Answered by:
Vista Home Premium Activation

Question
-
I had just removed malware from a customers PC and now the product key says its not valid. Getting an Error on slsvc.exe . Obivously it says my key is incorrect. But the sticker is on the bottom of this laptop and in mint condition. I did have a ticket open with Microsoft as well over this 443615. Any help would be greatly appreicated
Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Invalid License
Validation Code: 50Cached Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-D6YJC-HF7JJ-RYTH8
Windows Product Key Hash: KL97J04JcxfuNl+4jWbh3dm9upU=
Windows Product ID: 89578-OEM-7353854-05541
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {AA819093-084E-457E-87E4-457F2102224B}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.091208-0542
TTS Error: T:20100216083247477-
Validation Diagnostic:
Resolution Status: N/AWgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: MicrosoftOGA Data-->
Office Status: 100 Genuine
Microsoft Office Small Business 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{AA819093-084E-457E-87E4-457F2102224B}</UGUID><Version>1.9.0019.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RYTH8</PKey><PID>89578-OEM-7353854-05541</PID><PIDType>3</PIDType><SID>S-1-5-21-3394407640-1885451388-2286748818</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS M1530 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="4"/><Date>20080714000000.000000+000</Date></BIOS><HWID>BB323507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small Business 2007</Name><Ver>12</Ver><Val>952383D1F113DB2</Val><Hash>rctXbJTRpRRcYT6WflblCkwgMQ0=</Hash><Pid>81606-OEM-6472952-59353</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>Spsys.log Content: U1BMRwEAAAAAAQAABAAAAIgIAAAAAAAAYWECAAQAxpwwGvKGDK/KASPvOhE4aiPWkIrToHXwxdqTVon+jw2ydYgsdXO5h7kN0tuGWP3nJZSA4VGdYaB/RTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeFlDIR0wOpFA4oo30M8r5YMDLFG+pKKrhm5B8gOVTmrkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_COA_NSLP channel
Activation ID: f3acdd3c-119a-4932-a3d7-0b6f33a1dca9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-538-505541-02-1033-6002.0000-0472010
Installation ID: 019624298824128710268782217475039585841186331426975343
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: RYTH8
License Status: UnlicensedWindows Activation Technologies-->
N/AHWID Data-->
HWID Hash Current: PAAAAAEABgABAAEAAQABAAAABAABAAEAeqgWaRaWEnlOapp6HrMyD0aDvngm2/L0sORzZgSV7kGsViqFOEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M08
FACP DELL M08
HPET DELL M08
BOOT DELL M08
MCFG DELL M08
SLIC DELL M08
OSFR DELL M08
SSDT PmRef CpuPmThursday, February 18, 2010 1:34 PM
Answers
-
Hello Fenrir_sr,
Your Diagnostic Report is telling me that you Vista is suffering from a Trusted Store Tamper. There are files, in Windows, that have what is known as a Digital Signature. A Digital Signature is an industry standard that ensures that a file is, in fact, from the specified source
Example: lets say you get a Printer Driver that is Digitally Signed from HP. Since the Digital Signature was created by a Trusted Source a Certificate is created within Window's Trusted Store. The Digital Signature is dependent on the file's Hash (think fingerprint) so if the file is changed in any way it's Digital Signature then becomes invalid. So lets say that the HP Driver got modified by some sort of Malware. The File's Hash would no longer match the hash listed in the Digitally Signature (or the Signature may not even be readable at that point). The Digital Signature become invalid because windows now don't know what has been done to that file, so the file can no longer be trusted. This in turn invalidates the corresponding Certificate within the Trusted Store.
What I have described in the above example is basically what is happening with your Vista. Some Digitally Signed file has been modified in some way (replaced, rewritten or just become corrupt) and the Certificate within Windows's Trusted Store has become invalid (i.e. no longer trusted) and that is what has triggered the Non-Genuine messaging.
Unfortunatly, none of my tools are able to pinpoint which file/signature/certificate is causing the problem. However there are a few thing you can try that may correct the issue.
1) First off not all Digitally Signed files are Drivers, but from experience we have found that this issue seems to occure the most with Drivers. So my first suggestion is to confirm that all your hardware drivers are up to date. Note: Figuring out id a Driver is up to date and/or replacing a driver with a more current one can sometimes take semi-advanced computer knowledge and me explaining the process is outside the scope of this forum. If you do not know how to work with Drivers seak assistance or skip down to #2 or #3 below
2) Restore Windows back to a past System Restore Point.
1) Reboot Vista into Safe Mode
2) Click the ‘Start’ button
3) In the Start Search field, type: System Restore and hit “Enter” keyboard key
4) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to a date Before you first noticed the issue.
5) Click the "Next" button.
6) Reboot back into Normal mode
3) Repair Windows using the 'sfc /scannow' command
The Scan Now will look for any bad Windows files and attempt to repair them, if possible (it isn't always able to)
1) Login to Vista in Normal Mode (not safe mode)
2) Launch an Internet Browser
3) Type: %windir%\system32\ in the browser's address field
4) Scroll down till you find the file cmd.exe
5) Right-click the file and select Run as Administrator
6) In the CMD window, type: sfc /scannow
7) Reboot twice and see if that resolves the issue.
If none of my suggestions resolves the issue, then the only other thing I can suggest is to either create a (no cost) support request at http://support.microsoft.com/gp/contactwga or reinstall Vista.
Thank you,
Darin MS- Marked as answer by Darin Smith MS Thursday, February 18, 2010 10:15 PM
Thursday, February 18, 2010 10:15 PM