locked
Get an error saying "an unauthorised change was made to windows" RRS feed

  • Question

  • Hi,

    Yesterday, out of the blue I got the above error message when I booted my laptop. I tried using system restore to restore my laptop to a week back and everything was working again. Today, I again got the same error message and now the earlier restore point is not available. Now, I am able to use my internet explorer to browse to all non-microsoft and non-anti virus related pages. Weird. I am browsing this forum using my other PC. I am not able to understand this problem. After looking at a few forums, I used the wga diagnostic tool. The results are as follows:

    Diagnostic Report (1.9.0006.1):

    -----------------------------------------

    WGA Data-->

    Validation Status: Invalid License

    Validation Code: 50

    Online Validation Code: 0x80070426

    Cached Validation Code: N/A, hr = 0x80070426

    Windows Product Key: *****-*****-2BKKR-2R3V2-4CX7X

    Windows Product Key Hash: 3aEbS3XVvybUk06FBO6U9HAY9zo=

    Windows Product ID: 89578-022-6648902-71681

    Windows Product ID Type: 5

    Windows License Type: Retail

    Windows OS version: 6.0.6000.2.00010300.0.0.003

    ID: {2A1BC1A8-C7AD-4CD0-8B2C-5B021EC36ABF}(1)

    Is Admin: Yes

    TestCab: 0x0

    WGA Version: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows Vista (TM) Home Premium

    Architecture: 0x00000000

    Build lab: 6000.vista_gdr.071023-1545

    TTS Error: K:20090403152926588-M:20090407100706976-

    Validation Diagnostic:

    Resolution Status: N/A

     

    WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    WGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    WGATray.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

     

    OGA Data-->

    Office Status: 114 Blocked VLK 2

    Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)

    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

    File Mismatch: C:\Windows\system32\Slsvc.exe[6.0.6000.16509]

    File Mismatch: C:\Windows\system32\kernel32.dll[6.0.6000.16386]

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{2A1BC1A8-C7AD-4CD0-8B2C-5B021EC36ABF}</UGUID><Version>1.9.0006.1</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4CX7X</PKey><PID>89578-022-6648902-71681</PID><PIDType>5</PIDType><SID>S-1-5-21-1511664710-3298486934-3761704801</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude D520                   </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="4"/><Date>20070528000000.000000+000</Date></BIOS><HWID>D5313507018400EE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>M07    </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57978</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults> 

     

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAM77EwAAAAAAYWECADAgAAAARa6RN7TJARhDs/4hWdo7Xkl9D+HKpniIc9WnUpPKoiE4Id3d81oyBnvxIiDYpCV4A3NcPj/rL+fDvX0zCybmDilyQLttVIzs6qJDUVUmNehgxfByr0h7sEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTCDPKtQZQFIQcDXIAwFGl6D9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo72qUqYYmAlRJO05+WV1r70w2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMaAuhJTLs0JLTtRuBQw/+Cs3Ppq19OXQ9Lu6mLTMlyJ4jRF/UyoDcPmxZ8TDtZ41/XhUTLTluZ4S7fLa/gWBR4KostOvttek9/t2KR7P+ImfkvDxiVcwE2xHkprZh79txbM4In7e6IxLW1UibwDABMDSkqs5hKGcTzKr4HYhiEDk/b40i1fXcxf/8eDMx4xEWO9/SuEZ7ZybrgiuZnL8g+hQ/h+NizjRbhH/7eykkarAzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zL/ZvQlvG7HjhiKVXSmQsoSuyL19t9ipbnCaKg3tO8ZKI0Rf1MqA3D5sWfEw7WeNf0x5sPx7o3JsEvk2XQQP26+qLLTr7bXpPf7dikez/iJn5Lw8YlXMBNsR5Ka2Ye/bcWzOCJ+3uiMS1tVIm8AwATA0pKrOYShnE8yq+B2IYhA5P2+NItX13MX//HgzMeMRFjvf0rhGe2cm64IrmZy/IPoUP4fjYs40W4R/+3spJGqwM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMwjAA57nf+3G2uRi6SlHKOUs3W15veHKGFNoFkMYC8o6yNEX9TKgNw+bFnxMO1njX87Tsz7+nzAr63ipjcGsOEtqiy06+216T3+3YpHs/4iZ+S8PGJVzATbEeSmtmHv23Fszgift7ojEtbVSJvAMAEwNKSqzmEoZxPMqvgdiGIQOT9vjSLV9dzF//x4MzHjERY739K4RntnJuuCK5mcvyD6FD+H42LONFuEf/t7KSRqsDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4nGX3+sI12R07/dldtMIcLhmcD+3bxxTv0ekmq9zS1E7nw719Mwsm5g4pckC7bVSMjH+xk52fCrUAwf8tTc45YLBBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwgzyrUGUBSEHA1yAMBRpeg/UvxlA2HnHjxUSjP5Xkve28TlVZvXyAmVJHx3QzW6O9qlKmGJgJUSTtOfllda+9MNjuj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zIhLeic3SLZ4QnbmlmKfGtn+HmDs2RbE5ydYtByD/b7GI0Rf1MqA3D5sWfEw7WeNf6U9OuvReClwnlTzr8ia/B2qLLTr7bXpPf7dikez/iJn5Lw8YlXMBNsR5Ka2Ye/bcWzOCJ+3uiMS1tVIm8AwATA0pKrOYShnE8yq+B2IYhA5P2+NItX13MX//HgzMeMRFjvf0rhGe2cm64IrmZy/IPoUP4fjYs40W4R/+3spJGqwM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMyHZIniU3kfVVRmzmr/PG+AmccN0xjKWZIPWLSWuCrHvyNEX9TKgNw+bFnxMO1njX9oSjTQl4A+WDiQaH/qz5oFqiy06+216T3+3YpHs/4iZ+S8PGJVzATbEeSmtmHv23Fszgift7ojEtbVSJvAMAEwNKSqzmEoZxPMqvgdiGIQOT9vjSLV9dzF//x4MzHjERY739K4RntnJuuCK5mcvyD6FD+H42LONFuEf/t7KSRqsDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMyOXbNPvbiXlTLhZTBAg5RtC81gOboh6EniYfhcWbeWcc5WymlRwYw+khP+Aio3jrHe337kOo3Ov8bh7iCU+nxNuzii1kzd/8Rcp4Jg92n1kHeQVrrfrw9xajpB+asGN6HCYVy+Af0rpUT5pEUleqDz/Sko7v7fb7vS11IJ3mTvCbkJz6Jhm/VbqQCWmaNuUiCcRjeYT5WF6tgBQ7IQZvOjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zMjl2zT724l5Uy4WUwQIOUYnfCP+Nv4iYhRHm9Od6uKBI0Rf1MqA3D5sWfEw7WeNf7LHWTJMlN/KIVdwGoIVT9yqLLTr7bXpPf7dikez/iJn5Lw8YlXMBNsR5Ka2Ye/bcWzOCJ+3uiMS1tVIm8AwATA0pKrOYShnE8yq+B2IYhA5P2+NItX13MX//HgzMeMRFjvf0rhGe2cm64IrmZy/IPoUP4fjYs40W4R/+3spJGqwM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMw6iP7fubgMmZytUYKBOxoBZQvnU588BB8mdZUXySuLwhzlbKaVHBjD6SE/4CKjeOsd7ffuQ6jc6/xuHuIJT6fE27OKLWTN3/xFyngmD3afWQd5BWut+vD3FqOkH5qwY3ocJhXL4B/SulRPmkRSV6oPP9KSju/t9vu9LXUgneZO8JuQnPomGb9VupAJaZo25SIJxGN5hPlYXq2AFDshBm86M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMOoj+37m4DJmcrVGCgTsaASX/YXmLdfqp4PJM842vq3sjRF/UyoDcPmxZ8TDtZ41/0L0ihAQck3ytfE1Nura5/KostOvttek9/t2KR7P+ImfkvDxiVcwE2xHkprZh79txbM4In7e6IxLW1UibwDABMDSkqs5hKGcTzKr4HYhiEDk/b40i1fXcxf/8eDMx4xEWO9/SuEZ7ZybrgiuZnL8g+hQ/h+NizjRbhH/7eykkarAzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

     

    Licensing Data-->

    Software Licensing service is not running.

     

    HWID Data-->

    HWID Hash Current: OAAAAAEAAgABAAIAAgABAAAABAABAAEAnJ/woPl9ROPqTkbGerKCRY3v8vTum+8uptk49KxW9Eg=

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: no, invalid SLIC table

    Windows marker version: N/A

    OEMID and OEMTableID Consistent: N/A

    BIOS Information:

      ACPI Table Name    OEMID Value            OEMTableID Value

      APIC                         DELL                          M07   

      FACP                                    DELL                          M07   

      HPET                                    DELL                          M07   

      MCFG                                   DELL                          M07   

      SLIC                         DELL                          M07   

      SSDT                                    PmRef             CpuPm

     

     If anyone can help, I would be very grateful.

    Tuesday, April 7, 2009 6:03 AM

Answers

  • Hi K Dinesh,

     
    The core of your issue centers on the line in your Diagnostic Report that reads:

    File Scan Data-->
    File Mismatch: C:\Windows\system32\Slsvc.exe[6.0.6000.16509]
    File Mismatch: C:\Windows\system32\kernel32.dll[6.0.6000.16509]

     

    This means the file has been Tampered, Modified or has become Corrupt. Vista see this as an attack to bypass it's Licensing security.

    To resolve the issue, you need to either repair or replace the file with a known-good one (of the proper file version)

     

    First try repairing Windows using System Restore:

    1)    Reboot Vista into Safe Mode
    2)    Go to Control Panel
    3)    On the left hand side of the Control Panel window, Click on "Classic View"
    4)    Double-click "Backup and Restore Center"
    5)    On the left hand side of the window, click "Repair Windows using system restore"
    6)    Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
    7)    Click the "Next" button.
    8)    Reboot back into Normal mode
    9)    Vista should no longer be in Reduced Functionality mode

     

    If that doesn't work, try doing a System Scan. The scan will look for bad Vista files and will attempt to repair them, if possible.
    1)    Login to Vista in Normal Mode (not safe mode)
    2)    Launch an Internet Browser
    3)    Type: %windir%\system32\ in the browser's address field
    4)    Scroll down till you find the file cmd.exe
    5)    Right-click the file and select 'Run as Administrator'
    6)    In the CMD window, type: sfc /scannow
    7)    Reboot twice and see if that resolves the issue.

    Because one of the files is kernel32.dll (basically the heart of Windows) If neither of these sets of steps resolves the issue, my only other suggestions would be to reinstall Vista.  You may also try contacting Vista support and see if they have other alternatives.

     

    If you find that you have to reinstall, first you will want to backup all your importent files off the computer. This can be difficult to do when Vista is in Reduced Functionality Mode.  It is easier if you login to Vista in Safe Mode, you should be able to freely navigate to your files in that mode.

    Thank you,
    Darin MS


    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.
    Tuesday, April 7, 2009 6:55 PM
  • oh, in addition, that fact that you are not able to browse to Anti-Virus related websites is a big indicator that you may have a Conflicker worm infection.

    Please see thread "How do you know if your Vista is Infected with Conficker" http://social.microsoft.com/Forums/en-US/genuinevista/thread/afd313cf-cc84-4e6c-b851-ba7cb4c448ef for additional information.

    Thank you,
    Darin MS


    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.
    Tuesday, April 7, 2009 7:01 PM

All replies

  • Hi K Dinesh,

     
    The core of your issue centers on the line in your Diagnostic Report that reads:

    File Scan Data-->
    File Mismatch: C:\Windows\system32\Slsvc.exe[6.0.6000.16509]
    File Mismatch: C:\Windows\system32\kernel32.dll[6.0.6000.16509]

     

    This means the file has been Tampered, Modified or has become Corrupt. Vista see this as an attack to bypass it's Licensing security.

    To resolve the issue, you need to either repair or replace the file with a known-good one (of the proper file version)

     

    First try repairing Windows using System Restore:

    1)    Reboot Vista into Safe Mode
    2)    Go to Control Panel
    3)    On the left hand side of the Control Panel window, Click on "Classic View"
    4)    Double-click "Backup and Restore Center"
    5)    On the left hand side of the window, click "Repair Windows using system restore"
    6)    Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
    7)    Click the "Next" button.
    8)    Reboot back into Normal mode
    9)    Vista should no longer be in Reduced Functionality mode

     

    If that doesn't work, try doing a System Scan. The scan will look for bad Vista files and will attempt to repair them, if possible.
    1)    Login to Vista in Normal Mode (not safe mode)
    2)    Launch an Internet Browser
    3)    Type: %windir%\system32\ in the browser's address field
    4)    Scroll down till you find the file cmd.exe
    5)    Right-click the file and select 'Run as Administrator'
    6)    In the CMD window, type: sfc /scannow
    7)    Reboot twice and see if that resolves the issue.

    Because one of the files is kernel32.dll (basically the heart of Windows) If neither of these sets of steps resolves the issue, my only other suggestions would be to reinstall Vista.  You may also try contacting Vista support and see if they have other alternatives.

     

    If you find that you have to reinstall, first you will want to backup all your importent files off the computer. This can be difficult to do when Vista is in Reduced Functionality Mode.  It is easier if you login to Vista in Safe Mode, you should be able to freely navigate to your files in that mode.

    Thank you,
    Darin MS


    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.
    Tuesday, April 7, 2009 6:55 PM
  • oh, in addition, that fact that you are not able to browse to Anti-Virus related websites is a big indicator that you may have a Conflicker worm infection.

    Please see thread "How do you know if your Vista is Infected with Conficker" http://social.microsoft.com/Forums/en-US/genuinevista/thread/afd313cf-cc84-4e6c-b851-ba7cb4c448ef for additional information.

    Thank you,
    Darin MS


    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.
    Tuesday, April 7, 2009 7:01 PM