Remove From My Forums

Windows intermittently failing validation

Question
0

Sign in to vote
For the past couple of months I've had a problem with MSE popping up a vaildation fail message. I can follow the link in he popup to validate my copy and it works fine for a couple of days but then at some point it starts popping up the mesage again. I've tried the fix from here but it didn't help.

My diagnosic file is below:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-YVGB4-WB946-PHPKR
Windows Product Key Hash: fi3miFmD7xOJAsjyQtmADATHOfg=
Windows Product ID: 55285-014-4408255-21425
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {D64742B2-71C6-4AAE-8C43-C638D56D7E33}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.5512], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D64742B2-71C6-4AAE-8C43-C638D56D7E33}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PHPKR</PKey><PID>55285-014-4408255-21425</PID><PIDType>5</PIDType><SID>S-1-5-21-854245398-492894223-725345543</SID><SYSTEM><Manufacturer>FUJITSU SIEMENS</Manufacturer><Model>LIFEBOOK S6410</Model></SYSTEM><BIOS><Manufacturer>FUJITSU // Phoenix Technologies Ltd.</Manufacturer><Version>Version 1.29 </Version><SMBIOSVersion major="2" minor="4"/><Date>20080613000000.000000+000</Date></BIOS><HWID>FA133707018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1FFB0:Fujitsu Siemens Computers|5E22:Fujitsu Siemens Computers|5E2A:Siemens AG
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Any ideas please?

Matt.
- Edited by Matt Fernand Wednesday, June 13, 2012 9:13 PM
Wednesday, June 13, 2012 9:12 PM

Answers

0

Sign in to vote
Thanks for the advice. I'll try there and post back for future info if I get a fix, although I'm beginning to suspect that a format & rebuild might be the easiest approach.

Matt.
- Marked as answer by Darin Smith MS Wednesday, June 20, 2012 7:24 PM
Wednesday, June 20, 2012 9:52 AM

All replies

0

Sign in to vote

Visit Genuine Microsoft Software – Diagnostic Site and click on Start Diagnostics, then restart your 'puter.
Carey Frisch

Wednesday, June 13, 2012 10:23 PM

Moderator
0

Sign in to vote

"Matt Fernand" wrote in message news:00b51f06-0b0f-43a5-a80f-964c280653a7...

For the past couple of months I've had a problem with MSE popping up a vaildation fail message. I can follow the link in he popup to validate my copy and it works fine for a couple of days but then at some point it starts popping up the mesage again. I've tried the fix from here but it didn't help.

My diagnosic file is below:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-YVGB4-WB946-PHPKR
Windows Product Key Hash: fi3miFmD7xOJAsjyQtmADAT
Windows Product ID: 55285-014-4408255-21425
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010300.3.0.hom

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

Any ideas please?

Matt.

You say 'for the past couple of months' - if you actually mean that, then I assume that the message comes and goes? (MSE will switch off after 30 days continuous invalidity)

If so, then your problem is probably a race condition.

What other anti-virus software has been installed on this machine since the last reformat?

What other security software is currently installed?

Please attempt validation at www.mirosoft.com/genuine/validate - exactly what happens?

If it fails, go to the diagnostics - www.microsoft.com/genuine/diag and see what it has to say.

Post back with a new MGADiag report, and your results.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Thursday, June 14, 2012 6:00 AM

Moderator
0

Sign in to vote

You say 'for the past couple of months' - if you actually mean that, then I assume that the message comes and goes? (MSE will switch off after 30 days continuous invalidity)

If so, then your problem is probably a race condition.

What other anti-virus software has been installed on this machine since the last reformat?

What other security software is currently installed?

Please attempt validation at www.mirosoft.com/genuine/validate - exactly what happens?

If it fails, go to the diagnostics - www.microsoft.com/genuine/diag and see what it has to say.

Post back with a new MGADiag report, and your results.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Thanks for your response.

Basically the message pops up and I then go to the vaildation site and the 'congratluations you have a valid copy' type message appears. There are no errors or other problems. At that point the MSE icon in the system tray turns from amber to green and everything is fine for a few days - probably half a dozen boots or so - until I get the message again. That's the puzzling bit - I'd have thought this would either work or it wouldn't so I don't understand why it's intermittent. It's a valid license (a W95 upgrade one that I bought about 10 years ago and had on a tower machine before I binned it re-deployed the license on this laptop).

The MGADIAG file I supplied was generated immediately after I'd re-validated my license yesterday. That had been a pretty typical instance of the error. The machine had booted fine first thing and I'd powered it down after an hour or so's use. Then I booted it again in the afternoon, got the error and re-validated the license. It then booted fine again in the evening. Would it help if I waited until the error reappears and then posted an MGDIAG report while it's still in the fault state (ie before I re-validate the license)?

I had AVG free on the machine for a long time but I uninstalled that and replaced it with MSE probably about a year ago - certainly a long time before this problem started. I also have Spybot Search & Destroy on it, but I don't have it resident. I just use it as an on-demand scanner from time to time and don't use any of the real-time protection features.

Sorry but what's a race condition?

Matt.

Thursday, June 14, 2012 8:45 AM
0

Sign in to vote
"Matt Fernand" wrote in message news:9b7392a7-7e8c-4ba4-b8e7-7379320b32e6...

You say 'for the past couple of months' - if you actually mean that, then I assume that the message comes and goes? (MSE will switch off after 30 days continuous invalidity)

If so, then your problem is probably a race condition.

What other anti-virus software has been installed on this machine since the last reformat?

What other security software is currently installed?

Please attempt validation at www.mirosoft.com/genuine/validate - exactly what happens?

If it fails, go to the diagnostics - www.microsoft.com/genuine/diag and see what it has to say.

Post back with a new MGADiag report, and your results.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Thanks for your response.

Basically the message pops up and I then go to the vaildation site and the 'congratluations you have a valid copy' type message appears. There are no errors or other problems. At that point the MSE icon in the system tray turns from amber to green and everything is fine for a few days - probably half a dozen boots or so - until I get the message again. That's the puzzling bit - I'd have thought this would either work or it wouldn't so I don't understand why it's intermittent. It's a valid license (a W95 upgrade one that I bought about 10 years ago and had on a tower machine before I binned it re-deployed the license on this laptop).

The MGADIAG file I supplied was generated immediately after I'd re-validated my license yesterday. That had been a pretty typical instance of the error. The machine had booted fine first thing and I'd powered it down after an hour or so's use. Then I booted it again in the afternoon, got the error and re-validated the license. It then booted fine again in the evening. Would it help if I waited until the error reappears and then posted an MGDIAG report while it's still in the fault state (ie before I re-validate the license)?

I had AVG free on the machine for a long time but I uninstalled that and replaced it with MSE probably about a year ago - certainly a long time before this problem started. I also have Spybot Search & Destroy on it, but I don't have it resident. I just use it as an on-demand scanner from time to time and don't use any of the real-time protection features.

Sorry but what's a race condition?

Matt.

Problems caused by earlier AV installs can take years to surface - please run the AVG Remover, and immediately reboot once it's complete, even if it doesn't ask for it.

http://www.avg.com/gb-en/utilities

A race condition is where two or more processes compete for resources, and fight over a file or memory space. This means that the resource is locked until the competing processes sort themselves out. If one of those processes (or the resource) is involved with WGA, the the system may see it as an attack on WGA, and flag it.

The most common causes are malware and AV's.

You may find it a good idea to run MalwareBytes Anti-Malware....

Download it (www.malwabytes.org) install it, and update it, but do NOT enable the real-time protection. Run a full system scan from your main account, and quick scans from each other account. Delete everything it finds (unless you're very confident it's wrong).

Once complete, wait until you next (if ever) get a complaint from MSE, and then run MGADiag while the notification is showing - that may trap an error message that will help identify the problem.

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Marked as answer by Darin Smith MS Friday, June 15, 2012 8:03 PM
- Unmarked as answer by Matt Fernand Tuesday, June 19, 2012 9:22 PM
Thursday, June 14, 2012 1:48 PM

Moderator
0

Sign in to vote

Sorry I didn't realise there was a time limit ... Thanks very much for your suggestions. I tried what was suggested on Thursday evening and MalwareBytes did find and remove a trojan. I don't have the machine in fornt of me so I can't tell you which one but I'll post details fi the fault recurs.

I was away at the weekend so haven't had the chance to see if the fix is permanent. Like I say it's an intermittent thing so it may take a few days to be sure.

I'll keep you posted.

Thanks again,

Matt.

Monday, June 18, 2012 2:30 PM
0

Sign in to vote

There's no time-limit - it just helps to keep the forum tidy :)

Thanks for coming back to let us know the current state. If it's not 'cured' feel free to UNmark the answer and post any new details you may have..
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Monday, June 18, 2012 2:41 PM

Moderator
0

Sign in to vote

Sorry I'd have said I'd be offline for a couple of days if I'd have known.

OK so the fault recurred this afternoon but I didn't have time to run the diagnostic. I just fired the machine up to do it now and the system tray icon is green again. I didn't validate windows though ...

When I ran Malwarebytes everything was clean except for the following lines in the log:

Files Detected: 2
C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

I also tried following the link that Corey posted but it won't run. I hit the button to start the diagnostic it fails, tries to recover the window and then gives me a website restore error page.

Thanks again for your help so far. Is there anything else I can try?

Matt.

Tuesday, June 19, 2012 9:32 PM
0

Sign in to vote

"Matt Fernand" wrote in message news:92a2a4df-624c-4e52-80dc-df38b0d449cc...

Sorry I'd have said I'd be offline for a couple of days if I'd have known.

OK so the fault recurred this afternoon but I didn't have time to run the diagnostic. I just fired the machine up to do it now and the system tray icon is green again. I didn't validate windows though ...

When I ran Malwarebytes everything was clean except for the following lines in the log:

Files Detected: 2
C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

I also tried following the link that Corey posted but it won't run. I hit the button to start the diagnostic it fails, tries to recover the window and then gives me a website restore error page.

Thanks again for your help so far. Is there anything else I can try?

Matt.

ZeroAccess is a particularly nasty rootkit malware.

I would suggest that you go to a specialist malware removal forum to ensure that your system really is clean.

www.bleepingcomputer.com is one such - make sure that you read the rules about how and what to post first, as they will either ignore or delete your post if you don't follow them!

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Tuesday, June 19, 2012 9:43 PM

Moderator
0

Sign in to vote
Thanks for the advice. I'll try there and post back for future info if I get a fix, although I'm beginning to suspect that a format & rebuild might be the easiest approach.

Matt.
- Marked as answer by Darin Smith MS Wednesday, June 20, 2012 7:24 PM
Wednesday, June 20, 2012 9:52 AM
0

Sign in to vote

I wouldn't argue against that decision.

Chances are, from what little I know about ZeroAccess, that there are multiple problems with the system, even if you do get it clean (particularly if you've been infected for a while).

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, June 20, 2012 10:08 AM

Moderator
0

Sign in to vote

Thanks. I guess what I need to understand is whether I'll just take the problem with me if I copy off all my personal data, rebuild and then copy everything back again.

FWIW, out of curiosity I tried running the validation diagnostic site from Firefox. It fails the last two tests - software plugins are installed & loaded and software plugins connect with servers. Then it takes me round a loop of installing the WGA and OGA plugins and then telling me that they're not there. I've followed the validation instructions and can see the DLLs and I've tried restarting Firefox and rebooting the machine.

Matt.

Wednesday, June 20, 2012 2:47 PM
0

Sign in to vote

"Matt Fernand" wrote in message news:7a4225de-98fb-4eec-9122-2979a5191600...

Thanks. I guess what I need to understand is whether I'll just take the problem with me if I copy off all my personal data, rebuild and then copy everything back again.

FWIW, out of curiosity I tried running the validation diagnostic site from Firefox. It fails the last two tests - software plugins are installed & loaded and software plugins connect with servers. Then it takes me round a loop of installing the WGA and OGA plugins and then telling me that they're not there. I've followed the validation instructions and can see the DLLs and I've tried restarting Firefox and rebooting the machine.

Matt.

The trick with any situation like this is to make sure that you scan and clean the data before re-introducing it to the system - so updates and AV must be installed prior to pulling the data back in.

FireFox often has problems with the Validation site - I would recommend using IE for anything requiring validation (but Chrome seems to work as well)

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Wednesday, June 20, 2012 3:03 PM

Moderator

Answered by:

Windows intermittently failing validation

Question

Answers

All replies