locked
Windows intermittently failing validation RRS feed

  • Question

  • For the past couple of months I've had a problem with MSE popping up a vaildation fail message. I can follow the link in he popup to validate my copy and it works fine for a couple of days but then at some point it starts popping up the mesage again. I've tried the fix from here but it didn't help.

    My diagnosic file is below:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-YVGB4-WB946-PHPKR
    Windows Product Key Hash: fi3miFmD7xOJAsjyQtmADATHOfg=
    Windows Product ID: 55285-014-4408255-21425
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {D64742B2-71C6-4AAE-8C43-C638D56D7E33}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.5512], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{D64742B2-71C6-4AAE-8C43-C638D56D7E33}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PHPKR</PKey><PID>55285-014-4408255-21425</PID><PIDType>5</PIDType><SID>S-1-5-21-854245398-492894223-725345543</SID><SYSTEM><Manufacturer>FUJITSU SIEMENS</Manufacturer><Model>LIFEBOOK S6410</Model></SYSTEM><BIOS><Manufacturer>FUJITSU // Phoenix Technologies Ltd.</Manufacturer><Version>Version 1.29 </Version><SMBIOSVersion major="2" minor="4"/><Date>20080613000000.000000+000</Date></BIOS><HWID>FA133707018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1FFB0:Fujitsu Siemens Computers|5E22:Fujitsu Siemens Computers|5E2A:Siemens AG
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A

    Any ideas please?

    Matt.


    Wednesday, June 13, 2012 9:12 PM

Answers

  • Thanks for the advice. I'll try there and post back for future info if I get a fix, although I'm beginning to suspect that a format & rebuild might be the easiest approach.

    Matt.

    Wednesday, June 20, 2012 9:52 AM

All replies

  • Visit Genuine Microsoft Software – Diagnostic Site and click on Start Diagnostics, then restart your 'puter.

    Carey Frisch

    Wednesday, June 13, 2012 10:23 PM
    Moderator
  • "Matt Fernand" wrote in message news:00b51f06-0b0f-43a5-a80f-964c280653a7...

    For the past couple of months I've had a problem with MSE popping up a vaildation fail message. I can follow the link in he popup to validate my copy and it works fine for a couple of days but then at some point it starts popping up the mesage again. I've tried the fix from here but it didn't help.

    My diagnosic file is below:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-YVGB4-WB946-PHPKR
    Windows Product Key Hash: fi3miFmD7xOJAsjyQtmADAT
    Windows Product ID: 55285-014-4408255-21425
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 5.1.2600.2.00010300.3.0.hom

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    Any ideas please?

    Matt.


     
     
     
    You say 'for the past couple of months' - if you actually mean that, then I assume that the message comes and goes? (MSE will switch off after 30 days continuous invalidity)
     
    If so, then your problem is probably a race condition.
     
    What other anti-virus software has been installed on this machine since the last reformat?
    What other security software is currently installed?
     
    Please attempt validation at www.mirosoft.com/genuine/validate - exactly what happens?
    If it fails, go to the diagnostics - www.microsoft.com/genuine/diag and see what it has to say.
     
    Post back with a new MGADiag report, and your results.
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, June 14, 2012 6:00 AM
    Moderator
  • You say 'for the past couple of months' - if you actually mean that, then I assume that the message comes and goes? (MSE will switch off after 30 days continuous invalidity)
    If so, then your problem is probably a race condition.
    What other anti-virus software has been installed on this machine since the last reformat?
    What other security software is currently installed?
    Please attempt validation at www.mirosoft.com/genuine/validate - exactly what happens?
    If it fails, go to the diagnostics - www.microsoft.com/genuine/diag and see what it has to say.
    Post back with a new MGADiag report, and your results.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thanks for your response.

    Basically the message pops up and I then go to the vaildation site and the 'congratluations you have a valid copy' type message appears. There are no errors or other problems. At that point the MSE icon in the system tray turns from amber to green and everything is fine for a few days - probably half a dozen boots or so - until I get the message again. That's the puzzling bit - I'd have thought this would either work or it wouldn't so I don't understand why it's intermittent. It's a valid license (a W95 upgrade one that I bought about 10 years ago and had on a tower machine before I binned it re-deployed the license on this laptop). 

    The MGADIAG file I supplied was generated immediately after I'd re-validated my license yesterday. That had been a pretty typical instance of the error. The machine had booted fine first thing and I'd powered it down after an hour or so's use. Then I booted it again in the afternoon, got the error and re-validated the license. It then booted fine again in the evening. Would it help if I waited until the error reappears and then posted an MGDIAG report while it's still in the fault state (ie before I re-validate the license)?

    I had AVG free on the machine for a long time but I uninstalled that and replaced it with MSE probably about a year ago - certainly a long time before this problem started. I also have Spybot Search & Destroy on it, but I don't have it resident. I just use it as an on-demand scanner from time to time and don't use any of the real-time protection features.

    Sorry but what's a race condition?

    Matt.

    Thursday, June 14, 2012 8:45 AM
  • "Matt Fernand" wrote in message news:9b7392a7-7e8c-4ba4-b8e7-7379320b32e6...
    You say 'for the past couple of months' - if you actually mean that, then I assume that the message comes and goes? (MSE will switch off after 30 days continuous invalidity)
    If so, then your problem is probably a race condition.
    What other anti-virus software has been installed on this machine since the last reformat?
    What other security software is currently installed?
    Please attempt validation at www.mirosoft.com/genuine/validate - exactly what happens?
    If it fails, go to the diagnostics - www.microsoft.com/genuine/diag and see what it has to say.
    Post back with a new MGADiag report, and your results.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thanks for your response.

    Basically the message pops up and I then go to the vaildation site and the 'congratluations you have a valid copy' type message appears. There are no errors or other problems. At that point the MSE icon in the system tray turns from amber to green and everything is fine for a few days - probably half a dozen boots or so - until I get the message again. That's the puzzling bit - I'd have thought this would either work or it wouldn't so I don't understand why it's intermittent. It's a valid license (a W95 upgrade one that I bought about 10 years ago and had on a tower machine before I binned it re-deployed the license on this laptop).

    The MGADIAG file I supplied was generated immediately after I'd re-validated my license yesterday. That had been a pretty typical instance of the error. The machine had booted fine first thing and I'd powered it down after an hour or so's use. Then I booted it again in the afternoon, got the error and re-validated the license. It then booted fine again in the evening. Would it help if I waited until the error reappears and then posted an MGDIAG report while it's still in the fault state (ie before I re-validate the license)?

    I had AVG free on the machine for a long time but I uninstalled that and replaced it with MSE probably about a year ago - certainly a long time before this problem started. I also have Spybot Search & Destroy on it, but I don't have it resident. I just use it as an on-demand scanner from time to time and don't use any of the real-time protection features.

    Sorry but what's a race condition?

    Matt.

    Problems caused by earlier AV installs can take years to surface - please run the AVG Remover, and immediately reboot once it's complete, even if it doesn't ask for it.
     
    A race condition is where two or more processes compete for resources, and fight over a file or memory space. This means that the resource is locked until the competing processes sort themselves out. If one of those processes (or the resource) is involved with WGA, the the system may see it as an attack on WGA, and flag it.
    The most common causes are malware and AV's.
    You may find it a good idea to run MalwareBytes Anti-Malware....
    Download it (www.malwabytes.org) install it, and update it, but do NOT enable the real-time protection. Run a full system scan from your main account, and quick scans from each other account. Delete everything it finds (unless you're very confident it's wrong).
     
     
    Once complete, wait until you next (if ever) get a complaint from MSE, and then run MGADiag while the notification is showing - that may trap an error message that will help identify the problem.
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by Darin Smith MS Friday, June 15, 2012 8:03 PM
    • Unmarked as answer by Matt Fernand Tuesday, June 19, 2012 9:22 PM
    Thursday, June 14, 2012 1:48 PM
    Moderator
  • Sorry I didn't realise there was a time limit ... Thanks very much for your suggestions. I tried what was suggested on Thursday evening and MalwareBytes did find and remove a trojan. I don't have the machine in fornt of me so I can't tell you which one but I'll post details fi the fault recurs. 

    I was away at the weekend so haven't had the chance to see if the fix is permanent. Like I say it's an intermittent thing so it may take a few days to be sure.

    I'll keep you posted.

    Thanks again,

    Matt.

    Monday, June 18, 2012 2:30 PM
  • There's no time-limit - it just helps to keep the forum tidy :)

    Thanks for coming back to let us know the current state. If it's not 'cured' feel free to UNmark the answer and post any new details you may have..


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, June 18, 2012 2:41 PM
    Moderator
  • Sorry I'd have said I'd be offline for a couple of days if I'd have known.

    OK so the fault recurred this afternoon but I didn't have time to run the diagnostic. I just fired the machine up to do it now and the system tray icon is green again. I didn't validate windows though ...

    When I ran Malwarebytes everything was clean except for the following lines in the log:

    Files Detected: 2
    C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

    I also tried following the link that Corey posted but it won't run. I hit the button to start the diagnostic it fails, tries to recover the window and then gives me a website restore error page.

    Thanks again for your help so far. Is there anything else I can try?

    Matt.

    Tuesday, June 19, 2012 9:32 PM
  • "Matt Fernand" wrote in message news:92a2a4df-624c-4e52-80dc-df38b0d449cc...

    Sorry I'd have said I'd be offline for a couple of days if I'd have known.

    OK so the fault recurred this afternoon but I didn't have time to run the diagnostic. I just fired the machine up to do it now and the system tray icon is green again. I didn't validate windows though ...

    When I ran Malwarebytes everything was clean except for the following lines in the log:

    Files Detected: 2
    C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

    I also tried following the link that Corey posted but it won't run. I hit the button to start the diagnostic it fails, tries to recover the window and then gives me a website restore error page.

    Thanks again for your help so far. Is there anything else I can try?

    Matt.

    ZeroAccess is a particularly nasty rootkit malware.
     
    I would suggest that you go to a specialist malware removal forum to ensure that your system really is clean.
    www.bleepingcomputer.com is one such - make sure that you read the rules about how and what to post first, as they will either ignore or delete your post if you don't follow them!
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, June 19, 2012 9:43 PM
    Moderator
  • Thanks for the advice. I'll try there and post back for future info if I get a fix, although I'm beginning to suspect that a format & rebuild might be the easiest approach.

    Matt.

    Wednesday, June 20, 2012 9:52 AM
  • I wouldn't argue against that decision.

    Chances are, from what little I know about ZeroAccess, that there are multiple problems with the system, even if you do get it clean (particularly if you've been infected for a while).


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, June 20, 2012 10:08 AM
    Moderator
  • Thanks. I guess what I need to understand is whether I'll just take the problem with me if I copy off all my personal data, rebuild and then copy everything back again.

    FWIW, out of curiosity I tried running the validation diagnostic site from Firefox. It fails the last two tests - software plugins are installed & loaded and software plugins connect with servers. Then it takes me round a loop of installing the WGA and OGA plugins and then telling me that they're not there. I've followed the validation instructions and can see the DLLs and I've tried restarting Firefox and rebooting the machine.

    Matt.

    Wednesday, June 20, 2012 2:47 PM
  • "Matt Fernand" wrote in message news:7a4225de-98fb-4eec-9122-2979a5191600...

    Thanks. I guess what I need to understand is whether I'll just take the problem with me if I copy off all my personal data, rebuild and then copy everything back again.

    FWIW, out of curiosity I tried running the validation diagnostic site from Firefox. It fails the last two tests - software plugins are installed & loaded and software plugins connect with servers. Then it takes me round a loop of installing the WGA and OGA plugins and then telling me that they're not there. I've followed the validation instructions and can see the DLLs and I've tried restarting Firefox and rebooting the machine.

    Matt.

    The trick with any situation like this is to make sure that you scan and clean the data before re-introducing it to the system - so updates and AV must be installed prior to pulling the data back in.
     
    FireFox often has problems with the Validation site - I would recommend using IE for anything requiring validation (but Chrome seems to work as well)
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, June 20, 2012 3:03 PM
    Moderator