none
Windows Vista (TM), Build 6002, This copy of Windows is not Genuine

    Question

  • I have had a Dell Inspiron Desktop 530 S since 2009, it came preinstalled and activated with Windows Vista SP2.  In 2011, the hard drive developed a problem and working with Dell, we reinstalled the OS.  I have been running without any issues since then, and just this past Sunday, April 19th, 2015 when I booted up in the morinng, I got a black screen, and a notification in the lower right corner = "Windows Vista (TM), Build 6002, This copy of Windows is not Genuine".

    I had made no software or hardware changes, to precipitate this, though I did see two windows updates had occurred the day before.  I have had Dell attempt to resolve this issue and they could not, I have had 1st and 2nd Tier at Microsoft try, including replacing the OEM SLP with the COA SLP from the placard on my computer via telephone IVP.  All efforts by MS or Dell have left me getting error "0XC004E003" when attempting to activate the OS using the product key from the placard on my computer.  That error I understand indicates a problem with accessing or reading the SLIC table in the BIOS.  MS insists my only solution is to reinstall the OS from my diskette and then of course resinstall all software, etc., and I am looking for a better solution.

    Any help will be greatly appreciated!  WGA output below

    Created April 26, 2015

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Status: Invalid License

    Validation Code: 50

    Cached Online Validation Code: 0xc004c4a8

    Windows Product Key: *****-*****-882F6-TYQHM-9WH8C

    Windows Product Key Hash: Cs42qed+vjxfWnUYSuvhbNfXuSs=

    Windows Product ID: 89572-OEM-7234462-14942

    Windows Product ID Type: 8

    Windows License Type: COA SLP

    Windows OS version: 6.0.6002.2.00010300.2.0.002

    ID: {EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows Vista (TM) Home Basic

    Architecture: 0x00000000

    Build lab: 6002.vistasp2_gdr.150312-1556

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9WH8C</PKey><PID>89572-OEM-7234462-14942</PID><PIDType>8</PIDType><SID>S-1-5-21-4015658855-3871755503-934777981</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.18</Version><SMBIOSVersion major="2" minor="5"/><Date>20090224000000.000000+000</Date></BIOS><HWID>E6313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>B9A045D4FECE6CE</Val><Hash>+qsG3ha2J5KzCQa6BweoaMpi6m8=</Hash><Pid>81599-871-5752162-65936</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAP0GAAAAAAAAYWECAAQgnIryswkTl3rQASPvOhE4aiPWkIrToHXwxdrKrrVAB3haoZtOb9Mu46ifwgGfdQOF1jRpMhkF8l5vQjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeUiVLCzNSLAhWA9hJ8f8NdOaSbTvM6S9GOtP1LTy480MzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->

    Software licensing service version: 6.0.6002.18005

    Name: Windows(TM) Vista, HomeBasic edition

    Description: Windows Operating System - Vista, OEM_COA_SLP channel

    Activation ID: 91dbad68-4713-4f9c-b351-6e77a8361741

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 89572-00144-344-614942-02-1033-6002.0000-1162015

    Installation ID: 011222987982807851919776458413361360496434789971110324

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475

    Partial Product Key: 9WH8C

    License Status: Unlicensed

    Windows Activation Technologies-->

    N/A

    HWID Data-->

    HWID Hash Current: NgAAAAEABAABAAEAAQABAAAAAwABAAEAeqgwVtK/8nu2WWT+iP0EdexQ8vREJVgUrFZl8SqF

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20000

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    DELL                       FX09  

      FACP                                   DELL                       FX09  

      HPET                                    DELL                       FX09  

      MCFG                                 DELL                       FX09  

      SLIC                                      DELL                       FX09  

      DMY2                                  DELL                       FX09  

      SSDT                                    PmRef                  CpuPm

    Sunday, April 26, 2015 12:40 PM

Answers

  • I don't believe that a rearm will work - it relies on the existence of a license in the first place, the lack of which your machine is complaining about.

    Changing the activation mode won't make any difference that I know of.

    .... still trying to find time to reproduce your problem! - I haven't given up yet :)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, May 20, 2015 2:21 PM
    Moderator

All replies

  • The problem appears to be in the Licensing Store -

    please try the following.....

    Recreate the Licensing Store with the correct data.

    1) Open an Internet Browser window.

    2) Type: %windir%\system32 into the browser address bar.

    3) Find the file CMD.exe

    4) Right-Click on CMD.exe and select 'Run as Administrator'

    5) Type: net stop slsvc (it may ask you if you are sure, select yes)

    6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing

    7) Type: rename tokens.dat tokens.bar

    8) Type: cd %windir%\system32

    9) Type: net start slsvc

    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)

    11) Restart your computer twice. 

    You may be asked to enter your COA Key and/or Activate. – if asked for the Key, use the one on your COA sticker on the machine’s case (you may need to activate by telephone).  

    Once complete, run another MGADiag report and post back with the results.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, April 27, 2015 12:20 PM
    Moderator
  • Hi Noel, thank you so much for your reply, I got it this morning while having my early morning wake-up coffee before work and didn't have time to try what you have suggested but

    will try to do that tonight when I get home (presently at work in Gaithersburgh, Marylland).  I have read a ton about this on the web since the problem cropped up this past Sunday

    April 19th, and I see you have helped many.  I watched the Microsoft Tier 1 person who tried to remedy this for me, attempt what you have proposed, including the telephone activation

    and the input of my COA SLP replacing the OEM SLP, and at the time that didn't work, but I will give it another shot and see what happens.  The Dell support team attempted a couple

    other scenarios I have seen documented on the web in association with this sort of thing, but, alas, nothing they did worked either so they cancelled the charge ( $ 129.00) they

    were going to charge me for fixing the issue for me. 

    The thing I am finding extremely puzzling is that this issue, in all its varied forms has been occuring for so many years and yet, after a couple hours on the phone with Dell & Microsoft Tier1

    & Tier 2 people, the MS Tier 2 rep said, nothing I can do but reinstall my Windows Vista!?  Something just suggests to me that there must be know modules, along with the BIOS that are

    involved in this, and that by now someone must know exactly what they are, how they are coded, what they do when and why, and how to work a bit more efficienlty with this issue.  I do have

    the install disckette, and if I absolutely have to, I will do the reinstall.   I have also download the BIOS upgrade from the Dell sight, and have the link for re-installing SP2 should that be

    a real potential solution.  The MS Tier 2 guy just kept saying, "you must have some core OS files damaged" so all you can do is reinstal Windows Vista.  No suggestion re the BIOS or SP2 or doing

    a "Repair" re-install of Windows.  I just really would like to avoide reinstalling any software I have had since 2009, then all the updates, etc., and going through reconfiguring everything.  Particularly

    in light of the fact tht there was absolutely nothing that occurred at my house (I live alone) with my computer the day before or the day of this incident, but, 2 MS updates.  My Wiindows Vista is

    and has been genuine since coming with my Dell Desktop in 2009.  We did have to reinstall the OS in 2011 due to some disk problem, but, it has been fine ever since.

    Anyhow, I will try your suggestion and report back once I have completed it.  By the way, one last tid-bit, when I worked with the MS Tier 2 guy, after trying a couple things he said he

    need to consult his manager and after he did, I saw him do something and later realized what he had done resulted in any attempt to reactivate to be met with a window saying all I could

    do was reinstall the OS.  I then did a restore to a prior point and got rid of what he did, but that is the sort of thing that it seems to me, somebody must know exactly what files are doing what, what

    settings in the registry control what, and this issue should be much simpler to resolve, even in the case I hae which seems to not be fixable by all the scenarios typically used.

    Best regards,

    Fred Hoffert

    Tuesday, April 28, 2015 5:47 PM
  • Never forget that Dell Support's mission in life is to get you off the phone as quickly as possible - it costs them a dollar a minute while you're there.

    This means that their second option (after some 'obvious' attempt to fix it) is almost ALWAYS a recovery to factory settings (and often they don't warn you about loss of data!)

    MS works on the basis that most problems can be solved through a simple script analysis - but it's not until you get to third-tier support that you're likely to meet anyone who knows even vaguely how to interpret an MGADiag report.

    Without the report, anyone would be totally clueless - although it has to be said that in your case, the report isn't actually helping diagnosis much.

    The only real clue there is this...

    Cached Online Validation Code: 0xc004c4a8

    ... unfortunately this is a fairly vague error code, which basically means that there is a problem with activation! (literally: Genuine validation determined that the License is invalid)

    The fact that you have a fair amount of data in the spsys.log are of the report makes me look for a TTS error - but there is none in the report.

    Put those two together, and we start with the default 'fix' rebuilding the License store, to make sure that we have a known baseline. If that fails, then we have to move on to more diagnostic tests as appropriate.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, April 28, 2015 8:54 PM
    Moderator
  • Hi Noel,

    I was able to complete the steps your suggested for the rebuild of the license store, including the restart 2 times and then online activation via IVR, and a MS person obtaining and entering the activation ID, but, the result was an error response that the activation ID did not match the ID of my PC. 

    I tried doing the activation by entering the COA SLP and it tried but came back with the same error that we got several times with MS and Dell help, i.e., 0xC004E003.  Afterwards, i ran another MGA (shown below) but I don't think anything changed.  For what is may be worth, I am also going to

    Paste the very first MGA I did, before looking to Dell or MS for help.

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Status: Invalid License

    Validation Code: 50

    Cached Online Validation Code: 0xc004c4a8

    Windows Product Key: *****-*****-882F6-TYQHM-9WH8C

    Windows Product Key Hash: Cs42qed+vjxfWnUYSuvhbNfXuSs=

    Windows Product ID: 89572-OEM-7234462-14942

    Windows Product ID Type: 8

    Windows License Type: COA SLP

    Windows OS version: 6.0.6002.2.00010300.2.0.002

    ID: {EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: Registered, 1.9.42.0

    Signed By: Microsoft

    Product Name: Windows Vista (TM) Home Basic

    Architecture: 0x00000000

    Build lab: 6002.vistasp2_gdr.150312-1556

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9WH8C</PKey><PID>89572-OEM-7234462-14942</PID><PIDType>8</PIDType><SID>S-1-5-21-4015658855-3871755503-934777981</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.18</Version><SMBIOSVersion major="2" minor="5"/><Date>20090224000000.000000+000</Date></BIOS><HWID>E6313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>B9A045D4FECE6CE</Val><Hash>+qsG3ha2J5KzCQa6BweoaMpi6m8=</Hash><Pid>81599-871-5752162-65936</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAP0GAAAAAAAAYWECAAQgnIryswkTl3rQASPvOhE4aiPWkIrToHXwxdrKrrVAB3haoZtOb9Mu46ifwgGfdQOF1jRpMhkF8l5vQjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeUiVLCzNSLAhWA9hJ8f8NdOaSbTvM6S9GOtP1LTy480MzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->

    Software licensing service version: 6.0.6002.18005

    Name: Windows(TM) Vista, HomeBasic edition

    Description: Windows Operating System - Vista, OEM_COA_SLP channel

    Activation ID: 91dbad68-4713-4f9c-b351-6e77a8361741

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 89572-00144-344-614942-02-1033-6002.0000-1182015

    Installation ID: 011222987982807851919776458413361360496434789971110324

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475

    Partial Product Key: 9WH8C

    License Status: Unlicensed

    Windows Activation Technologies-->

    N/A

    HWID Data-->

    HWID Hash Current: NgAAAAEABAABAAEAAQABAAAAAwABAAEAeqgwVtK/8nu2WWT+iP0EdexQ8vREJVgUrFZl8SqF

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20000

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    DELL                       FX09  

      FACP                                   DELL                       FX09  

      HPET                                    DELL                       FX09  

      MCFG                                 DELL                       FX09  

      SLIC                                      DELL                       FX09  

      DMY2                                  DELL                       FX09  

      SSDT                                    PmRef                  CpuPm

    %%%%%%%%%%%%%% 1st MGA  %%%%%%%%%%%%%%%%%%%%

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Status: Invalid License

    Validation Code: 50

    Cached Online Validation Code: 0xc004c4a8

    Windows Product Key: *****-*****-4WD8X-M9WM7-CH4CG

    Windows Product Key Hash: EkdqJZ28Y9zyrh7DU/lHNjTXlQY=

    Windows Product ID: 89572-OEM-7332166-00096

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.0.6002.2.00010300.2.0.002

    ID: {9431F942-CCA9-4B68-A130-17257BC26597}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows Vista (TM) Home Basic

    Architecture: 0x00000000

    Build lab: 6002.vistasp2_gdr.150312-1556

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{9431F942-CCA9-4B68-A130-17257BC26597}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-CH4CG</PKey><PID>89572-OEM-7332166-00096</PID><PIDType>2</PIDType><SID>S-1-5-21-4015658855-3871755503-934777981</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.18</Version><SMBIOSVersion major="2" minor="5"/><Date>20090224000000.000000+000</Date></BIOS><HWID>E6313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>B9A045D4FECE6CE</Val><Hash>+qsG3ha2J5KzCQa6BweoaMpi6m8=</Hash><Pid>81599-871-5752162-65936</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAP0GAAAAAAAAYWECAAQgnIryswkTl3rQASPvOhE4aiPWkIrToHXwxdrKrrVAB3haoZtOb9Mu46ifwgGfdQOF1jRpMhkF8l5vQjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeUiVLCzNSLAhWA9hJ8f8NdOaSbTvM6S9GOtP1LTy480MzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->

    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->

    N/A

    HWID Data-->

    HWID Hash Current: NgAAAAEABAABAAEAAQABAAAAAwABAAEAeqgwVtK/8nu2WWT+iP0EdexQ8vREJVgUrFZl8SqF

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20000

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    DELL                       FX09  

      FACP                                   DELL                       FX09  

      HPET                                    DELL                       FX09  

      MCFG                                 DELL                       FX09  

      SLIC                                      DELL                       FX09  

      DMY2                                  DELL                       FX09  

      SSDT                                    PmRef                  CpuPm

    Wednesday, April 29, 2015 5:20 PM
  • Strange - the installed Key looks OK to me, from what I can see of it.

    Let's see what the filesystem is like...

    Please run a full CHKDSK and SFC scan....

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

    At the Command prompt, type

     CHKDSK C: /R

    and hit the Enter key.

    You will be told that the drive is locked, and the CHKDSK will run at the next boot - hit the Y key, and then reboot.

    The CHKDSK will take a few hours depending on the size  of the drive, so be patient!

     After the CHKDSK has run, Windows should boot normally  (possibly after a second auto-reboot) - then run the SFC.

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

    At the Command prompt, type

    SFC /SCANNOW

    and hit the Enter key

    Wait for the scan to finish - make a note of any error messages - and then reboot.

    Upload the CBS.log file (compressed, please!) to your OneDrive or DropBox Public folder, and post a link - also post a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, April 29, 2015 8:02 PM
    Moderator
  • Noel, thanks for your feedback!  I probably won't have a chance to implement the check disk and software scan until the weekend, but, I

    will, and will get feedback to you on that.  I remember seeing the MS Tier 1 person run the SFC /Scannow, and it ran through to completion with no apparent issues. 

    She did that before she did the license store recreate, and the slmgr rearm, along with adding the COA SLP and then doing the slmgr -ato, but, all for not.  She then

    subsequently tried the IVR activiation and that failed also, getting the same as I got the other day.

    Anyhow, in the intermim, I was wondering if you noticed anything odd in that "1st MGA output" I pasted in my prior reply?  The thing that caught

    my attention is that absence of much of anything in the "Licensing Data" section - I took that to indicate the licensing store was corrupt at that time but restablished

    subsequently.  The other thing I wanted to ask you about is this "Remove WAT" module someone created and posted on the net.  I watched U-Tube video of that

    and then another where some really sharp, albeit really young little person provided detail steps for how to identify WAT and the folder it resids in and delete it as

    a Fix for problems like mine.  I took it to imply it was applicabel to Windows Vista too, but, when I checked my system, there is no WAT folder, so I suspect that

    is not applicable for Windows Vista.

    As always, thanks for your help!

    Thursday, April 30, 2015 6:43 PM
  • RemoveWAT is an Activation Exploit - which leaves very obvious traces in an MGADiag report.

    It is of very little use, and potentially great harm. It should be avoided.

    If you want to remove the WAT update, simply using the UNinstall routine works. RemoveWAT does a lot more than that.

    As you noticed, a system which doesn't have the WAT update installed doesn't have a WAT folder, and WAT itself was only released in early 2010, and only for Windows 7 - so it's no surprise that your Vista install doesn't have it ;)

    The only odd thing I can see in your first MGADiag is that there's a fair amount of content in the spsys.log - unfortunately, I have no way to know what the data there actually means, although I have found that often such data is related to TTS errors, I see that there is no such error in your report.

    At the moment, I'm as mystified as MS. :(

    Perhaps a look at the Event logs may also help (but I still want to see the SFC!)

    Please open Event Viewer

    In the left pane, navigate to the Windows Logs

    right-click on Applications and select 'Save all events as...' save as Apps.evtx

    repeat for the System logs - save as Sys.evtx

    Compress both files, and attach to your reply or upload to your favourite fileshare site (preferably Dropbox or OneDrive/SkyDrive) and post a link in your reply



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, April 30, 2015 8:47 PM
    Moderator
  • Hi Noel,

    I will get to the chkdsk, sfc scan, apps & sys log stuff this weekend but I don't currently use any fileshare sites, and I don't seem to see any functionality here that would allow me to attach anything.  

    If I can't attach stuff here, I do use e-mail and would be happy to zip stuff up and send to you as e-mail attachments - would that be an option?  If not, I can explore what is available at Dropbox or the other resource and see how that goes.

    Let me know, and have a great weekend.

    Best regards,

    Fred

    Friday, May 1, 2015 4:49 PM

  • Sorry - I can't usually take email data through these forums.

    You can upload the data to either OneDrive or Dropboxvery simply (make sure that you put the files in the Public folders). Both are free services, and (almost) ad-free. Both alsoscan uploaded files for malware (subject to certain limits).

    Just check their Help pages for the detail on how to upload, and how to post a link.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Saturday, May 2, 2015 6:49 PM
    Moderator
  • Hello Noel, I completed the chkdsk this morning and everything there was clean, no errors or error related messages at all.  But, with the SLC scannow, it said"Windows Recovery Protection found corrupt files and successfully repaired them."

    I zipped the CBS.log and put it on OneDrive at https://onedrive.live.com/?cid=EA78258D69948DF5&id=EA78258D69948DF5%21136

    The new MGA is as follows:

    Diagnostic Report (1.9.0027.0):    Generated May 3, 2015

    -----------------------------------------

    Windows Validation Data-->

    Validation Status: Invalid License

    Validation Code: 50

    Cached Online Validation Code: 0xc004c4a8

    Windows Product Key: *****-*****-882F6-TYQHM-9WH8C

    Windows Product Key Hash: Cs42qed+vjxfWnUYSuvhbNfXuSs=

    Windows Product ID: 89572-OEM-7234462-14942

    Windows Product ID Type: 8

    Windows License Type: COA SLP

    Windows OS version: 6.0.6002.2.00010300.2.0.002

    ID: {EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: Registered, 1.9.42.0

    Signed By: Microsoft

    Product Name: Windows Vista (TM) Home Basic

    Architecture: 0x00000000

    Build lab: 6002.vistasp2_gdr.150312-1556

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9WH8C</PKey><PID>89572-OEM-7234462-14942</PID><PIDType>8</PIDType><SID>S-1-5-21-4015658855-3871755503-934777981</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.18</Version><SMBIOSVersion major="2" minor="5"/><Date>20090224000000.000000+000</Date></BIOS><HWID>E6313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>B9A045D4FECE6CE</Val><Hash>+qsG3ha2J5KzCQa6BweoaMpi6m8=</Hash><Pid>81599-871-5752162-65936</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAP0GAAAAAAAAYWECAAQgnIryswkTl3rQASPvOhE4aiPWkIrToHXwxdrKrrVAB3haoZtOb9Mu46ifwgGfdQOF1jRpMhkF8l5vQjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeUiVLCzNSLAhWA9hJ8f8NdOaSbTvM6S9GOtP1LTy480MzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->

    Software licensing service version: 6.0.6002.18005

    Name: Windows(TM) Vista, HomeBasic edition

    Description: Windows Operating System - Vista, OEM_COA_SLP channel

    Activation ID: 91dbad68-4713-4f9c-b351-6e77a8361741

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 89572-00144-344-614942-02-1033-6002.0000-1182015

    Installation ID: 011222987982807851919776458413361360496434789971110324

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475

    Partial Product Key: 9WH8C

    License Status: Unlicensed

    Windows Activation Technologies-->

    N/A

    HWID Data-->

    HWID Hash Current: NgAAAAEABAABAAEAAQABAAAAAwABAAEAeqgwVtK/8nu2WWT+iP0EdexQ8vREJVgUrFZl8SqF

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20000

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    DELL                       FX09  

      FACP                                   DELL                       FX09  

      HPET                                    DELL                       FX09  

      MCFG                                 DELL                       FX09  

      SLIC                                      DELL                       FX09  

      DMY2                                  DELL                       FX09  

      SSDT                                    PmRef                  CpuPm


    Sunday, May 3, 2015 3:42 PM
  • Your Event logs show the dregs of a PUP infection (MyOSProtect) and this is flooding the System Event log with errors -

    Please download and install  Malwarebytes Anti-malware (free version) from  http://www.malwarebytes.org/products/malwarebytes_free/ - UNtick 'Enable free trial of MBAM Premium' at the end of the installation -  and update it, then run a full scan  in your main account, and Quick scans in any other user accounts.

    Quarantine everything it finds   

    There also appear to be problems with the following items...

    OMCI ( a Dell service)

    Protect Monitor (another part of the PUP mentioned above)

    iTunes - possibly best to uninstall this and reinstall (note that you'll have to worry about licensing on anything from the iTunes stores!!)

    Here's the actual error that the attempt to validate internally generates....

    {1,[91dbad68-4713-4f9c-b351-6e77a8361741, 0, 0x0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xC004F013,0x0,0,0,0x0],[0,0,0x0]}

    Unfortunately, it's very non-informative - the 0xFFFFFFFF error is basically a 'dunno' while the 0xC004F013 error is an 'Access Denied' type of error.

    There appears to be a problem with gpupdate - which is odd, since Group Policy isn't installed or effective in Home Basic - so I can only assume that it's a result of the malware infestation.

    Post back with a new MGADiag report, and new event logs, after running MBAM, and rebooting a couple of times.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 3, 2015 4:57 PM
    Moderator
  • Noel, the Malwarebytes software did find about 72 things that it ultimately quarantined and it was all just as you indicated, i.e., the PUP infection.  I run a full MS Security Essentials every Saturday,

    but, it obviously was not catching the PUP thing.  After the system rebooted twice, I pulled another Apps & Sys log and have placed them where I did the others (here https://onedrive.live.com/?gologin=1 ) for your review.

    I also saved the following Malwrebytes file in case you can derive anything from it, and the latest MGA is pasted just below it

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/3/2015
    Scan Time: 3:25:28 PM
    Logfile: MBAM Results_1.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.05.03.06
    Rootkit Database: v2015.04.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Totters

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 298287
    Time Elapsed: 16 min, 46 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 1
    PUP.Optional.Loadshop, C:\monitor.exe, 2308, , [ad95f6991179a294c893135161a1a55b]

    Modules: 17
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 

    Registry Keys: 23
    PUP.Optional.OSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pcwatch, , [c57dcfc04941fb3b14b911cc28d98b75], 
    PUP.Optional.Loadshop, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ProtectMonitor, , [2220256a1971cb6b2c2f0d5747bb57a9], 
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4015658855-3871755503-934777981-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [053d2b643f4b5bdb130299b2d62d1ee2], 
    PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\ONESOFTPERDAY, , [d9692d622e5c2f07fc006d7e7f84e51b], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataContainer, , [ab97a5ea008a78be18c4075941c4ba46], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataContainer.1, , [fc46523dbad02f070fcde37d15f02dd3], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataController, , [86bc444b2961eb4b89532d3359ac37c9], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataController.1, , [8db5c5ca8efc44f2637992ce82836c94], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTable, , [93af8807b6d4290dd705025ec0453bc5], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTable.1, , [94ae395653374fe71dbf4e12fa0b4bb5], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTableFields, , [89b9bdd2dbafe353657790d046bf4fb1], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTableFields.1, , [e65c325de9a1db5b0bd128389273dc24], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTableHolder, , [4002e7a836541b1beaf2ce927e8741bf], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTableHolder.1, , [8cb6e5aa2664cb6bd3091050ce37c937], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.LSPLogic, , [132f236c41499d99a8342040897c7a86], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.LSPLogic.1, , [b48e7f101773ed4900dce7790cf9b749], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.ReadOnlyManager, , [61e19af50b7f83b3a933c69a986d32ce], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.ReadOnlyManager.1, , [1c26fa953852d660efed68f8aa5b60a0], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.WatchDog, , [3c06701f99f1f73f4696c29e749145bb], 
    PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.WatchDog.1, , [fd453e51dfaba4926e6ebaa6b154f709], 
    PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\TUTORIALS, , [a2a0dab54644290dd1234d0dd03545bb], 
    PUP.Optional.MyOSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MYOSPROTECT, , [f74b731c7f0ba5912ac8797336cd11ef], 
    PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4015658855-3871755503-934777981-1000\SOFTWARE\TutoTag, , [152ddab54644f44231a1024fb0559d63], 

    Registry Values: 7
    PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_200, , [77cba3ec98f2a0965da103e8ba4918e8], 
    PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\TUTORIALS|HostGUID, F7274707-4D1A-4766-9F80-4803CE152D48, , [a2a0dab54644290dd1234d0dd03545bb]
    PUP.Optional.MyOSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MYOSPROTECT|ImagePath, C:\Program Files\Web Protect\MyOSProtect.exe, , [f74b731c7f0ba5912ac8797336cd11ef]
    PUP.Optional.Downloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTMONITOR|ImagePath, C:\monitorsvc.exe, , [ee54513ef199dd595fd683d028ddfb05]
    PUP.Optional.Trovi.A, HKU\S-1-5-21-4015658855-3871755503-934777981-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M17D7C4B4-B220-4456-A94D-73A5399AC647&SearchSource=58&CUI=&UM=6&UP=SPEE5C2663-6448-46FD-87F7-34FE07B1CFD9&q={searchTerms}&SSPV=, , [c87ac3ccbecca78ffc85322bc4411de3]
    PUP.Optional.Conduit.A, HKU\S-1-5-21-4015658855-3871755503-934777981-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, , [f151cac584062c0a1ec9775517ece818]
    PUP.Optional.Trovi.A, HKU\S-1-5-21-4015658855-3871755503-934777981-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi search, , [63df5c33afdbd66068194914b15443bd]

    Registry Data: 0
    (No malicious items detected)

    Folders: 12
    PUP.Optional.MultiPlug.A, C:\Users\Totters\AppData\Roaming\4C4C4544-1429454789-3910-8051-B8C04F564731, , [b58d7d125f2bfb3be0f32b3317ee5fa1], 
    Rogue.Multiple, C:\ProgramData\2308189059, , [2e148d02ee9c2b0b03361c6d08fbe818], 
    PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, , [b2904e419feb2b0b06779419778c2fd1], 
    PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, , [b2904e419feb2b0b06779419778c2fd1], 
    PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, , [b2904e419feb2b0b06779419778c2fd1], 
    PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, , [b2904e419feb2b0b06779419778c2fd1], 
    PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{C448E384-E72F-45C3-97DB-00D17DB9ABD5}, , [b2904e419feb2b0b06779419778c2fd1], 
    PUP.Optional.Shopperz.A, C:\Program Files\Shopperz, , [e75beaa5a6e41e189496942d34cff60a], 
    PUP.Optional.SteelCut.A, C:\Program Files\Steel Cut, , [d66ca0efddad57dfef24d3f2e71c48b8], 
    PUP.Optional.LightsCinema.A, C:\Program Files\Lights Cinema 1.3betaV19.04, , [7fc37f1082084fe76601bf071fe48779], 
    PUP.Optional.Coupoon.A, C:\Program Files\coupoon, , [6dd5a8e799f1a2943bb2745429da12ee], 
    PUP.Optional.Coupoon.A, C:\Program Files\coupoon\SSL, , [6dd5a8e799f1a2943bb2745429da12ee], 

    Files: 13
    PUP.Optional.Loadshop, C:\monitor.exe, , [ad95f6991179a294c893135161a1a55b], 
    PUP.Optional.OSProtect.A, C:\Windows\System32\drivers\pcwatch.sys, , [c57dcfc04941fb3b14b911cc28d98b75], 
    PUP.Optional.Loadshop, C:\monitorsvc.exe, , [2220256a1971cb6b2c2f0d5747bb57a9], 
    PUP.Optional.HealthCareGovTool.A, C:\Program Files\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi, , [ad956e21800a95a15849c10b8e75ac54], 
    PUP.Optional.HealthCareGovTool.A, C:\Program Files\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi, , [0a38ddb291f951e5bce638947d86916f], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect.dll, , [d969fc935832b77f49a5c428c73c3bc5], 
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtectOff.ini, , [0e348708008a60d6cf209f4de3207d83], 
    PUP.Optional.MyOSProtect.A, C:\Windows\System32\MyOSProtect.ini, , [2a18137c38521b1bcf2103e92ed51ae6], 
    PUP.Optional.MultiPlug.A, C:\Users\Totters\AppData\Roaming\4C4C4544-1429454789-3910-8051-B8C04F564731\nsaA609.tmpfs, , [b58d7d125f2bfb3be0f32b3317ee5fa1], 
    PUP.Optional.MultiPlug.A, C:\Users\Totters\AppData\Roaming\4C4C4544-1429454789-3910-8051-B8C04F564731\jnskF92D.tmp, , [b58d7d125f2bfb3be0f32b3317ee5fa1], 
    PUP.Optional.MultiPlug.A, C:\Users\Totters\AppData\Roaming\4C4C4544-1429454789-3910-8051-B8C04F564731\vnsp3577.tmp, , [b58d7d125f2bfb3be0f32b3317ee5fa1], 
    PUP.Optional.LightsCinema.A, C:\Program Files\Lights Cinema 1.3betaV19.04\1e41ae3b-1395-4828-ab9e-3e19da5d64a2.crx, , [7fc37f1082084fe76601bf071fe48779], 
    PUP.Optional.LightsCinema.A, C:\Program Files\Lights Cinema 1.3betaV19.04\bgNova.html, , [7fc37f1082084fe76601bf071fe48779], 

    Physical Sectors: 0
    (No malicious items detected)

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Status: Invalid License

    Validation Code: 50

    Cached Online Validation Code: 0xc004c4a8

    Windows Product Key: *****-*****-882F6-TYQHM-9WH8C

    Windows Product Key Hash: Cs42qed+vjxfWnUYSuvhbNfXuSs=

    Windows Product ID: 89572-OEM-7234462-14942

    Windows Product ID Type: 8

    Windows License Type: COA SLP

    Windows OS version: 6.0.6002.2.00010300.2.0.002

    ID: {EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: Registered, 1.9.42.0

    Signed By: Microsoft

    Product Name: Windows Vista (TM) Home Basic

    Architecture: 0x00000000

    Build lab: 6002.vistasp2_gdr.150312-1556

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9WH8C</PKey><PID>89572-OEM-7234462-14942</PID><PIDType>8</PIDType><SID>S-1-5-21-4015658855-3871755503-934777981</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.18</Version><SMBIOSVersion major="2" minor="5"/><Date>20090224000000.000000+000</Date></BIOS><HWID>E6313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>B9A045D4FECE6CE</Val><Hash>+qsG3ha2J5KzCQa6BweoaMpi6m8=</Hash><Pid>81599-871-5752162-65936</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAP0GAAAAAAAAYWECAAQgnIryswkTl3rQASPvOhE4aiPWkIrToHXwxdrKrrVAB3haoZtOb9Mu46ifwgGfdQOF1jRpMhkF8l5vQjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeUiVLCzNSLAhWA9hJ8f8NdOaSbTvM6S9GOtP1LTy480MzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->

    Software licensing service version: 6.0.6002.18005

    Name: Windows(TM) Vista, HomeBasic edition

    Description: Windows Operating System - Vista, OEM_COA_SLP channel

    Activation ID: 91dbad68-4713-4f9c-b351-6e77a8361741

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 89572-00144-344-614942-02-1033-6002.0000-1232015

    Installation ID: 011222987982807851919776458413361360496434789971110324

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475

    Partial Product Key: 9WH8C

    License Status: Unlicensed

    Windows Activation Technologies-->

    N/A

    HWID Data-->

    HWID Hash Current: NgAAAAEABAABAAEAAQABAAAAAwABAAEAeqgwVtK/8nu2WWT+iP0EdexQ8vREJVgUrFZl8SqF

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20000

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    DELL                       FX09  

      FACP                                   DELL                       FX09  

      HPET                                    DELL                       FX09  

      MCFG                                 DELL                       FX09  

      SLIC                                      DELL                       FX09  

      DMY2                                  DELL                       FX09  

      SSDT                                    PmRef                  CpuPm


    Sunday, May 3, 2015 8:35 PM
  • The System log is now a LOT cleaner! ;)

    If we're lucky, getting Windows activated properly again should be fairly easy now...

    please try the following.....

    Recreate the Licensing Store with the correct data.

    1) Open an Internet Browser window.

    2) Type: %windir%\system32 into the browser address bar.

    3) Find the file CMD.exe

    4) Right-Click on CMD.exe and select 'Run as Administrator'

    5) Type: net stop slsvc (it may ask you if you are sure, select yes)

    6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing

    7) Type: rename tokens.dat tokens.bar3

    8) Type: cd %windir%\system32

    9) Type: net start slsvc

    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)

    11) Restart your computer twice. 

    You may be asked to enter your COA Key and/or Activate. – if asked for the Key, use the one on your COA sticker on the machine’s case (you may need to activate by telephone).  

    Once complete, run another MGADiag report and post back with the results.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Sunday, May 3, 2015 9:42 PM
    Moderator
  • Noel, I recreated the software license store, rebooted twice, then did the telephone activation again only to get the same result, , i.e., "The confirmation ID you entered does not 

    appear to match the installation ID for this computer.  Please verify and retype".  I subsequently tried to activate via entering my product key and once again got that other error

    I have been getting all along.  Here is the latest MGA

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-882F6-TYQHM-9WH8C
    Windows Product Key Hash: Cs42qed+vjxfWnUYSuvhbNfXuSs=
    Windows Product ID: 89572-OEM-7234462-14942
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.002
    ID: {EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Basic
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.150312-1556
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9WH8C</PKey><PID>89572-OEM-7234462-14942</PID><PIDType>8</PIDType><SID>S-1-5-21-4015658855-3871755503-934777981</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.18</Version><SMBIOSVersion major="2" minor="5"/><Date>20090224000000.000000+000</Date></BIOS><HWID>E6313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>B9A045D4FECE6CE</Val><Hash>+qsG3ha2J5KzCQa6BweoaMpi6m8=</Hash><Pid>81599-871-5752162-65936</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAP0GAAAAAAAAYWECAAQgnIryswkTl3rQASPvOhE4aiPWkIrToHXwxdrKrrVAB3haoZtOb9Mu46ifwgGfdQOF1jRpMhkF8l5vQjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeUiVLCzNSLAhWA9hJ8f8NdOaSbTvM6S9GOtP1LTy480MzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005
    Name: Windows(TM) Vista, HomeBasic edition
    Description: Windows Operating System - Vista, OEM_COA_SLP channel
    Activation ID: 91dbad68-4713-4f9c-b351-6e77a8361741
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 89572-00144-344-614942-02-1033-6002.0000-1232015
    Installation ID: 011222987982807851919776458413361360496434789971110324
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
    Partial Product Key: 9WH8C
    License Status: Unlicensed

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NgAAAAEABAABAAEAAQABAAAAAwABAAEAeqgwVtK/8nu2WWT+iP0EdexQ8vREJVgUrFZl8SqF

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC DELL   FX09   
      FACP DELL   FX09   
      HPET DELL   FX09   
      MCFG DELL   FX09   
      SLIC DELL   FX09   
      DMY2 DELL   FX09   
      SSDT PmRef CpuPm

    Sunday, May 3, 2015 11:41 PM
  • OK - try using Telephone Activation, and speak to an operator...

    telephone activation (operator calls)

    Click on the Start button

    in the Search box, type

    SLUI   4

    and hit the Enter key

    follow the instructions, but when asked which service you require by the telephone ansafone, do NOT reply - this should force an operator to respond, who can deal with you 


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, May 4, 2015 5:22 AM
    Moderator
  • Noel, that is exactly what I did yesterday, but to no avail. :(
    Monday, May 4, 2015 9:23 AM
  • What did the operator have to say about it?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, May 4, 2015 10:31 AM
    Moderator
  • She gave me the digits to enter, I entered them, hit "Next", it tried to validate but ultimately gave the error that I noted previously, that the confirmation ID did not appear to match the installation ID for my computer.  We then double checked what

    she had given me, and what I had keyed in, and everything was as it should be.  Then she asked me for my COA product key so she could confirm it was valid, so I did that, and she confirmed it was valid and then wanted to transfer me to their 

    helpdesk for assistance.    Since I wanted to get the MGA run and provide feedback to you at that time, I opted not to work with their helpdesk once again.  I had been through that previously, and just wanted to get feedback from you first before returning

    to seek their helpdesk support once again.  So, if you think I should try working with them once again, I will do that, but hoping, you have something else we can try.

    Oh, forgot, wanted to mention to you that while reading stuff on the web last week, having to do with performing an OS reinstall, I read some dialogue addressing how with Dell machines, and Windows Vista installations, that many included a 

    D drive partition for recovery, and in checking I do have that, and it looks as if I could reinstall the OS from there, or possibly use that D drive for help, but I do have the diskette if I ultimately need to use it to reinstall the OS.  

    Monday, May 4, 2015 2:12 PM
  • Hi Noel, just wondering if you got my last reply and if you have any further suggestions for me in troubleshooting this darned issue?  Thanks?
    Wednesday, May 6, 2015 5:34 PM
  • Sorry - got side-tracked.

    Let's see if there's anything in the event logs to give us a clue...

    Please open Event Viewer

    In the left pane, navigate to the Windows Logs

    right-click on Applications and select 'Save all events as...' save as Apps.evtx

    repeat for the System logs - save as Sys.evtx

    Compress both files, and attach to your reply or upload to your favourite fileshare site
    (preferably Dropbox or OneDrive/SkyDrive) and post a link in your reply



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, May 6, 2015 7:34 PM
    Moderator
  • Noel, I have downloaded and zipped the Apps & Sys logs and have added the 2 zip files to:  where I stored the stuff before (here https://onedrive.live.com/?gologin=1 )

    Best regards,

    Fred

    Wednesday, May 6, 2015 10:55 PM
  • You need to get back into your OneDrive and request a link to the file - the one you posted is a generic link which just takes me to my normal login page.

    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, May 7, 2015 6:05 AM
    Moderator
  • Aha, sorry, I didn't realize I had to click on the actual folder where I uploaded stuff.  When I did this initially I did a drag and drop of the documents folder to the "Public" folder, I hope that doesn't present any problem, but

    here is the link I get when I click on the Public folder: https://onedrive.live.com/?cid=EA78258D69948DF5&id=EA78258D69948DF5%21133

    Thursday, May 7, 2015 9:35 AM
  • The recent CHKDSK cleared a lot of dross - but doesn't indicate any problems with the drive

    The error with the Licensing still looks like corruption of the tokens.dat file - so let's try clearing it again.

    (Please pay special attention to any error messages you may get!)

    Recreate the Licensing Store with the correct data.

    1) Open an Internet Browser window.

    2) Type: %windir%\system32 into the browser address bar.

    3) Find the file CMD.exe

    4) Right-Click on CMD.exe and select 'Run as Administrator'

    5) Type: net stop slsvc (it may ask you if you are sure, select yes)

    6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing

    7) Type: rename tokens.dat tokens.bar5

    8) Type: cd %windir%\system32

    9) Type: net start slsvc

    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)

    11) Restart your computer twice. 

    You may be asked to enter your COA Key and/or Activate. – if asked for the Key, use the one on your COA sticker on the machine’s case (you may need to activate by telephone).  

    Once complete, run another MGADiag report and post back with the results.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, May 7, 2015 1:11 PM
    Moderator
  • Hi Noel,

    I haven't had an opportunity yet to redo the license store and telephone activation but will tomorrow morning and redo an MGA and post it.  In the interim, I wanted to ask you about something

    I though of yesterday afternoon, and that is that in 2011, when I had a disk issue and worked with Dell to re-install the operating system from the diskette I have, a "Window.old" directory was

    created in preparation for the re-install.  That Windows.old directory has a "Tokens.dat" file that was in place and in use at that time, and with your most recent suggestion that the corruption 

    in my system is in the tokens.dat file (or possibly modules, tables, etc. needed for creating the Tokens.dat file), could I possibly just replace the current Tokens.dat file with the one from

    my old install, and then try to activate?  I do notice that my current Tokens.dat file is only 3137 KB and the old one from 2011 is 4116 KB, indicating that for whatever reason the file size 

    has clearly changed.

    If you have a chance, let me know what you think about this.

    Thanks,

    Fred

    Friday, May 8, 2015 6:15 PM
  • The Tokens.dat file is time-sensitive, and changes regularly - so any old version is almost certainly of no use to anyone except possibly Microsoft forensics ;)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, May 9, 2015 7:51 AM
    Moderator
  • Noel, I recreated the license store successfully, re-entered the COA product key, contacted the IVR activation and spoke with a rep to attempt to activate, and the 

    call analyst insisted the installation ID was not for Windows Vista but for Microsoft Office.  This is the first time in about 4 times now, that I have followed this 

    procedure, that the call analyst said anything about the installation ID not being for Windows Vista.  He had me re-enter the COA product key, which I explained

    I had just done before calling their system, and then attempt to activate and of course got the same 0xC004E003 error, and that point he said I needed to 

    contact Dell because they had given me an incorrect OS installation ID.  Here is the MGA I ran subsequent to all this:

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Status: Invalid License

    Validation Code: 50

    Cached Online Validation Code: 0xc004c4a8

    Windows Product Key: *****-*****-882F6-TYQHM-9WH8C

    Windows Product Key Hash: Cs42qed+vjxfWnUYSuvhbNfXuSs=

    Windows Product ID: 89572-OEM-7234462-14942

    Windows Product ID Type: 8

    Windows License Type: COA SLP

    Windows OS version: 6.0.6002.2.00010300.2.0.002

    ID: {EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: Registered, 1.9.42.0

    Signed By: Microsoft

    Product Name: Windows Vista (TM) Home Basic

    Architecture: 0x00000000

    Build lab: 6002.vistasp2_gdr.150312-1556

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Enterprise 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{EBA153AE-2675-4FD1-82EA-77C8C99ABCFF}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9WH8C</PKey><PID>89572-OEM-7234462-14942</PID><PIDType>8</PIDType><SID>S-1-5-21-4015658855-3871755503-934777981</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.18</Version><SMBIOSVersion major="2" minor="5"/><Date>20090224000000.000000+000</Date></BIOS><HWID>E6313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>B9A045D4FECE6CE</Val><Hash>+qsG3ha2J5KzCQa6BweoaMpi6m8=</Hash><Pid>81599-871-5752162-65936</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAP0GAAAAAAAAYWECAAQgnIryswkTl3rQASPvOhE4aiPWkIrToHXwxdrKrrVAB3haoZtOb9Mu46ifwgGfdQOF1jRpMhkF8l5vQjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeUiVLCzNSLAhWA9hJ8f8NdOaSbTvM6S9GOtP1LTy480MzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->

    Software licensing service version: 6.0.6002.18005

    Name: Windows(TM) Vista, HomeBasic edition

    Description: Windows Operating System - Vista, OEM_COA_SLP channel

    Activation ID: 91dbad68-4713-4f9c-b351-6e77a8361741

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 89572-00144-344-614942-02-1033-6002.0000-1292015

    Installation ID: 011222987982807851919776458413361360496434789971110324

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475

    Partial Product Key: 9WH8C

    License Status: Unlicensed

    Windows Activation Technologies-->

    N/A

    HWID Data-->

    HWID Hash Current: NgAAAAEABAABAAEAAQABAAAAAwABAAEAeqgwVtK/8nu2WWT+iP0EdexQ8vREJVgUrFZl8SqF

    OEM Activation 1.0 Data-->

    N/A

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20000

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    DELL                       FX09  

      FACP                                   DELL                       FX09  

      HPET                                    DELL                       FX09  

      MCFG                                 DELL                       FX09  

      SLIC                                      DELL                       FX09  

      DMY2                                  DELL                       FX09  

      SSDT                                    PmRef                  CpuPm

    Saturday, May 9, 2015 2:53 PM
  • Noel, just wanted to let you know that given the odd circumstance I encountered with the 1st IVR analyst saying my installation ID was for MS Office, I went back an tried the IVR activation without speaking

    with anyone, and in doing that got the same "The confirmation ID you entered does not appear to match the installation ID for this computer", that I have always gotten on the numerous prior attempts with 

    IVR.  I was ultimately then transferred to a call analyst and I explained to him what had occurred earlier and he confirmed that analyst was incorrect, that my installation ID was valid and was for Microsoft Windows

    Vista Home Basic.  He then had me read back the confirmation ID I had just received and typed in before being transferred to him, and he confirmed it was good and then as always before asked me for my product 

    key which I provided and he confirmed was valid and then wanted to transfer me to their tech support and this time I let that happen, but in talking with the tech support, I could tell they wanted to do the remote 

    access thing again and probably run me through their laundry list of standard scripts that didn't help before so at that point I just elected to stop the call and said I would call back later.  I hope there is something

    new and potentially helpful in the new MGA.

    Thanks so much for you continued help!

    Saturday, May 9, 2015 3:23 PM
  • Thanks for that - I have no idea where the operator got the idea from that your COA Key may be an Office one. WIndows checks the Key itself on entry - and would refuse to accept an Office Key, preventing access to activation anyhow!

    The report is still firmly uninformative :(

    Looking through the event logs again reveals the following error...

    The description for Event ID 8198 from source Microsoft-Windows-Security-Licensing-SLC cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    0x80070057

    That error code is usually associated with corruption in the registry, but may here indicate that a proxy is present and interfering with activation.

    Please open an Elevated Command Prompt, and run the following commands...

    netsh winhttp show proxy ipconfig /all

    post the results.

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Sunday, May 10, 2015 6:39 AM
    Moderator
  • Noel, the "netsh winhttp showproxy" wasn't regognized but the IPconfig output is in the following:

    Microsoft Windows [Version 6.0.6002]

    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>netsh winhttp showproxy

    The following command was not found: winhttp showproxy.

    C:\Windows\system32>cd ..

    C:\Windows>cd ..

    C:\>netsh winhttp showproxy

    The following command was not found: winhttp showproxy.

    C:\>cd windows

    C:\Windows>netsh winhttp showproxy

    The following command was not found: winhttp showproxy.

    C:\Windows>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : Totters-PC

       Primary Dns Suffix  . . . . . . . :

       Node Type . . . . . . . . . . . . : Hybrid

       IP Routing Enabled. . . . . . . . : No

       WINS Proxy Enabled. . . . . . . . : No

    Wireless LAN adapter Wireless Network Connection 2:

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : NETGEAR WNDA3100v2 N600 Wireless Dual Ban

    d USB Adapter

       Physical Address. . . . . . . . . : E4-F4-C6-54-7A-82

       DHCP Enabled. . . . . . . . . . . : Yes

       Autoconfiguration Enabled . . . . : Yes

       Link-local IPv6 Address . . . . . : fe80::e8d5:ca1c:18f:2f4c%14(Preferred)

       IPv4 Address. . . . . . . . . . . : 10.0.0.6(Preferred)

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Lease Obtained. . . . . . . . . . : Sunday, May 10, 2015 7:25:24 AM

       Lease Expires . . . . . . . . . . : Sunday, May 17, 2015 7:25:24 AM

       Default Gateway . . . . . . . . . : 10.0.0.1

       DHCP Server . . . . . . . . . . . : 10.0.0.1

       DHCPv6 IAID . . . . . . . . . . . : 333771974

       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8E-DB-33-00-1D-09-A2-74-FD

       DNS Servers . . . . . . . . . . . : 75.75.75.75

                                           75.75.76.76

       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : Intel(R) 82562V 10/100 Network Connection

       Physical Address. . . . . . . . . : 00-1D-09-A2-74-FD

       DHCP Enabled. . . . . . . . . . . : Yes

       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 6:

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : isatap.{CE54A55E-8A24-47E0-BA98-63B017945

    BC8}

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

       Physical Address. . . . . . . . . : 02-00-54-55-4E-01

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 12:

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : isatap.{11775388-1166-489A-8CC9-EB900866D

    FD7}

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

    C:\Windows>

    Sunday, May 10, 2015 11:44 AM
  • Noel, after posting my prior reply, while I don't feel qualified to really expect I could review the Apps Events log and derive anything helpful

    I decided to step back through it beginning on 4-18, the day before this problem started.  In doing that I see a failed Apple I-Tunes update

    at about 1:46 PM, and then nothing until the next morning 4-19 when I booted up that morning at around 7:50 AM.  Then I see the first error

    indicating the Key Management Service failed to start, and from there a warning that Windows was now in a "Notification" status, then 

    that some values had been reset, then that the system had been tampered.  Next there is a slui.exe error with the 0x80070057, event ID

    8198, then that followed by some activation failures, then Genuine state set to non-genuine (hr=0xC004C4A8) for application Id 55c92734-d682-4d71-983e-d6ec3f16059f

    and just the same stuff repeating coming forward.  I did remove Itunes from my system back when you suggested I do that, but while it

    may just be coincidence, everything had been fine until 4-19, just subsequent to the I-Tunes update failure and then the KMS not starting first

    thing 4-19 when I booted.  

    Sunday, May 10, 2015 1:00 PM
  • I think maybe you've been googling too much. :)

    There is no KMS service in Vista Home premium - only in the Server editions. What you've seen of the errors relates to Pro and/or Enterprise failures when attempting to connect to the KMS Servers which activate them.

    The error in that first boot after the iTunes installation is actually slightly more revealing than I thought, as it does contain the following ...

    The description for Event ID 12291 from source Microsoft-Windows-Security-Licensing-SLC cannot be found.

    Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    hr=0xC004D301

    That error code implies that the Trusted Store was corrupted. (often the result of malware)

    I notice that something called SuperDriversUpdater appears to be installed and attempting to run at startup - you should definitely uninstall it, as it may be associated with malware, and is almost certainly NOT going to do your system any good!

    There was definitely malware running on the system at the time! de8131a0-9344-4d95-be29-584b68821096-10 crashed, and is a known malware file.

    I note that my first thoughts about the GPClient were actually wrong - it does indeed exist and run in the lower editions of Windows Vista.

    Let's see if it's this that is causing your problems...

    Open an Elevated Command Prompt, and run the following commands...

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\GPClient /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Configurations\Default

    REG QUERY HKLM\SYSTEM\CurrentControlSet\services\gpsvc /S

    Post the results.

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, May 10, 2015 4:21 PM
    Moderator
  • Noel, here are the results of the Reg queries.  I tried to find anything looking like SuperDriversUpdater in the Control Panel\Programs & Features, but don't see anything.  Would it possibly be visable as a load module

    at start-up that I might see in msconfig?

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Not
    ifications\Components\GPClient /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Compo
    nents\GPClient
        Events    REG_SZ    CreateSession,Logon,Logoff,StartShell,EndShell
        Friendly Name    REG_SZ    Group Policy Service
        ServiceName    REG_SZ    gpsvc


    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Not
    ifications\Configurations\Default

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Confi
    gurations\Default
        CreateSession    REG_SZ    *
        Disconnect    REG_SZ    *
        EndShell    REG_SZ    *
        Lock    REG_SZ    *
        Logoff    REG_SZ    *,TermSrv,GPClient,Profiles,Wlansvc,Dot3svc
        Logon    REG_SZ    Profiles,Dot3svc,Wlansvc,GPClient,TermSrv,*
        Reconnect    REG_SZ    *
        StartShell    REG_SZ    SessionEnv,*
        StartSSAsNoone    REG_SZ    *
        StartSSAsUser    REG_SZ    *
        StopSSAsNoone    REG_SZ    *
        StopSSAsUser    REG_SZ    *
        TerminateSession    REG_SZ    *
        Unlock    REG_SZ    *


    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\gpsvc /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc
        PreshutdownTimeout    REG_DWORD    0xdbba0
        DisplayName    REG_SZ    @gpapi.dll,-112
        Group    REG_SZ    ProfSvc_Group
        ImagePath    REG_EXPAND_SZ    %windir%\system32\svchost.exe -k GPSvcGroup
        Description    REG_SZ    @gpapi.dll,-113
        ObjectName    REG_SZ    LocalSystem
        ErrorControl    REG_DWORD    0x1
        Start    REG_DWORD    0x2
        Type    REG_DWORD    0x10
        DependOnService    REG_MULTI_SZ    RPCSS\0Mup
        RequiredPrivileges    REG_MULTI_SZ    SeImpersonatePrivilege\0SeTcbPrivilege
    \0SeTakeOwnershipPrivilege\0SeIncreaseQuotaPrivilege\0SeAssignPrimaryTokenPrivil
    ege\0SeSecurityPrivilege\0SeChangeNotifyPrivilege\0SeCreatePermanentPrivilege\0S
    eShutdownPrivilege\0SeLoadDriverPrivilege\0SeRestorePrivilege\0SeBackupPrivilege

        FailureActions    REG_BINARY    80510100000000000000000003000000140000000100
    0000C0D4010001000000E09304000000000000000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Parameters
        ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\gpsvc.dll
        ServiceMain    REG_SZ    GroupPolicyClientServiceMain
        ServiceDllUnloadOnStop    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Security
        Security    REG_BINARY    010014908C00000098000000140000003000000002001C0001
    00000002C0140002000D0001010000000000010000000002005C000400000000001400FF010F0001
    0100000000000512000000000018008D01020001020000000000052000000020020000000014008D
    010200010100000000000504000000000014008D0102000101000000000005060000000101000000
    00000512000000010100000000000512000000


    C:\Windows\system32>

    Sunday, May 10, 2015 9:50 PM
  • Hmm - I need to check the effects, but the indication is that there is an error there -

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Confi
    gurations\Default
        CreateSession    REG_SZ    *

    My system has this result...

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Confi
    gurations\Default
        CreateSession    REG_SZ    TrustedInstaller,*

    ...back later.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, May 11, 2015 5:36 AM
    Moderator
  • Hi Noel, just thought I would mention that contrary to a bunch of instances I read in checking the web for fix clues on this, where people stated Windows updates would not install under the "not genuine" condition 

    I am dealing with, I received 18 new Windows updates the other morning and they all installed fine.  Didn't help the problem I have with the license stuff, but, I was pleasantly surprised that they all installed fine.

    Best regards,

    Fred

    Thursday, May 14, 2015 3:26 PM
  • Windows will continue to install Security updates regardless of the 'genuineness' of the system - it will not however install non-security updates.

    I'll try and get back to you on the problem I noted above later tonight.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    • Edited by Noel D PatonEditor Thursday, May 14, 2015 4:54 PM correct fumble-fingeredness!
    Thursday, May 14, 2015 3:54 PM
    Moderator
  • Just as well I checked! I forgot that this was Vista - which has a very different structure in this registry key!

    Here's the result from my Vista VM...

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Not
    ifications\Components\GPClient /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Compo
    nents\GPClient
        Events    REG_SZ    CreateSession,Logon,Logoff,StartShell,EndShell
        Friendly Name    REG_SZ    Group Policy Service
        ServiceName    REG_SZ    gpsvc


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Not
    ifications\Configurations\Default

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Confi
    gurations\Default
        CreateSession    REG_SZ    *
        Disconnect    REG_SZ    *
        EndShell    REG_SZ    *
        Lock    REG_SZ    *
        Logoff    REG_SZ    *,TermSrv,GPClient,Profiles,Wlansvc,Dot3svc
        Logon    REG_SZ    Profiles,Dot3svc,Wlansvc,GPClient,TermSrv,*
        Reconnect    REG_SZ    *
        StartShell    REG_SZ    SessionEnv,*
        StartSSAsNoone    REG_SZ    *
        StartSSAsUser    REG_SZ    *
        StopSSAsNoone    REG_SZ    *
        StopSSAsUser    REG_SZ    *
        TerminateSession    REG_SZ    *
        Unlock    REG_SZ    *


    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\gpsvc /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc
        PreshutdownTimeout    REG_DWORD    0xdbba0
        DisplayName    REG_SZ    @gpapi.dll,-112
        Group    REG_SZ    ProfSvc_Group
        ImagePath    REG_EXPAND_SZ    %windir%\system32\svchost.exe -k GPSvcGroup
        Description    REG_SZ    @gpapi.dll,-113
        ObjectName    REG_SZ    LocalSystem
        ErrorControl    REG_DWORD    0x1
        Start    REG_DWORD    0x2
        Type    REG_DWORD    0x10
        DependOnService    REG_MULTI_SZ    RPCSS\0Mup
        RequiredPrivileges    REG_MULTI_SZ    SeImpersonatePrivilege\0SeTcbPrivilege
    \0SeTakeOwnershipPrivilege\0SeIncreaseQuotaPrivilege\0SeAssignPrimaryTokenPrivil
    ege\0SeSecurityPrivilege\0SeChangeNotifyPrivilege\0SeCreatePermanentPrivilege\0S
    eShutdownPrivilege\0SeLoadDriverPrivilege\0SeRestorePrivilege\0SeBackupPrivilege

        FailureActions    REG_BINARY    80510100000000000000000003000000140000000100
    0000C0D4010001000000E09304000000000000000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Parameters
        ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\gpsvc.dll
        ServiceMain    REG_SZ    GroupPolicyClientServiceMain
        ServiceDllUnloadOnStop    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Security
        Security    REG_BINARY    010014908C00000098000000140000003000000002001C0001
    00000002C0140002000D0001010000000000010000000002005C000400000000001400FF010F0001
    0100000000000512000000000018008D01020001020000000000052000000020020000000014008D
    010200010100000000000504000000000014008D0102000101000000000005060000000101000000
    00000512000000010100000000000512000000


    C:\Windows\system32>
    C:\Windows\system32>
    C:\Windows\system32>


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, May 16, 2015 7:41 AM
    Moderator
  • ... so nothing amiss there, that I can see :(

    I have to admit to being rather at a loss now.

    I'll have a think and come back to you (hopefully) later today, or tomorrow.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, May 16, 2015 7:44 AM
    Moderator
  • Hi Noel, I totally get that you have graciously already expended a great deal of time attempting to help me resolve this pesky Vista Home Basic non-Genuine situation, so I kinda hate to 

    pester you any further, and will completely understand if you reach a point where you would just prefer I continue this on my own.  That said I have had some extra time today, and while

    I am not panicking, nor feeling any urgency to resolve this, I have done some additional review of everything we have been over and more stuff on the web, and I noticed an article from a 

    "Microsoft Club" that suggest editing the registry as follows to disable Activation activities.  I get that "Activation", while tied to the "Non-Genuine" condition, is probably not sufficiently

    integrated with the authentication modules (Slui.exe, Tokens.dat, any .dlls etc.) to nullify the black screen and non-Genuine notice in the lower right corner of my desktop, but, thought I would

    bounce this off you for your thoughts.  One other final also, given we have recreated the license store a couple times and done the telephone IVR activation to no avail, and given what I have 

    read about slmgr -rearm, an -ato, that -rearm hasn't been done since my first work with the MS support people, should I try that again?  A final word, as a reminder, if you think it would be 

    of any real potential help, I do have the latest BIOS downloaded and available for install, but, I am really concerned about not doing stuff that just might make things worse. :)

    Disable Auto Activation feature in Windows 

    In Windows Vista however, the relevant key is:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL\Activation

    Change the value of Manual to 1 to disable auto-activation in Windows Vista.


    Bewilldered

    Tuesday, May 19, 2015 7:20 PM
  • I don't believe that a rearm will work - it relies on the existence of a license in the first place, the lack of which your machine is complaining about.

    Changing the activation mode won't make any difference that I know of.

    .... still trying to find time to reproduce your problem! - I haven't given up yet :)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, May 20, 2015 2:21 PM
    Moderator