locked
Vista no longer valid after virus attack RRS feed

  • Question

  • I have been trying to fix a laptop for a friend at work. Whilst clearing a dozen or so viruses and trojans off his machine, I noticed that it was complaining that his copy of Windows was not validated, and that it needed to be resolved immediately.  Unfortunately the viruses had broken a lot of networking functionality and the laptop could not connect to attempt validation.

    I know his Vista is genuine, I've worked on it before, and this was never an issue.  It is a HP Presario C500 with an OEM install of Vista Home Basic.  I notice that the Product Key fragment in the report posted below does not match the Product Key given on the License Certificate on the underside of the laptop.  I can only assume that one of the viruses infecting it has corrupted the Key.

    By the time I had removed all the malware from his laptop, it no longer works except in safe mode (no networking).  Any other way I start the laptop, all I get after login is a black screen with a small notification in the RH bottom corner saying it is not valid.  I downloaded your diagnostics tool and transferred it to the laptop via USB key, and retrieved the diagnostic report the same way.

    Hoping you can help me clear up this mess and re-enter the correct Product Key.

    Diagnostic log follows:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-HM8FM-TCFCW-3V4VD
    Windows Product Key Hash: kLMTrgMvB3cY0p8EpJZJEhD+FV4=
    Windows Product ID: 89572-008-0000025-71803
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.0.6002.2.00010300.2.0.002
    ID: {11BB271D-7FC9-4E8A-BD26-A6D59E3AE2F3}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Basic
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.100218-0019
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: 102
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 102
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-258-3_B4D0AA8B-920-80070057

    Browser Data-->
    Proxy settings: http=127.0.0.1:5555
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{11BB271D-7FC9-4E8A-BD26-A6D59E3AE2F3}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3V4VD</PKey><PID>89572-008-0000025-71803</PID><PIDType>5</PIDType><SID>S-1-5-21-3044094181-130832335-2963518715</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>Presario C500 (GJ203PA#ABG)       </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.24</Version><SMBIOSVersion major="2" minor="4"/><Date>20070425000000.000000+000</Date></BIOS><HWID>71313507018400DA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>E. Australia Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software Licensing service is not running.

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAIAAQAAAAAAAAABAAEAJrLaaZTmwEPMe0jk4hXUeHBxsrDy9LIN

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            HP            NISSAN 
      FACP            HP            NISSAN 
      HPET            HP            NISSAN 
      BOOT            PTLTD         $SBFTBL$
      MCFG            HP            NISSAN 
      SLIC            HPQOEM        SLIC-MPC
      APIC            HP            NISSAN 
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci


    Saturday, June 12, 2010 6:06 AM

Answers

  • "Garryck" wrote in message news:bb772416-02f0-49e1-be05-64b248b6e13d...
    Nope.. no Task Manager comes up.  What should I try next?

    I think I've finally seen what the problem is - but I'm not sure how fixable it is.
     
    Someone at some time has reinstalled Vista, using a Retail disk rather than an OEM one - and it's the mismatch in Keys that is causing the current problem.
     
    What is certain, is that the fix will involve a reinstall of Vista from the original media, or at least from an OEM System Builder disk.
     
    What is also certain is that you can't use recovery media from another Vista PC (unless it's the same model)
     
    I don't suppose you have either the model's Recovery Media, or an OEM SB disk handy?
    What happens if you hit the F11 key during POST?
    Can you create a set of backup/recovery disks, while in Safe Mode? ( Start > All Programs > Recovery Manager > Recovery Manager.) see http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c00820655/c00820655.pdf
    if you can!
     
     
     
    Push comes to shove, you may have to order the Recovery disks from HP - last I heard they were charging around $25, but that was a while ago (TechGuys wanted £50 for a client's recovery disks for an Acer the other day!).
     
    HTH!
    --
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, June 13, 2010 9:11 AM
    Moderator

All replies

  • "Garryck" wrote in message news:c090227c-4115-4ef8-ae6b-b44d9e1e02e5...

    I have been trying to fix a laptop for a friend at work. Whilst clearing a dozen or so viruses and trojans off his machine, I noticed that it was complaining that his copy of Windows was not validated, and that it needed to be resolved immediately.  Unfortunately the viruses had broken a lot of networking functionality and the laptop could not connect to attempt validation.

    I know his Vista is genuine, I've worked on it before, and this was never an issue.  It is a HP Presario C500 with an OEM install of Vista Home Basic.  I notice that the Product Key fragment in the report posted below does not match the Product Key given on the License Certificate on the underside of the laptop.  I can only assume that one of the viruses infecting it has corrupted the Key.

    By the time I had removed all the malware from his laptop, it no longer works except in safe mode (no networking).  Any other way I start the laptop, all I get after login is a black screen with a small notification in the RH bottom corner saying it is not valid.  I downloaded your diagnostics tool and transferred it to the laptop via USB key, and retrieved the diagnostic report the same way.

    Hoping you can help me clear up this mess and re-enter the correct Product Key.

    Diagnostic log follows:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-HM8FM-TCFCW-3V4VD
    Windows Product Key Hash: kLMTrgMvB3cY0p8EpJZJEhD+FV4=
    Windows Product ID: 89572-008-0000025-71803
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.0.6002.2.00010300.2.0.002

    Licensing Data-->
    Software Licensing service is not running.

    Browser Data-->
    Proxy settings: http=127.0.0.1:5555
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

     

    Your problem would seem to be that the key in use there is the Default Key (the Keyless Install Key).
    Did you have to reinstall (or did your friend reinstall) Vista over itself? - and not enter the key? - the Default Key would then have been used, and it's now outside the 30-day grace period.
    Try using the Key on the sticker to change the key
    In Normal Mode (click on the Notification link to open IE)
    1) Open an Internet Browser window.
    2) Type: %windir%\system32 into the browser address bar.
    3) Find the file CMD.exe
    4) Right-Click on CMD.exe and select 'Run as Administrator'
    5) Type: net stop slsvc  (it may ask you if you are sure, select yes)
    6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing
    7) Type: rename tokens.dat tokens.bar
    8) Type: cd %windir%\system32
    9) Type: net start slsvc
    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)
    11) Restart your computer twice.
    12) You may be required to enter the Product Key and/or Activate.  (be sure to use the product key from the sticker on the side or bottom of the PC and to Activate by Phone)
     
    HTH
     
    --
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, June 12, 2010 8:47 AM
    Moderator
  • Thanks for the quick response.

    I haven't re-installed Vista, nor, to the best of my knowledge, has the owner. He's too much of a non-techie for that.. I doubt he even knows about re-installing.

    I may have given the wrong impression by using the word 'notification'.  There is no link I can click on.  In normal mode the screen is black, with the text "Windows Vista (TM), Build 6002, This copy of Windows is not genuine" displayed over 3 lines in the bottom right corner.  It is not in any kind of window or similar.  The way it's displayed is more like the 'Safe Mode' text that displays in the corners when in safe mode.  I cannot access a browser, Start Menu, or any programs whatsoever in normal mode.

    Unfortunately, the only way I can access a CMD console is from safe mode, so slsvc will not run.. (even safe mode with networking fails to start up)

    Hope you have a solution that will work in safe mode..

    Sunday, June 13, 2010 2:24 AM
  • "Garryck" wrote in message news:c0c49716-677a-4fb0-bd05-bbe4c05ea984...

    Thanks for the quick response.

    I haven't re-installed Vista, nor, to the best of my knowledge, has the owner. He's too much of a non-techie for that.. I doubt he even knows about re-installing.

    I may have given the wrong impression by using the word 'notification'.  There is no link I can click on.  In normal mode the screen is black, with the text "Windows Vista (TM), Build 6002, This copy of Windows is not genuine" displayed over 3 lines in the bottom right corner.  It is not in any kind of window or similar.  The way it's displayed is more like the 'Safe Mode' text that displays in the corners when in safe mode.  I cannot access a browser, Start Menu, or any programs whatsoever in normal mode.

    Unfortunately, the only way I can access a CMD console is from safe mode, so slsvc will not run.. (even safe mode with networking fails to start up)

    Hope you have a solution that will work in safe mode..


    Try using the three-finger salute in Normal Mode (Ctrl+Alt+Del) - that should bring up the Task Manager. If it does, then click on File > New Task.... - this brings up a box into which you can enter EXPLORER.EXE, and hit OK/enter. (if that doesn't work, try IEXPLORE.EXE instead).
    and you're away :)
     

    --
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, June 13, 2010 6:15 AM
    Moderator
  • Nope.. no Task Manager comes up.  What should I try next?
    Sunday, June 13, 2010 7:07 AM
  • "Garryck" wrote in message news:bb772416-02f0-49e1-be05-64b248b6e13d...
    Nope.. no Task Manager comes up.  What should I try next?

    I think I've finally seen what the problem is - but I'm not sure how fixable it is.
     
    Someone at some time has reinstalled Vista, using a Retail disk rather than an OEM one - and it's the mismatch in Keys that is causing the current problem.
     
    What is certain, is that the fix will involve a reinstall of Vista from the original media, or at least from an OEM System Builder disk.
     
    What is also certain is that you can't use recovery media from another Vista PC (unless it's the same model)
     
    I don't suppose you have either the model's Recovery Media, or an OEM SB disk handy?
    What happens if you hit the F11 key during POST?
    Can you create a set of backup/recovery disks, while in Safe Mode? ( Start > All Programs > Recovery Manager > Recovery Manager.) see http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c00820655/c00820655.pdf
    if you can!
     
     
     
    Push comes to shove, you may have to order the Recovery disks from HP - last I heard they were charging around $25, but that was a while ago (TechGuys wanted £50 for a client's recovery disks for an Acer the other day!).
     
    HTH!
    --
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, June 13, 2010 9:11 AM
    Moderator
  • Hmm.. ok, that gives me a few things to deal with.. I'll have to check with the owner as to if/when somebody else has worked on the laptop.

    I don't have any recovery media, the owner thinks he has them, but misplaced them a long time ago.. (typical)

    There does appear to be a recovery partition on the drive. Possibly I can recover from that, or build recovery disks from it.  Looks like it's time for me to do some reading.  Thanks for the link to the manual.

    Re F11/POST, will get back to you soon.

    Sunday, June 13, 2010 9:51 AM
  • "Garryck" wrote in message news:5d7b8d39-820b-48d6-b34d-913b953025f6...

    Hmm.. ok, that gives me a few things to deal with.. I'll have to check with the owner as to if/when somebody else has worked on the laptop.

    I don't have any recovery media, the owner thinks he has them, but misplaced them a long time ago.. (typical)

    There does appear to be a recovery partition on the drive. Possibly I can recover from that, or build recovery disks from it.  Looks like it's time for me to do some reading.  Thanks for the link to the manual.

    Re F11/POST, will get back to you soon.


    You're welcome - I'm not sure it's EXACTLY the right manual - but it should be near enough. If you want the rest, go to HP's support pages, and hunt for the exact model of the machine (all I could see was Presario 500 - and there's a lot of variations on that theme!).
     
    IKWYM about the restore disks - mind you, it puts him in a minority, in that he actually created them in the first place! - I'm of the opinion that if manufacturers want to do things this way, the setup should FORCE people to make the disks, and the manufacturers should provide the disks as well, in the retail packaging.

    --
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, June 13, 2010 12:14 PM
    Moderator
  • Thanks for all your help.. after discussions with the owner, he's decided it's as good a time as any to upgrade to Windows 7, so that's what I'll be doing for him as soon as he buys it.

    Thanks again.  I'm impressed with the service here.

    Thursday, June 24, 2010 4:43 AM
  • "Garryck" wrote in message news:c68661c4-1eb2-446c-826f-53d4eac454b5...

    Thanks for all your help.. after discussions with the owner, he's decided it's as good a time as any to upgrade to Windows 7, so that's what I'll be doing for him as soon as he buys it.

    Thanks again.  I'm impressed with the service here.


    Why thank you, kind sir - we aim to please! - actually, it's more a case of BTDT, and deciding that people shouldn't have to go what we went through to learn how to fix stuff :)
    We're all (apart from Darin) volunteers here, just doing our bit to help and (occasionally, and hopefully) educate others like ourselves.
     
    Good Luck.

    --
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, June 24, 2010 8:38 AM
    Moderator