Spybot S&D question

[Muse]

Visiting my brother and my sister-in-law's computer is having problems. Bought from Dell online almost 3 years ago, she gets a message on boot that the XP Pro isn't genuine. I just installed S&D and ran it and I get a lot of windows says such and such a registry key has been changed and I am asked if I want to keep the change or deny it. At first I thought I should keep the change (and I did for 1/2 a dozen keys) but looking over the message again I figured that what's going on here is that some spyware has changed the key and I should "deny" the change. What's up here? I looked and the S&D tutorial but didn't see this addressed.

BTW, I plan to download and run Adaware too. Any suggestions welcome. Her system is seriously flaky. I don't believe they provided her with a disk of XP, so I don't know how she would reinstall. Seems like a tough situation. She tossed the receipts a week ago! I figure I can call Dell (tomorrow, today being a holiday), and get her key ID. Thanks for any help/tips.

 

[Schadenfroh]

Any suggestions welcome.

Try making a pass with SUPERAntiSpyware Free Edition, a-squared Free Edition, and antivir personal edition classic, after their definitions have been updated and run them in safe mode of course.

 

[Muse]

Originally posted by: Schadenfroh

Any suggestions welcome.

Try making a pass with SUPERAntiSpyware Free Edition, a-squared Free Edition, and antivir personal edition classic, after their definitions have been updated and run them in safe mode of course.

I'm not in safe mode at the moment, and have a session of S&D running. Should I cancel out of that, download and update the tools above and then go into Safe Mode and run them, one at a time (rebooting between sessions)?

 

[Schadenfroh]

Yes, and be sure to use "deep / complete" scans of A-Squared and SuperAntiSpyware. It would not hurt to post a HijackThis log for Medea to review (he is one of the best, if not the best, HJT experts on this forum).

 

[Lemon law]

To Muse,

As some one who had the experience of buying a used computer at a very attractive price, dealing with such a PC that has some huge unknown amount of malware is never a pleasant experience. Schradenfroh is giving you excellent advice about what scans to use. And posting a HJT log file may well be needed to get the last of them.

But once you get the PC clean, its really easy to set up a multilayered defense that will prevent future infections. The Security resource thread by Schradenfroh is an excellent guide on how to set such a defense up.

 

[Medea]

You can also run this tool. It will confirm whether Windows is genuine, give you half of the Windows Product Key, the Windows Product Key Hash, the Windows Product ID, and other data.

Download MGADiag and save it to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default)
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard
Paste the MGA Diagnostic Report into Notebook to review

 

[crispy2010]

You should be able to do a fresh install off of the harddrive. I think you press f2 when booting. The os is kept on a seperate partition, thus the no need for disk. If you can burn everything you want to keep to disk, it will be easier to just format!

I hate dealing with years of adware and virus infections!

 

[Muse]

Originally posted by: Schadenfroh
Yes, and be sure to use "deep / complete" scans of A-Squared and SuperAntiSpyware. It would not hurt to post a HijackThis log for Medea to review (he is one of the best, if not the best, HJT experts on this forum).

Should I do that HJT log before or after running these tools? I don't have much time. Gotta catch a plane this morning and will have maybe 2-3 hours at most to work on this machine.

I don't see any partitions other than C:. So, I'm not saying a fresh install of XP isn't on the system somewhere, but I don't know where that would be right now. I figure I don't really have time to back up her stuff and do a fresh install and get things set up anyway. Well, she doesn't have all that much, I think, maybe Outlook stuff for the most part.

I will go into Safe Mode and run the tools Shadenfroh indicated (all three probably, in the order suggested) rebooting between passes.

Then, assuming the Windows not genuine message persists, use Medea's suggested tool to confirm genuine Windows. I haven't called Dell yet.

Thanks for the replies!

 

[Muse]

Originally posted by: Medea
You can also run this tool. It will confirm whether Windows is genuine, give you half of the Windows Product Key, the Windows Product Key Hash, the Windows Product ID, and other data.

Download MGADiag and save it to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default)
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard
Paste the MGA Diagnostic Report into Notebook to review

I decided to run MGADiag before doing the system scans with the other tools. Her report looks like this:


Diagnostic Report (1.7.0066.0):
-----------------------------------------
WGA Data-->
Validation Status: Blocked VLK
Validation Code: 3
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****- etcetra...
Windows Product Key Hash: UAsP+GmULNrkCE0++fXQ3IxP2V0=
Windows Product ID: 55274-646-2905903-23790
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {AF475E07-C703-4E3E-AEFA-5EFDF064BB86}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.36.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

Notifications Data-->
Cached Result: 3
File Exists: Yes
Version: 1.5.540.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Data-->
Office Status: 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-2989-80070002_77F760FE-152-80070002_7E90FEE8-175-80070002_025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

[I cut out the rest because it was forcing a horizontal scroll in this thread...]

 

[Schadenfroh]

Should I do that HJT log before or after running these tools?

Post the HJT log after running those tools, I would make an AntiVir pass first.

 

[Muse]

Originally posted by: Schadenfroh

Should I do that HJT log before or after running these tools?

Post the HJT log after running those tools, I would make an AntiVir pass first.

Right... about to do this. Will run Antivir now, after a boot into Safe Mode (which I hope comes up with an F8 ! )

 

[Muse]

Antivir quarantined 68 items. The first ones were trojan horses (mostly if not entirely) and then I just did the rest on automatic.

SuperAntiSpyware found 5 registry items and 304 files as threats and they are all now quarantined.

On boot we always get a message about MSWbar not being found, whatever that is. Windows still noted as not genuine.

Now I'm going to run a-squared...

 

[Muse]

Gotta run to catch the plane... this came out just in time:

HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:33 AM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar2.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: &Search - ?p=ZNxmk572MEUS
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Save To MyJeeves - res://C:\Program Files\AskJeeves\bar\bin\saveit.ocx/imageit.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.micros...site.cab?1106695532452
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/mi...site.cab?1144541608223
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 12090 bytes

 

[Medea]

MWSBAR.DLL is part of MyWebSearch. If you nuked MyWebSearch, then the registry key still has it and, when it can't be found, you're getting the error message. It's easy enough to fix.

YGPM

 

[WildHorse]

and look in Schadenfroh's signature for the link to his Automated Virus / Spyware Removal Script.

Follow his instructions about the script E X A C T L Y and run it.

That works so good you won't believe it (but it requires patience, because it takes hours tio run).

 

[John]

Originally posted by: Muse
WGA Data-->
Validation Status: Blocked VLK

OGA Data-->
Office Status: 114 Blocked VLK 2

Not good. Is that a bootleg Office XP install? You can fix the Windows XP key using the product key update tool.

 

[Muse]

Originally posted by: John

Originally posted by: Muse
WGA Data-->
Validation Status: Blocked VLK

OGA Data-->
Office Status: 114 Blocked VLK 2

Not good. Is that a bootleg Office XP install? You can fix the Windows XP key using the product key update tool.

Thanks. I don't know about the Office XP install. I'll have to ask her. The XP itself has to be genuine. After all, they bought the machine from Dell with XP installed. I'll call her tomorrow and see what we can do. She's not very computer savvy, and this might be sort of tough, kind of a tech support situation where we are on the phone.

 

[John]

Dell uses a SLP install of XP on new builds, therefore the key used in the factory install will not match the one on the side of the case (which is the one you need to use). I've seen them fail WGA on certain occasions, and when they do you can use the tool that I linked to in my previous post.

 

[Muse]

Originally posted by: John

Originally posted by: Muse
WGA Data-->
Validation Status: Blocked VLK

OGA Data-->
Office Status: 114 Blocked VLK 2

Not good. Is that a bootleg Office XP install? You can fix the Windows XP key using the product key update tool.

She just called me and said when she entered the key on the side of the PC's case, the Windows XP product key update tool said it wasn't valid or something to that effect. She tried again, same result. She said she got a message that it had been used too many times. Huh? Anyway, she said she surmised it was time to call Dell, and I agreed. She said she's a bit busy now but will do it pretty soon (i.e. 1-2 days?) and will get back to me.

 

[Medea]

Originally posted by: John

Originally posted by: Muse
WGA Data-->
Validation Status: Blocked VLK

Not good. Is that a bootleg Office XP install? You can fix the Windows XP key using the product key update tool.

Just to expand upon what John posted for others' info regarding this entry, "Validation Status: Blocked VLK":
VLK = Valid License Key
"Validation Status: Blocked VLK" means that VLK is blocked by Microsoft because Microsoft has the Key in its records as either missing or stolen and, thus, blocks it.

One can try the product key update tool, but it usually will not work because of the designations of missing or stolen pertaining to the specific key.

What's is really bad about this is that people who think that they have genuine/valid operating systems are continuously getting blocked from being able to d/l and install security updates/patches. Obviously, this means that one's OS is unpatched and is open to exploits.

Originally posted by: John
Dell uses a SLP install of XP on new builds, therefore the key used in the factory install will not match the one on the side of the case (which is the one you need to use). I've seen them fail WGA on certain occasions, and when they do you can use the tool that I linked to in my previous post.

This was interesting because I didn't know that Dell was doing this (it's been eons since I've had an OEM machine). As mentioned before, generally speaking, the tool won't work when the VLK is blocked. Dell needs to get their act together because they're putting people at risk who don't even know that their computers aren't being patched.