locked
Machine with preactivated OEM Vista business now asking for activation RRS feed

  • Question

  • I suffered a particularly nasty rootkit virus attack on my Toshiba laptop tecra P5. It was a fresh rootkit/virus that the AV didn't detect.

    Normally this wouldn't be a problem only the Intel raid NAS which the laptop was being ghosted to also fried itself that same weekend but is so old the parts are no longer available so all my back ups are gone.

    After successfully cleaning up after somehow the operating system is damaged.

    The Vista business OEM is nagging me to activate it all of a sudden.  Apart from that the machine works fine in every other respect apart from being unable to get updates due to lack of activation.

    The machine originally came with Vista business OEM preinstalled and no activation was necessary.

    It won't accept the activation Code on the sticker on the bottom of the machine as it says that the key has been used before.  I have tried manually using phone activation (I successfully get the 40 odd digit number using my care of my sticker etc. but the machine still won't accept that code) as well as that I have tried turning off the services and on again etc. etc. as per the other threads in this forum.  My bios is the latest one from the Toshiba Australia website

    I called Microsoft (no mean feat in itself) and they said they were willing to help me but their engineer said she could only help me if I obtained the windows Vista business installation disks for my operating system.  I.e. the one that Toshiba used to generate the Toshiba recovery desks in the first place.

    Microsoft also say that they're not obliged to help me because as its an OEM then Toshiba are actually the supplier to me therefor the disks had to come from Toshiba not from them.

    I contacted Toshiba and they said that my laptop only came with recovery desks and their agreement with Microsoft is that they would not provide the installation disks to anyone.  I have been right to the top at Toshiba and they won't budge as they say they'll get sued by Microsoft if they do release those discs.

    If I use a recovery disk it will completely wipe out all my stuff as well as remove all additional partitions on my 512 GB disk and replace them with a single 256 GB.  The laptop is loaded with many applications and their associated customisations and it will take months and months for me to get it set up how I like it again.

    Is there a way I can use a recovery disks on a different hard drive to generate whatever key files and registry hives are needed so I can copy them to the hard drive I'm currently using.


    Try something different! Anything that works is perfect........
    • Edited by sirplus Wednesday, January 5, 2011 4:07 AM spelling
    Wednesday, January 5, 2011 4:01 AM

Answers

  • "sirplus" wrote in message news:2b9256c6-a2be-450a-a584-d43fb8bfaa73...

    I suffered a particularly nasty rootkit virus attack on my Toshiba laptop tecra P5. It was a fresh rootkit/virus that the AV didn't detect.

    Normally this wouldn't be a problem only the Intel raid NAS which the laptop was being ghosted to also fried itself that same weekend but is so old the parts are no longer available so all my back ups are gone.

    After successfully cleaning up after somehow the operating system is damaged.

    The Vista business OEM is nagging me to activate it all of a sudden.  Apart from that the machine works fine in every other respect apart from being unable to get updates due to lack of activation.

    The machine originally came with Vista business OEM preinstalled and no activation was necessary.

    It won't accept the activation Code on the sticker on the bottom of the machine as it says that the key has been used before.  I have tried manually using phone activation (I successfully get the 40 odd digit number using my care of my sticker etc. but the machine still won't accept that code) as well as that I have tried turning off the services and on again etc. etc. as per the other threads in this forum.  My bios is the latest one from the Toshiba Australia website

    I called Microsoft (no mean feat in itself) and they said they were willing to help me but their engineer said she could only help me if I obtained the windows Vista business installation disks for my operating system.  I.e. the one that Toshiba used to generate the Toshiba recovery desks in the first place.

    Microsoft also say that they're not obliged to help me because as its an OEM then Toshiba are actually the supplier to me therefor the disks had to come from Toshiba not from them.

    I contacted Toshiba and they said that my laptop only came with recovery desks and their agreement with Microsoft is that they would not provide the installation disks to anyone.  I have been right to the top at Toshiba and they won't budge as they say they'll get sued by Microsoft if they do release those discs.

    If I use a recovery disk it will completely wipe out all my stuff as well as remove all additional partitions on my 512 GB disk and replace them with a single 256 GB.  The laptop is loaded with many applications and their associated customisations and it will take months and months for me to get it set up how I like it again.

    Is there a way I can use a recovery disks on a different hard drive to generate whatever key files and registry hives are needed so I can copy them to the hard drive I'm currently using.


    Try something different! Anything that works is perfect........

    To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
    Once saved, run the tool.
    Click on the Continue button, which will produce the report.
    To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by Darin Smith MS Tuesday, January 11, 2011 11:20 PM
    Wednesday, January 5, 2011 9:20 AM
    Moderator

All replies

  • "sirplus" wrote in message news:2b9256c6-a2be-450a-a584-d43fb8bfaa73...

    I suffered a particularly nasty rootkit virus attack on my Toshiba laptop tecra P5. It was a fresh rootkit/virus that the AV didn't detect.

    Normally this wouldn't be a problem only the Intel raid NAS which the laptop was being ghosted to also fried itself that same weekend but is so old the parts are no longer available so all my back ups are gone.

    After successfully cleaning up after somehow the operating system is damaged.

    The Vista business OEM is nagging me to activate it all of a sudden.  Apart from that the machine works fine in every other respect apart from being unable to get updates due to lack of activation.

    The machine originally came with Vista business OEM preinstalled and no activation was necessary.

    It won't accept the activation Code on the sticker on the bottom of the machine as it says that the key has been used before.  I have tried manually using phone activation (I successfully get the 40 odd digit number using my care of my sticker etc. but the machine still won't accept that code) as well as that I have tried turning off the services and on again etc. etc. as per the other threads in this forum.  My bios is the latest one from the Toshiba Australia website

    I called Microsoft (no mean feat in itself) and they said they were willing to help me but their engineer said she could only help me if I obtained the windows Vista business installation disks for my operating system.  I.e. the one that Toshiba used to generate the Toshiba recovery desks in the first place.

    Microsoft also say that they're not obliged to help me because as its an OEM then Toshiba are actually the supplier to me therefor the disks had to come from Toshiba not from them.

    I contacted Toshiba and they said that my laptop only came with recovery desks and their agreement with Microsoft is that they would not provide the installation disks to anyone.  I have been right to the top at Toshiba and they won't budge as they say they'll get sued by Microsoft if they do release those discs.

    If I use a recovery disk it will completely wipe out all my stuff as well as remove all additional partitions on my 512 GB disk and replace them with a single 256 GB.  The laptop is loaded with many applications and their associated customisations and it will take months and months for me to get it set up how I like it again.

    Is there a way I can use a recovery disks on a different hard drive to generate whatever key files and registry hives are needed so I can copy them to the hard drive I'm currently using.


    Try something different! Anything that works is perfect........

    To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
    Once saved, run the tool.
    Click on the Continue button, which will produce the report.
    To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by Darin Smith MS Tuesday, January 11, 2011 11:20 PM
    Wednesday, January 5, 2011 9:20 AM
    Moderator
  • No reply from the Original Poster.

    Issue is assumed to be resolved.

     


    Darin MS
    Tuesday, January 11, 2011 11:21 PM
  • A bene placito! :-)

    Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Status: Invalid License Validation Code: 50 Cached Online Validation Code: 0xc004c4a8 Windows Product Key: *****-*****-GDJ4R-T3CCG-RWH66 Windows Product Key Hash: +QJMcszWlwxTAK/R1Y9QBrzADh4= Windows Product ID: 89576-OEM-7202746-75430 Windows Product ID Type: 8 Windows License Type: COA SLP Windows OS version: 6.0.6002.2.00010100.2.0.006 ID: {EAB7A230-4A67-4FF2-93EB-22E8A095C742}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: Registered, 1.9.42.0 Signed By: Microsoft Product Name: Windows Vista (TM) Business Architecture: 0x00000000 Build lab: 6002.vistasp2_gdr.100608-0458 TTS Error: T:20101007014858325- Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: 6.0.6002.16398 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: 100 Version: 2.0.48.0 OGAExec.exe Signed By: Microsoft OGAAddin.dll Signed By: Microsoft OGA Data--> Office Status: 100 Genuine 2007 Microsoft Office system - 100 Genuine OGA Version: Registered, 2.0.48.0 Signed By: Microsoft Office Diagnostics: B4D0AA8B-604-645_77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files\Internet Explorer\iexplore.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\Windows\system32\uxtheme.dll[6.0.6001.18000], Hr = 0x800b0100 Other data--> Office Details: <GenuineResults><MachineData><UGUID>{EAB7A230-4A67-4FF2-93EB-22E8A095C742}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010100.2.0.006</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RWH66</PKey><PID>89576-OEM-7202746-75430</PID><PIDType>8</PIDType><SID>S-1-5-21-3949107450-1874928725-1193214278</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>TECRA P5</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>Version 2.00</Version><SMBIOSVersion major="2" minor="4"/><Date>20080306000000.000000+000</Date></BIOS><HWID>D3323507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Cen. Australia Standard Time(GMT+09:30)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSHIB</OEMID><OEMTableID>A0056 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0031-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>2007 Microsoft Office system</Name><Ver>12</Ver><Val>49A15E45B32FF12</Val><Hash>Jcfr8KB+YWDuX2f/jp5jint2QeE=</Hash><Pid>89451-905-2765627-66085</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> Spsys.log Content: U1BMRwEAAAAAAQAABAAAALgGAAAAAAAAYWECAORfhqHJPcDJaWXLASPvOhE4aiPWkIrToHXwxdq20X16vAEcK6Z8M0T2ytBb3FaOyz8gfT44pXofgwiyhjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeSpvDqncQWuidFsr+hJ/dpINYboFE2L+x23ORX8S+tcQzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM Licensing Data--> Software licensing service version: 6.0.6002.18005 Windows Activation Technologies--> N/A HWID Data--> HWID Hash Current: PgAAAAEAAwABAAEAAgADAAAABQABAAEAeqgkW0zWtl6afkaDPKrcn/L0d/b+P25cX1DJJSaQ0tSsVsglKoU= OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20000 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC TOSHIB A0056 FACP TOSHIB A0056 HPET TOSHIB A0056 MCFG TOSHIB A0056 SSDT TOSHIB A0056 TCPA TOSHIB A0056 SLIC TOSHIB A0056 ASF! TOSHIB A0056 SSDT TOSHIB A0056 SSDT TOSHIB A0056 SSDT TOSHIB A0056 p>


    Try something different! Anything that works is perfect........
    • Edited by sirplus Saturday, January 22, 2011 3:55 PM
    Saturday, January 22, 2011 3:33 PM
  • "sirplus" wrote in message news:7f4534af-23b8-4e21-88c2-d8868425428d...

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-GDJ4R-T3CCG-RWH66
    Windows Product Key Hash: +QJMcszWlwxTAK/R1Y9QBrzADh4=
    Windows Product ID: 89576-OEM-7202746-75430
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.0.6002.2.00010100.2.0.006
    ID: {EAB7A230-4A67-4FF2-93EB-22E8A095C742}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Business
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.100608-0458
    TTS Error: T:20101007014858325-

    File Scan Data-->
    File Mismatch: C:\Windows\system32\uxtheme.dll[6.0.6001.18000], Hr = 0x800b0100


    Try something different! Anything that works is perfect........
    The two errors highlighted are the source of your problem.
    They may be related, or they may be separate problems....
    The TTS Error shows that you have a Trusted Store Tamper
    <quote>
    You have a T-type Tamper present on your machine, which is preventing proper self-activation.
     Your Diagnostic Report is telling me that your Windows is suffering from a Trusted Store Tamper.   In Windows, there are files that have, what is known as, a Digital Signature. A Digital Signature is an industry standard that ensures that a file is, in fact, from the specified source. If a file is modified, in any way, the Digital Signature is broken.
     
    Example: lets say you get a Printer Driver that is Digitally Signed from HP. Since the Digital Signature was created by a Trusted Source (HP) a Certificate is created within Window's Trusted Store. The Digital Signature is dependent on the file's Hash (think fingerprint) so if the file is changed in any way, it's Digital Signature is broken and becomes invalid.  So lets say that the HP Driver got modified by some sort of Malware. The File's Hash would no longer match the hash listed in the Digitally Signature (or the Signature may not even be readable at that point). The Digital Signature become invalid because windows now don't know what has been done to that file, so the file can no longer be trusted. This in turn invalidates the corresponding Certificate within the Trusted Store.
     
      What I have described in the above example is basically what is happening with your Windows.  Some Digitally Signed file has been modified in some way and the Certificate within Windows's Trusted Store has become invalid (i.e. no longer trusted) which invalidates the Certificate in the Trusted Store and that is what has triggered the Non-Genuine messaging.
     
     
      Unfortunately, none of my tools are able to pinpoint which file/signature/certificate is causing the problem. However there are a few thing you can try that may correct the issue.
     
     
      1) First off not all Digitally Signed files are Drivers, but from experience we have found that this issue seems to occur the most with Drivers.  So my first suggestion is to confirm that all your hardware drivers are up to date. Note: Figuring out if a Driver is up to date and/or replacing a driver with a more current one can sometimes take semi-advanced computer knowledge and me explaining the process is outside the scope of this forum. If you do not know how to work with Drivers seek assistance or skip down to #2 or #3 below
     
      2) Restore Windows back to a past System Restore Point.
     
    1) Boot into Windows
    2) Click the Start button
    3) In the Start Search field, type: System Restore and hit the Enter key
    4) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to a date Before you first noticed the issue (which hopefully was today).
    5) Click the "Next" button.
    6) Reboot
     
      3) Repair Windows using the 'sfc /scannow' command
     
    The Scan Now will look for any bad Windows files and attempt to repair them, if possible (it isn't always able to)
     
    1) Login to Windows
    2) Click the Start button
    3) Type: cmd.exe in the search field
    4) Right-click the cmd.exe file and select Run as Administrator
    5) In the CMD window, type: sfc /scannow
    6) Reboot and see if that resolves the issue.
     
    If none of my suggestions resolves the issue, then the only other thing I can suggest is to either create a (no cost) support request at http://support.microsoft.com/gp/contactwga or reinstall Windows.
     
     
    </quote>
    With any luck, one of the suggestions (System Restore or the SFC command) will also fix your File Mismatch problem (which may actually be the file that the TTS error is complaining about)
     
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, January 22, 2011 3:46 PM
    Moderator
  • Did sfc /scannow

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-GDJ4R-T3CCG-RWH66
    Windows Product Key Hash: +QJMcszWlwxTAK/R1Y9QBrzADh4=
    Windows Product ID: 89576-OEM-7202746-75430
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.0.6002.2.00010100.2.0.006
    ID: {EAB7A230-4A67-4FF2-93EB-22E8A095C742}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Business
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.100608-0458
    TTS Error: T:20101007014858325-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: 100
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    2007 Microsoft Office system - 100 Genuine
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{EAB7A230-4A67-4FF2-93EB-22E8A095C742}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010100.2.0.006</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RWH66</PKey><PID>89576-OEM-7202746-75430</PID><PIDType>8</PIDType><SID>S-1-5-21-3949107450-1874928725-1193214278</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>TECRA P5</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>Version 2.00</Version><SMBIOSVersion major="2" minor="4"/><Date>20080306000000.000000+000</Date></BIOS><HWID>D3323507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Cen. Australia Standard Time(GMT+09:30)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSHIB</OEMID><OEMTableID>A0056   </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0031-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>2007 Microsoft Office system</Name><Ver>12</Ver><Val>49A15E45B32FF12</Val><Hash>Jcfr8KB+YWDuX2f/jp5jint2QeE=</Hash><Pid>89451-905-2765627-66085</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAALgGAAAAAAAAYWECAORfhqHJPcDJaWXLASPvOhE4aiPWkIrToHXwxdq20X16vAEcK6Z8M0T2ytBb3FaOyz8gfT44pXofgwiyhjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeSpvDqncQWuidFsr+hJ/dpINYboFE2L+x23ORX8S+tcQzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: PgAAAAEAAwABAAEAAgADAAAABQABAAEAeqgkW0zWtl6afkaDPKrcn/L0d/b+P25cX1DJJSaQ0tSsVsglKoU=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   TOSHIB  A0056  
      FACP   TOSHIB  A0056  
      HPET   TOSHIB  A0056  
      MCFG   TOSHIB  A0056  
      SSDT   TOSHIB  A0056  
      TCPA   TOSHIB  A0056  
      SLIC   TOSHIB  A0056  
      ASF!   TOSHIB  A0056  
      SSDT   TOSHIB  A0056  
      SSDT   TOSHIB  A0056  
      SSDT   TOSHIB  A0056  

     


    Try something different! Anything that works is perfect........
    Sunday, January 23, 2011 2:59 AM
  • "sirplus" wrote in message news:c6a6fe6f-1409-4c15-a22c-938715c25faf...

    Did sfc /scannow

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-GDJ4R-T3CCG-RWH66
    Windows Product Key Hash: +QJMcszWlwxTAK/R1Y9QBrzADh4=
    Windows Product ID: 89576-OEM-7202746-75430
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.0.6002.2.00010100.2.0.006
    ID: {EAB7A230-4A67-4FF2-93EB-22E8A095C742}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Business
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.100608-0458
    TTS Error: T:20101007014858325-


    Try something different! Anything that works is perfect........

    That seems to have fixed the File Mismatch - but not the T-type tamper :(
    That tamper has been present since October 7th  - does anything about that date (or the couple of days before) ring a bell?
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, January 23, 2011 3:26 AM
    Moderator
  • No

    The rootkit was 0 day and as such I had to clean it manually & by removing the hdd and deleting files with the date & time at or more recent than the time of the attack probably I deleted something important from the certificate store in error.

    How to find the cause of the TTS error?


    Try something different! Anything that works is perfect........
    Monday, January 24, 2011 1:23 AM
  • "sirplus" wrote in message news:efaec584-d06e-454c-973b-d1e11295e3c5...

    No

    The rootkit was 0 day and as such I had to clean it manually & by removing the hdd and deleting files with the date & time at or more recent than the time of the attack probably I deleted something important from the certificate store in error.

    How to find the cause of the TTS error?


    Try something different! Anything that works is perfect........

    Have a look in the Event Viewer, or the System Performance logs - they may give you a clue.
    I doubt very much that we'll be able to get to the bottom of this in these forums, so I'd advise you to go and create a Support Incident. You could either use WGA, or Security as your entry route - with luck, either will be free support. (I don't know what the 'rules' are for Oz)
    the Security Support Center for Australia is on "Australia Domestic Toll-free: 13 20 58" (the hoops I had to jump through to get that!)
    ...see what you can find here for the Activation centers http://support.microsoft.com/contactus/cu_sc_prodact_master?ws=support#tab0
    Note that if you phone an Activation Center for assistance, do NOT respond when asked which service you require (by the ansafone) - this should force an operator to pick up.

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Monday, January 24, 2011 10:32 AM
    Moderator