Answered by:
Validation incomplete after XP SP3 install

Question
-
Validation incomplete after XP SP3 install, won't pass validation
I had a virus a week prior, SP3 install started tonight
Store bought Windows XP Home Edition by me, installed by me
COA on the box, key matched key in tool
Windows activation says its already activated but
will not pass windows genuine validation
Product key update tool refuses to run as sees it a unsupported software, firewall off, antivirus off
when i try to install windows genuine adv notifications it says i have a service pack that is newer, there is no need to install this update.
hopefully i didnt replace to much info below with *'s to hide sensitive info
Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Not Activated
Validation Code: 1
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-
Windows Product Key Hash: 0rUdu4YvLRn/t6fVLZkS3TAMheI=
Windows Product ID: *
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: 5.1.2600.2.00010300.3.0.hom
CSVLK Server: N/A
CSVLK PID: N/A
ID: {*}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
Resolution Status: N/AWgaER Data-->
ThreatID(s): N/A
Version: N/AWGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: MicrosoftOGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{*}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-*</PKey><PID>*</PID><PIDType>0</PIDType><SID>*</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>A7N8X-E</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS A7N8X-E Deluxe ACPI BIOS Rev 1013 </Version><SMBIOSVersion major="2" minor="2"/><Date>20041112000000.000000+000</Date></BIOS><HWID>42803CD70184AE79</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
H2490- Edited by H2490 Tuesday, August 26, 2008 9:33 AM add more detail
Tuesday, August 26, 2008 9:20 AM
Answers
-
H2490,
I'm not sure if it does or doesn't. However, thank you for taking to the time to run the scan a 2nd time. I very much appreciate the effort and try.
I will include the additional information you provided here in my analysis.
Thank you again,
Rick, MS- Marked as answer by RickImAPC Friday, August 29, 2008 2:58 PM
Friday, August 29, 2008 2:35 PM
All replies
-
H2490,
Please re-run the Diagnostic and include the full results here in a post. Replacing the data with "*" interferes with our data analysis. Please keep in mind that we do not collect personally identifiable information resulting from the diagnostic report.
Please let me know if you have questions regarding WGA.
Respectfully,
Rick, MSTuesday, August 26, 2008 3:28 PM -
H2490,
Could you please give us some additional information concerning the virus you received? The name of the virus? The name of the scanner used to detect/resolve the virus? Along with any other information you are able to provide.
Additionally, could you please run http://safety.live.com Full System Scan for virus' and spyware.
Respectfully,
Rick, MSTuesday, August 26, 2008 9:42 PM -
updated report
Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Not Activated
Validation Code: 1
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-DHH4X-J76D8-BMVKV
Windows Product Key Hash: 0rUdu4YvLRn/t6fVLZkS3TAMheI=
Windows Product ID: 55285-014-5098184-21848
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: 5.1.2600.2.00010300.3.0.hom
CSVLK Server: N/A
CSVLK PID: N/A
ID: {8166CAA4-AD0B-4F46-B1E4-7E63264EF376}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
Resolution Status: N/AWgaER Data-->
ThreatID(s): N/A
Version: N/AWGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: MicrosoftOGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{8166CAA4-AD0B-4F46-B1E4-7E63264EF376}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BMVKV</PKey><PID>55285-014-5098184-21848</PID><PIDType>0</PIDType><SID>S-1-5-21-1060284298-789336058-854245398</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>A7N8X-E</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS A7N8X-E Deluxe ACPI BIOS Rev 1013 </Version><SMBIOSVersion major="2" minor="2"/><Date>20041112000000.000000+000</Date></BIOS><HWID>42803CD70184AE79</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
H2490Wednesday, August 27, 2008 1:03 AM -
AVG Antivirus used
HTML/Framer.Z 8/14/2008
JS/Psyme 8/4/2008
Trojan horse SHeur.BZUE 8/4/2008
Trojan horse Generic_c.MFD 8/4/2008
Trojan horse Downloader.Purityscan.AG 8/4/2008
Trojan horse Downloader.Agent.AGWI
JS/Downloader Agent
will report on safety live scan results later
H2490Wednesday, August 27, 2008 1:13 AM -
H2490,
I have forwarded your posted information off for analysis. If you could, please let me know when you've completed the http://safety.live.com scan. Thank you again, it is appreciated. Any additional information you may have will still be welcomed here on your thread.
Respectfully,
Rick, MSWednesday, August 27, 2008 2:20 PM -
I need help with live scan it had like 10 and 2 on the progress but i had to sleep. It appears to have rebooted my computer and did not come back up afterwords. I dont know where to seek the logs.
H2490Wednesday, August 27, 2008 11:57 PM -
Rick,
Sorry but I have been informed that the scan results are lost. If the browser is closed they are lost. Might want to add a warning to your blurb.
H2490Thursday, August 28, 2008 3:12 AM -
H2490,
Thank you for the try. It is important to use Microsoft Internet Explorer, and to leave the browser open while doing the scan. I will make sure to include those additional pieces next time. If you are able to run it again at some point please do, and upload the results at the end as it will prompt you to.
Again, thank you for the try.
Respectfully,
Rick, MSThursday, August 28, 2008 2:17 PM -
I ran the scan again and nothing came up. It must have fixed whatever it found before. I also ran the latest malicious soft. removal tool. It found a win32 variant virus and removed it. Does it keep logs when it runs somewhere?
H2490Friday, August 29, 2008 12:17 AM -
H2490,
I'm not sure if it does or doesn't. However, thank you for taking to the time to run the scan a 2nd time. I very much appreciate the effort and try.
I will include the additional information you provided here in my analysis.
Thank you again,
Rick, MS- Marked as answer by RickImAPC Friday, August 29, 2008 2:58 PM
Friday, August 29, 2008 2:35 PM