvEm0C0eeFG2XOSFLwDozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66s fsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb 1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
Activation ID: 5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00196-136-819285-02-3081-7600.0000-0922014
Installation ID: 010863856084567426256500023306534034077482982043249775
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3P2FD
License Status: Notification
Notification Reason: 0xC004F200 (non-genuine).
Remaining Windows rearm count: 4
Trusted time: 15/04/2014 8:12:52 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 4:9:2014 19:08
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

Windows 7 Home Premium Build 7600 This copy of Windows is not Genuine

Windows 7 Home Premium Build 7600 This copy of Windows is not Genuine

Windows not Genuine ..

Malwarebytes and MGADiag reports

MGADiag report

Results from Command Prompt

Diagnostic report after WATFix