locked
Vista fails genuine verification AND bugs me RRS feed

  • Question

  • Hi!

    Vista fails genuine advantage verification. I know for a fact thekey is legit as this is a purchased computer with an OEM key in it. Every other reboot windows will not let me login and instead informs me some part of windows has been modified with details telling me a system file mismatch. Though I can't find anything like that in the log from wgadiag. This is just insane, I have friends with pirated windows keys and they have never had a problem but this legit system bugs me mad. I can't being to tell you how mad that makes me!

    log from wgadiag thing:

    Diagnostic Report (1.9.0006.1):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0xc004d401
    Cached Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-4JJQP-TP64Y-RPFFV
    Windows Product Key Hash: W7I5PeTN2iJuvTTU9QmIXc6iQqY=
    Windows Product ID: DELETED dont want my key i the public
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {30586DE4-8587-4917-831D-A163E991759A}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.9.9.1
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6001.vistasp1_gdr.080917-1612
    TTS Error: K:20090330125405015-M:20090406201850558-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 1.7.111.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\program files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{30586DE4-8587-4917-831D-A163E991759A}</UGUID><Version>1.9.0006.1</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RPFFV</PKey><PID>89578-OEM-7332157-00043</PID><PIDType>2</PIDType><SID>S-1-5-21-2640016537-489797768-3589010597</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc.        </Manufacturer><Model>M51Va               </Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>210.000</Version><SMBIOSVersion major="2" minor="5"/><Date>20080904000000.000000+000</Date></BIOS><HWID>4F323507018400F8</HWID><UserLCID>041D</UserLCID><SystemLCID>041D</SystemLCID><TimeZone>Västeuropa, normaltid(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAEAGAAAAAAAAYWECAOjQVorntIMnjLDJARhy9171jCizkdIEkQaJZ6536F4e9bPff6wr0Y9WIxgnc/F9arKARnusLuw6L6ikUDxmIhnxJS6W2ohsCzadr0JrQ74GEul9TcMD8Os5OzdPBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpWgA9xqCKT2pyzU4ikmVXcUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOE3ppKHhVqCwkvaDzBS7RRf801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeuXWlZHOJ5h5P72hIgaitfaUDgwLg6i29w68w9QhyWDhsUI3Tw8A4p035EFwEhEbHh4t5ROb+5wttcHwQFRWuwQpP6AP0nxF+qLf25zZoCwNb7tVLwe28YiH1BLYCERqYZDkmvhBlGHDl+f1L5AB51cWXICRO7wMvZJLvE5ReOSVqbGyYrHLwGFoM8hWdM+/ctgV+5kNkO9/d8+V0OdFV7/ZoayoauFCIvj8LRkH4zhiIzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrm1KNLzjQAWk5PzeR57Bm0W7wIo22pMyTiPfrrGvLjOnPGYiGfElLpbaiGwLNp2vQmtDvgYS6X1NwwPw6zk7N08G1TrPLPe/1nYysgdr3Hdbdw0/pgklHNnewY9kx1q4KlaAD3GoIpPanLNTiKSZVdxQfGFx/fxqQlaOtMWZ2Kjcbgxuxl0kUGXogPxno+DM4TemkoeFWoLCS9oPMFLtFF/zTX6H4yxMWRGUnZkCNECIM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhy9171jCizkdIEkQaJZ64P0R5x+NstkGF26pqZ0L8bj0OiAt0wYJU4eBX9SdgI4xQjdPDwDinTfkQXASERseGzgJAJojPOvkQLhha0rLDzk/oA/SfEX6ot/bnNmgLA1vu1UvB7bxiIfUEtgIRGphkOSa+EGUYcOX5/UvkAHnVxZcgJE7vAy9kku8TlF45JWpsbJiscvAYWgzyFZ0z79y2BX7mQ2Q7393z5XQ50VXv9mhrKhq4UIi+PwtGQfjOGIjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeuVat7+YnHLW6x6ZGPTOtJXILdh9tlZXsoNgwoZGSoa2YUI3Tw8A4p035EFwEhEbHhlH/2yHL4Me3sitkaWwb/BpP6AP0nxF+qLf25zZoCwNb7tVLwe28YiH1BLYCERqYZDkmvhBlGHDl+f1L5AB51cWXICRO7wMvZJLvE5ReOSVqbGyYrHLwGFoM8hWdM+/ctgV+5kNkO9/d8+V0OdFV7/ZoayoauFCIvj8LRkH4zhiIzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401

    HWID Data-->
    HWID Hash Current: OgAAAAEABAABAAEAAQACAAAABAABAAEAeqj+EMJRcgOy5FRlpNUU0/QK8vQa7BBht1Pyc0QkrFZGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            090408        APIC2104
      FACP            090408        FACP2104
      DBGP            090408        DBGP2104
      HPET            090408        OEMHPET
      BOOT            090408        BOOT2104
      MCFG            090408        OEMMCFG
      SLIC            _ASUS_        Notebook
      ECDT            090408        OEMECDT
      OEMB            090408        OEMB2104
      ATKG            022008        OEMATKG
      SSDT            PmRef        CpuPm




    Please fix this for me,it's insane it even is a problem!
     
    Monday, April 6, 2009 6:30 PM

Answers

  • Hello TigerSoul

    First off

    "Windows Product ID: DELETED dont want my key i the public"

    "Windows Product ID" is not the same thing as the "Windows Product Key".  You can not install or use Vista using a Windows Product ID

    Your Product key is found in the Diagnostic Report on line "Windows Product Key:".
    Your Product Key is "*****-*****-4JJQP-TP64Y-RPFFV". 

      You will notice that we mark out 10 of the 25 digits in the key so it is not displayed to the public. In addition, the Product Key, currently being used by your Vista, is called the OEM SLP key and is identical to all other OEM SLP keys from that same manufacturer.  OEM SLP keys require the existance of a specal "flag" to be located in the computer's Motherboard for Vista to be able to Activate. The key is worthless to anyone that doesn't already have a computer from that manufacturer. (and if they do have a computer from that manufacturer, they already have that exact OEM SLP key, anyways)

      The Product Key on the sticker on the side or bottom of your computer contains a different key (called the COA SLP key). The COA SLP key is unique to your computer and is a 'backup' to be used in the rare event that the OEM SLP key (for whatever reason) stops working.


    As for your Vista's non-Genuine issue:
     

    Your Vista is in, what we call a 'Mod-Auth' Tamper state.  There are 2 types of Mod-Auth tampers.

    1)    A critical system file was modified On Disk - What this means is that the file, located on the hard drive, was modified in some way. This can be caused by a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off-chance that the roll back did not occur.

     

    2)    A critical system file was modified In Memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way and is caused by a running program that is incompatible with Vista.

     

      Because there is No Mismatched files listed under the "File Scan Data-->" line of your Diagnostic Report, we know that your issue is an In Memory Mod-Auth and therefore caused by an incompatible program. This means there is a program install and Running that is trying to access parts of the OS that Vista does not allow, which by definition, means it is incompatible with Vista.

     

      In addition to why a Mod-Auth occurs, it's also important to understand how Vista detects a Mod-Auth event. There is a Service that runs in Vista that detects a Tamper to a Critical System file. But this Service runs randomly, so if you were to install an incompatible program and run it, Vista (most likely) would not immediately enter a Mod-Auth  State and it could take some time for the Mod-Auth to be detected. The important point to note is that the moment Vista detects the Mod-Auth, you know that the program that is causing the Mod-Auth, is currently running.

     

       Below I have provided a number of steps to help you identify the program that is causing the tamper:
     
      First, go to
    http://support.microsoft.com/kb/931699/ and confirm that you do not have any of the programs known to cause this type of issue.
     
      Second, in your Diagnostic report above, you can see the line that starts with 'TTS Error:' followed by a bunch numbers: M:xxxxxxxxxxxxxxxxx- This is the Tamper Time Stamp and it breaks down like this:

        (year)  (month) (day) (time in 24format) (millisecond)
    M:2009      04        06            2018                  50558-

    Note: I also see a "K" type Tamper Time Stamp. The “K“ stands for Kernel Mode tamper. Once you remove the program that is causing the In Memory Mod-Auth tamper, the Kernel Mode tamper may be resolved as well. But a Kernel Mode Tamper can sometime indicate a Malware infection. To be on the safe side, we strongly suggest scanning your system with the Anti-Virus program of your choice as well as with the OneCare Safety Scanner for Vista (http://onecare.live.com/site/en-us/center/whatsnew.htm)


    Now that you know the time of the tamper, you can now try to connect that time with a program.

    1)    Login to Vista and select the option that launches an Internet Browser

    2)    Type into the browser address bar: %windir%\system32\perfmon.msc and hit Enter

    3)    When asked if you want to Open or Save this file, select Open

    4)     In the left hand panel, click Reliability Monitor

    5)    Click on the “System Stability Chart” above the date 04/06 

    6)    Below the chart, in the “System Stability Report” section look at the report titled "Software (Un)Installs for 04/06/2009"

    7)    Look for any program that shows "Application Install" in the 'Activity' column.

    8)    Since the process that detects Tampers runs randomly, it can take up to 3 days for the process to detect the tamper and set Vista to a Tamper State. Because of this, please repeat steps 5) thru 7) for the dates 04/05/2009, 04/04/2009 and 04/03/2008  (or around the date the issue first occurred)

      This could tell you what programs were installed on or around the Tamper date and should help you narrow down the possible programs that could be causing the issue. Unfortunately, if you installed the program at some time in the past, but didn’t run it till now, this process may not be helpful.  The removal of any application you may have installed recently could go a long way to troubleshooting this issues.

     

    Note: Since everyone has different programs installed on their computer, it is extremely hard for support to figure out what program is causing the problem, but if you still need assistance in identifying the Incompatible Program, please create a no cost support request at http://go.microsoft.com/fwlink/?linkid=52029

    Also Note: it has been found that Malware, such as Viruses and Trojans, can also be incompatible with Vista and can cause an In Memory Mod-Auth. A few users (that were experiencing your same issue) have confirmed that a Malware infection was the cause. If you follow the above steps and cannot find a program that is causing the Mod-Auth, you may want to investigate if a Virus, Worm or Trojan may be to blame. You can contact PC Safety, which is a Microsoft group, that provides free assistance with Malware infections. I encourage you to use the ‘Windows Live Safety Scan for Windows Vista’ (http://onecare.live.com/site/en-us/center/whatsnew.htm) before contacting PC Safety.

    PC Safety:

    1-866-PCSafety or 1-866-727-2338

    http://www.microsoft.com/protect/support/default.mspx

    http://onecare.live.com/site/en-us/center/whatsnew.htm

    Thank you,
    Darin MS

    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.
    Monday, April 6, 2009 9:25 PM

All replies

  • Hello TigerSoul

    First off

    "Windows Product ID: DELETED dont want my key i the public"

    "Windows Product ID" is not the same thing as the "Windows Product Key".  You can not install or use Vista using a Windows Product ID

    Your Product key is found in the Diagnostic Report on line "Windows Product Key:".
    Your Product Key is "*****-*****-4JJQP-TP64Y-RPFFV". 

      You will notice that we mark out 10 of the 25 digits in the key so it is not displayed to the public. In addition, the Product Key, currently being used by your Vista, is called the OEM SLP key and is identical to all other OEM SLP keys from that same manufacturer.  OEM SLP keys require the existance of a specal "flag" to be located in the computer's Motherboard for Vista to be able to Activate. The key is worthless to anyone that doesn't already have a computer from that manufacturer. (and if they do have a computer from that manufacturer, they already have that exact OEM SLP key, anyways)

      The Product Key on the sticker on the side or bottom of your computer contains a different key (called the COA SLP key). The COA SLP key is unique to your computer and is a 'backup' to be used in the rare event that the OEM SLP key (for whatever reason) stops working.


    As for your Vista's non-Genuine issue:
     

    Your Vista is in, what we call a 'Mod-Auth' Tamper state.  There are 2 types of Mod-Auth tampers.

    1)    A critical system file was modified On Disk - What this means is that the file, located on the hard drive, was modified in some way. This can be caused by a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off-chance that the roll back did not occur.

     

    2)    A critical system file was modified In Memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way and is caused by a running program that is incompatible with Vista.

     

      Because there is No Mismatched files listed under the "File Scan Data-->" line of your Diagnostic Report, we know that your issue is an In Memory Mod-Auth and therefore caused by an incompatible program. This means there is a program install and Running that is trying to access parts of the OS that Vista does not allow, which by definition, means it is incompatible with Vista.

     

      In addition to why a Mod-Auth occurs, it's also important to understand how Vista detects a Mod-Auth event. There is a Service that runs in Vista that detects a Tamper to a Critical System file. But this Service runs randomly, so if you were to install an incompatible program and run it, Vista (most likely) would not immediately enter a Mod-Auth  State and it could take some time for the Mod-Auth to be detected. The important point to note is that the moment Vista detects the Mod-Auth, you know that the program that is causing the Mod-Auth, is currently running.

     

       Below I have provided a number of steps to help you identify the program that is causing the tamper:
     
      First, go to
    http://support.microsoft.com/kb/931699/ and confirm that you do not have any of the programs known to cause this type of issue.
     
      Second, in your Diagnostic report above, you can see the line that starts with 'TTS Error:' followed by a bunch numbers: M:xxxxxxxxxxxxxxxxx- This is the Tamper Time Stamp and it breaks down like this:

        (year)  (month) (day) (time in 24format) (millisecond)
    M:2009      04        06            2018                  50558-

    Note: I also see a "K" type Tamper Time Stamp. The “K“ stands for Kernel Mode tamper. Once you remove the program that is causing the In Memory Mod-Auth tamper, the Kernel Mode tamper may be resolved as well. But a Kernel Mode Tamper can sometime indicate a Malware infection. To be on the safe side, we strongly suggest scanning your system with the Anti-Virus program of your choice as well as with the OneCare Safety Scanner for Vista (http://onecare.live.com/site/en-us/center/whatsnew.htm)


    Now that you know the time of the tamper, you can now try to connect that time with a program.

    1)    Login to Vista and select the option that launches an Internet Browser

    2)    Type into the browser address bar: %windir%\system32\perfmon.msc and hit Enter

    3)    When asked if you want to Open or Save this file, select Open

    4)     In the left hand panel, click Reliability Monitor

    5)    Click on the “System Stability Chart” above the date 04/06 

    6)    Below the chart, in the “System Stability Report” section look at the report titled "Software (Un)Installs for 04/06/2009"

    7)    Look for any program that shows "Application Install" in the 'Activity' column.

    8)    Since the process that detects Tampers runs randomly, it can take up to 3 days for the process to detect the tamper and set Vista to a Tamper State. Because of this, please repeat steps 5) thru 7) for the dates 04/05/2009, 04/04/2009 and 04/03/2008  (or around the date the issue first occurred)

      This could tell you what programs were installed on or around the Tamper date and should help you narrow down the possible programs that could be causing the issue. Unfortunately, if you installed the program at some time in the past, but didn’t run it till now, this process may not be helpful.  The removal of any application you may have installed recently could go a long way to troubleshooting this issues.

     

    Note: Since everyone has different programs installed on their computer, it is extremely hard for support to figure out what program is causing the problem, but if you still need assistance in identifying the Incompatible Program, please create a no cost support request at http://go.microsoft.com/fwlink/?linkid=52029

    Also Note: it has been found that Malware, such as Viruses and Trojans, can also be incompatible with Vista and can cause an In Memory Mod-Auth. A few users (that were experiencing your same issue) have confirmed that a Malware infection was the cause. If you follow the above steps and cannot find a program that is causing the Mod-Auth, you may want to investigate if a Virus, Worm or Trojan may be to blame. You can contact PC Safety, which is a Microsoft group, that provides free assistance with Malware infections. I encourage you to use the ‘Windows Live Safety Scan for Windows Vista’ (http://onecare.live.com/site/en-us/center/whatsnew.htm) before contacting PC Safety.

    PC Safety:

    1-866-PCSafety or 1-866-727-2338

    http://www.microsoft.com/protect/support/default.mspx

    http://onecare.live.com/site/en-us/center/whatsnew.htm

    Thank you,
    Darin MS

    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.
    Monday, April 6, 2009 9:25 PM
  • Hi!

    I can find no program installed during that period in the suggested method or even 3 days before that may be causing the problem.
    I installed Open Office during this time and I think we probably can rule this program out of the problem picture. I did however install, or tried to install rather, a program
    called "Airfoil" but the installation hung midway and I had to kill the installation process. I never got it to install and forgot about it but I guess these problems started sometime
    then. Though this program isn't listed as being either installed or uninstalled and I can't get it to install more than halfway, so what can I do about it if this is the problem?
    A virus scan is running topo but I highly doubt it as I haven't used the laptop too much and haven't launched or done anything that could have gotten a virus into the computer.
    So I guess the airfoil program is the one to blame but I don't understand why it would cause a problem with WGA and I have no idea what to do about the situation!

    Kristian
    Tuesday, April 7, 2009 11:38 AM
  • Hi Kristian,

    The the incompatible program must be running to cause Vista to error. You might try opening the Task Manager and look in the 'Processes" tab for anything that suggests the Airfoil program. If you see it, stop the process and the look in your Program Files folder for any folder that these Fairfoil files may be located in. If you find the folder, delete it (or if you are not completly sure the folder belongs to the Airfoil program, move it to the desktop) Reboot and see if the error returns.

    You can also look in the Task Manager (in the processes tab) for any other running program that looks suspicious.

    Thank you,
    Darin MS  
    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.
    Tuesday, April 7, 2009 7:42 PM
  • Hi!

    I checked through the list of running processes and found nothing at all related to airfoil and nothing else that looks suspicious to me. Also, the computer passed the virus scan.

    Where do I go from here?

    Kristian
    Thursday, April 9, 2009 4:15 PM
  • Problem resolved. Was caused by airfoil3inject.dll residing in the system32 folder. I don't know whatever this was due to that the airfoil program failed to install and left this file running somehow in memory or if the entire program is incompatible with vista I'll let someone else verify that.

    Kristian
    Thursday, April 9, 2009 4:31 PM