locked
Validation incomplete after XP SP3 install RRS feed

  • Question

  • Validation incomplete after XP SP3 install, won't pass validation
     
    I had a virus a week prior, SP3 install started tonight

    Store bought Windows XP Home Edition by me, installed by me
    COA on the box, key matched key in tool

    Windows activation says its already activated but
    will not pass windows genuine validation

    Product key update tool refuses to run as sees it a unsupported software, firewall off, antivirus off

    when i try to install windows genuine adv notifications it says i have a service pack that is newer, there is no need to install this update.

    hopefully i didnt replace to much info below with *'s to hide sensitive info

    Diagnostic Report (1.7.0095.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Not Activated
    Validation Code: 1
    Online Validation Code: N/A
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-
    Windows Product Key Hash: 0rUdu4YvLRn/t6fVLZkS3TAMheI=
    Windows Product ID: *
    Windows Product ID Type: 0
    Windows License Type: Unknown
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {*}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.7.18.5
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: Microsoft
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 1.6.28.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{*}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-*</PKey><PID>*</PID><PIDType>0</PIDType><SID>*</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>A7N8X-E</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS A7N8X-E Deluxe ACPI BIOS Rev 1013 </Version><SMBIOSVersion major="2" minor="2"/><Date>20041112000000.000000+000</Date></BIOS><HWID>42803CD70184AE79</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 




    H2490
    • Edited by H2490 Tuesday, August 26, 2008 9:33 AM add more detail
    Tuesday, August 26, 2008 9:20 AM

Answers

  • H2490,

    I'm not sure if it does or doesn't. However, thank you for taking to the time to run the scan a 2nd time. I very much appreciate the effort and try.

    I will include the additional information you provided here in my analysis.

    Thank you again,

    Rick, MS
    • Marked as answer by RickImAPC Friday, August 29, 2008 2:58 PM
    Friday, August 29, 2008 2:35 PM

All replies

  • H2490,

    Please re-run the Diagnostic and include the full results here in a post. Replacing the data with "*" interferes with our data analysis. Please keep in mind that we do not collect personally identifiable information resulting from the diagnostic report.

    Please let me know if you have questions regarding WGA.

    Respectfully,

    Rick, MS
    Tuesday, August 26, 2008 3:28 PM
  • H2490,

    Could you please give us some additional information concerning the virus you received? The name of the virus? The name of the scanner used to detect/resolve the virus? Along with any other information you are able to provide.

    Additionally, could you please run http://safety.live.com Full System Scan for virus' and spyware.

    Respectfully,

    Rick, MS
    Tuesday, August 26, 2008 9:42 PM
  •  updated report

    Diagnostic Report (1.7.0095.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Not Activated
    Validation Code: 1
    Online Validation Code: N/A
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-DHH4X-J76D8-BMVKV
    Windows Product Key Hash: 0rUdu4YvLRn/t6fVLZkS3TAMheI=
    Windows Product ID: 55285-014-5098184-21848
    Windows Product ID Type: 0
    Windows License Type: Unknown
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {8166CAA4-AD0B-4F46-B1E4-7E63264EF376}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.7.18.5
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: Microsoft
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 1.6.28.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{8166CAA4-AD0B-4F46-B1E4-7E63264EF376}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BMVKV</PKey><PID>55285-014-5098184-21848</PID><PIDType>0</PIDType><SID>S-1-5-21-1060284298-789336058-854245398</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>A7N8X-E</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS A7N8X-E Deluxe ACPI BIOS Rev 1013 </Version><SMBIOSVersion major="2" minor="2"/><Date>20041112000000.000000+000</Date></BIOS><HWID>42803CD70184AE79</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 




    H2490
    Wednesday, August 27, 2008 1:03 AM
  • AVG Antivirus used
    HTML/Framer.Z                                         8/14/2008
    JS/Psyme                                                 8/4/2008
    Trojan horse SHeur.BZUE                         8/4/2008
    Trojan horse Generic_c.MFD                     8/4/2008
    Trojan horse Downloader.Purityscan.AG  8/4/2008
    Trojan horse Downloader.Agent.AGWI
    JS/Downloader Agent


    will report on safety live scan results later


    H2490
    Wednesday, August 27, 2008 1:13 AM
  • H2490,

    I have forwarded your posted information off for analysis. If you could, please let me know when you've completed the http://safety.live.com scan. Thank you again, it is appreciated. Any additional information you may have will still be welcomed here on your thread.

    Respectfully,

    Rick, MS
    Wednesday, August 27, 2008 2:20 PM
  • I need help with live scan it had like 10 and 2 on the progress but i had to sleep. It appears to have rebooted my computer and did not come back up afterwords. I dont know where to seek the logs.
    H2490
    Wednesday, August 27, 2008 11:57 PM
  • Rick,
    Sorry but I have been informed that the scan results are lost. If the browser is closed they are lost. Might want to add a warning to your blurb.
    H2490
    Thursday, August 28, 2008 3:12 AM
  • H2490,

    Thank you for the try. It is important to use Microsoft Internet Explorer, and to leave the browser open while doing the scan. I will make sure to include those additional pieces next time. If you are able to run it again at some point please do, and upload the results at the end as it will prompt you to.

    Again, thank you for the try.

    Respectfully,

    Rick, MS
    Thursday, August 28, 2008 2:17 PM
  • I ran the scan again and nothing came up. It must have fixed whatever it found before. I also ran the latest malicious soft. removal tool. It found a win32 variant virus and removed it. Does it keep logs when it runs somewhere?
    H2490
    Friday, August 29, 2008 12:17 AM
  • H2490,

    I'm not sure if it does or doesn't. However, thank you for taking to the time to run the scan a 2nd time. I very much appreciate the effort and try.

    I will include the additional information you provided here in my analysis.

    Thank you again,

    Rick, MS
    • Marked as answer by RickImAPC Friday, August 29, 2008 2:58 PM
    Friday, August 29, 2008 2:35 PM