locked
Validation Issues: Windows 7 Ultimate RRS feed

  • Question

  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-99YWF-VGYYC-4G36D
    Windows Product Key Hash: Rkkz7cJZlF7n06n4uxIvu4wTj8k=
    Windows Product ID: 00371-OEM-9322453-89750
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {14676D39-2B5B-451B-ADF0-BE295009FACA}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_ldr_escrow.180327-2230
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 103 Blocked VLK
    Microsoft Office Professional Plus 2007 - 103 Blocked VLK
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{14676D39-2B5B-451B-ADF0-BE295009FACA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-4G36D</PKey><PID>00371-OEM-9322453-89750</PID><PIDType>8</PIDType><SID>S-1-5-21-2258246035-3946551712-2707484284</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite C55-B</Model></SYSTEM><BIOS><Manufacturer>INSYDE Corp.</Manufacturer><Version>1.50</Version><SMBIOSVersion major="2" minor="7"/><Date>20140707000000.000000+000</Date></BIOS><HWID>DA8C3007018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSQCI</OEMID><OEMTableID>TOSQCI00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89409-707-1528066-65685</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 4:13:2018 18:16
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: OAAAAAEAAgABAAIAAQACAAAABAABAAEA6GF2KVSgut8aVtQBjhvk0BqAghp6OZJyOlKIG8RUuno=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: no, invalid SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC TOSQCI TOSQCI00
      FACP TOSQCI TOSQCI00
      DBGP TOSQCI TOSQCI00
      HPET TOSQCI TOSQCI00
      BOOT TOSQCI TOSQCI00
      MCFG TOSQCI TOSQCI00
      WDAT TOSQCI TOSQCI00
      UEFI TOSQCI TOSQCI00
      UEFI TOSQCI TOSQCI00
      MSDM TOSQCI TOSQCI00
      ASF! TOSQCI TOSQCI00
      ASPT TOSQCI TOSQCI00
      LPIT TOSQCI TOSQCI00
      SLIC TOSQCI TOSQCI00
      SSDT INSYDE HSW-LPT
      SSDT INSYDE HSW-LPT
      SSDT INSYDE HSW-LPT
      SSDT INSYDE HSW-LPT
      SSDT INSYDE HSW-LPT
      CSRT TOSQCI TOSQCI00
      FPDT TOSQCI TOSQCI00

    Hi! I had a diagnostic tool check what's wrong in my OS, just that I dont know how to read it. Will there be someone kind enough to tell me why the validation is not running and why it's reading my windows as not genuine? Thank you!

    Wednesday, April 18, 2018 1:35 PM

Answers

  • That looks pretty much as it should do - which means that it's not the 'usual' error. :(

    We'll have to do some fault-finding, but it looks to me as if there's been an attempt to install an Activation Exploit in an attempt to bypass Activation and Validation requirements

    Please run a full CHKDSK and SFC scan....

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

    At the Command prompt, type

     CHKDSK C: /R

    and hit the Enter key.

    You will be told that the drive is locked, and the CHKDSK will run at the next boot - hit the Y key, and then reboot.

    The CHKDSK will take a few hours depending on the size  of the drive, so be patient!

     After the CHKDSK has run, Windows should boot normally  (possibly after a second auto-reboot) - then run the SFC.

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

    At the Command prompt, type

    SFC /SCANNOW

    and hit the Enter key

    Wait for the scan to finish - make a note of any error messages - and then reboot.

    Upload the CBS.log file (compressed, please!) to your OneDrive or DropBox Public folder, and post a link - also post a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, May 7, 2018 12:35 PM
    Moderator

All replies

  • It is highly likely that this install is counterfeit.

    However, in the hope that it's not, let's try and fix the problem.

    "Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration"

    To confirm that the problem is what I think it is, please run the following commands in an Elevated Command Prompt window and post the results.

    REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

    REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S              

    REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, May 2, 2018 7:26 AM
    Moderator
  • Hi! thanks for answering my query. Please see below results. 

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\LT>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4
    AD6-8658-327C2C86C5AA} /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
    -327C2C86C5AA}\1.0
        (Default)    REG_SZ    SPPUI 1.0 Type Library

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
    -327C2C86C5AA}\1.0\0

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
    -327C2C86C5AA}\1.0\0\win32
        (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\slui.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658
    -327C2C86C5AA}\1.0\FLAGS
        (Default)    REG_SZ    0


    C:\Users\LT>
    C:\Users\LT>REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327
    C2C86C5AA} /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
    A}\1.0
        (Default)    REG_SZ    SPPUI 1.0 Type Library

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
    A}\1.0\0

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
    A}\1.0\0\win32
        (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\slui.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5A
    A}\1.0\FLAGS
        (Default)    REG_SZ    0


    C:\Users\LT>
    C:\Users\LT>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4
    AD6-8658-327C2C86C5AA} /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
    -327C2C86C5AA}\1.0
        (Default)    REG_SZ    SPPUI 1.0 Type Library

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
    -327C2C86C5AA}\1.0\0

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
    -327C2C86C5AA}\1.0\0\win32
        (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\slui.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658
    -327C2C86C5AA}\1.0\FLAGS
        (Default)    REG_SZ    0


    C:\Users\LT>

    Wednesday, May 2, 2018 1:09 PM
  • That looks pretty much as it should do - which means that it's not the 'usual' error. :(

    We'll have to do some fault-finding, but it looks to me as if there's been an attempt to install an Activation Exploit in an attempt to bypass Activation and Validation requirements

    Please run a full CHKDSK and SFC scan....

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

    At the Command prompt, type

     CHKDSK C: /R

    and hit the Enter key.

    You will be told that the drive is locked, and the CHKDSK will run at the next boot - hit the Y key, and then reboot.

    The CHKDSK will take a few hours depending on the size  of the drive, so be patient!

     After the CHKDSK has run, Windows should boot normally  (possibly after a second auto-reboot) - then run the SFC.

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

    At the Command prompt, type

    SFC /SCANNOW

    and hit the Enter key

    Wait for the scan to finish - make a note of any error messages - and then reboot.

    Upload the CBS.log file (compressed, please!) to your OneDrive or DropBox Public folder, and post a link - also post a new MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, May 7, 2018 12:35 PM
    Moderator