Getting Windows must be validated error message. Posting MGA Diagnostic Report RRS feed

  • Question

  • Good day: I am posting the MGA Diagnostic report as requested. Can someone let me know what I can do with this users machine to get rid of the error so that the machine can get the appropriate updates and security patches?

    Diagnostic Report (1.9.0027.0):


    Windows Validation Data-->

    Validation Code: 0

    Cached Online Validation Code: 0x0

    Windows Product Key: *****-*****-F6PB6-8Y2MB-XM28C

    Windows Product Key Hash: 8YAv57VEdhlPd1CBDBnKCc1GwYk=

    Windows Product ID: 00426-069-0021756-86715

    Windows Product ID Type: 5

    Windows License Type: Retail

    Windows OS version: 6.1.7601.2.00010100.1.0.001

    ID: {9E6723DB-6A52-4709-BC55-7E4B749FEECD}(1)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows 7 Ultimate

    Architecture: 0x00000000

    Build lab: 7601.win7sp1_gdr.120330-1504

    TTS Error:

    Validation Diagnostic:

    Resolution Status: N/A

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 109 N/A

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Users\MeghanHanawalt\AppData\Local\Google\Chrome\Application\chrome.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{9E6723DB-6A52-4709-BC55-7E4B749FEECD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XM28C</PKey><PID>00426-069-0021756-86715</PID><PIDType>5</PIDType><SID>S-1-5-21-3072259239-1156090706-3869021405</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 1720</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="5"/><Date>20090408000000.000000+000</Date></BIOS><HWID>EDFB3307018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CL09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->

    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition

    Description: Windows Operating System - Windows(R) 7, RETAIL channel

    Activation ID: a0cde89c-3304-4157-b61c-c8ad785d1fad

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 00426-00172-069-002175-00-1033-7601.0000-3352011

    Installation ID: 010126692396703335769172313494413254632252451606965315

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

    Partial Product Key: XM28C

    License Status: Licensed

    Remaining Windows rearm count: 3

    Trusted time: 9/24/2012 8:59:53 AM

    Windows Activation Technologies-->

    HrOffline: 0x00000000

    HrOnline: 0x00000000

    HealthStatus: 0x0000000000000000

    Event Time Stamp: 8:29:2012 20:11

    ActiveX: Registered, Version: 7.1.7600.16395

    Admin Service: Registered, Version: 7.1.7600.16395

    HealthStatus Bitmask Output:

    HWID Data-->


    OEM Activation 1.0 Data-->


    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20001

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name           OEMID Value     OEMTableID Value

      APIC                                    PTLTD                                     APIC 

      FACP                                   TOSCPL                 CRESTLNE

      HPET                                    INTEL                     CRESTLNE

      BOOT                                  PTLTD                    $SBFTBL$

      MCFG                                 INTEL                     CRESTLNE

      OSFR                                   TOSHIB                 A+2nd ID

      SLIC                                      DELL                       CL09  

      SSDT                                    BrtRef                   DD01BRT

      SSDT                                    BrtRef                   DD01BRT


    elena black


    elena black

    Monday, September 24, 2012 1:19 PM


All replies

  • Windows Product ID: 00426-069-0021756-86715

    The product ID -069- Indicates a not for resale MSDN account. If you are not the account holder and you purchased this in a retail box, the box and it's contents are counterfeit. Demand an immediate refund from the seller

    For more information see this:


    And this:


    To see how good these counterfeits are becoming, see:


    You will have to purchase a legitimate windows from a legitimate retailer or revert to the windows the computer came with.

    Monday, September 24, 2012 1:23 PM
  • For what it's worthm there is ALSO an Activation Exploit installed - so a reformat/reinstall is recommended, rather than just a Key change.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, September 24, 2012 1:26 PM
  • we purchase our msdn and action packs from microsoft. But I will check this particular one and see what is going on. thank you for the quick replies! I will rebuild the machine as recommended Noel also. Is this activation exploit something that can be detected with virus sofware or should have been detected?


    elena black

    Monday, September 24, 2012 3:44 PM
  • The only AV that I know of that actively looks for Activation Exploits is (understandably) Microsoft Security Essentials (I assume that the 'business-class' MS AV also checks).

    FYI, the clue to the exploit here is in the BIOS date (April 2009 - 3 months before Win7 went RTM) and the apparent Win7 SLIC table in the BIOS (which couldn't be present in a pre-Win7 BIOS) There's also a Toshiba reference in the BIOS tables which would be worth investigating, although I have vague memories of seeing this elsewhere in genuine systems.

    What make and model does the system claim to be? According to the report, it's a Dell Vostro 1720.

    What is the Licensed OS, according to the COA sticker on the case?

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Monday, September 24, 2012 4:02 PM