Answered by:
Get an error saying "an unauthorised change was made to windows"

Question
-
Hi,
Yesterday, out of the blue I got the above error message when I booted my laptop. I tried using system restore to restore my laptop to a week back and everything was working again. Today, I again got the same error message and now the earlier restore point is not available. Now, I am able to use my internet explorer to browse to all non-microsoft and non-anti virus related pages. Weird. I am browsing this forum using my other PC. I am not able to understand this problem. After looking at a few forums, I used the wga diagnostic tool. The results are as follows:
Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Invalid License
Validation Code: 50
Online Validation Code: 0x80070426
Cached Validation Code: N/A, hr = 0x80070426
Windows Product Key: *****-*****-2BKKR-2R3V2-4CX7X
Windows Product Key Hash: 3aEbS3XVvybUk06FBO6U9HAY9zo=
Windows Product ID: 89578-022-6648902-71681
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.0.6000.2.00010300.0.0.003
ID: {2A1BC1A8-C7AD-4CD0-8B2C-5B021EC36ABF}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6000.vista_gdr.071023-1545
TTS Error: K:20090403152926588-M:20090407100706976-
Validation Diagnostic:
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\Slsvc.exe[6.0.6000.16509]
File Mismatch: C:\Windows\system32\kernel32.dll[6.0.6000.16386]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2A1BC1A8-C7AD-4CD0-8B2C-5B021EC36ABF}</UGUID><Version>1.9.0006.1</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4CX7X</PKey><PID>89578-022-6648902-71681</PID><PIDType>5</PIDType><SID>S-1-5-21-1511664710-3298486934-3761704801</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude D520 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="4"/><Date>20070528000000.000000+000</Date></BIOS><HWID>D5313507018400EE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M07 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57978</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAABAAAAM77EwAAAAAAYWECADAgAAAARa6RN7TJARhDs/4hWdo7Xkl9D+HKpniIc9WnUpPKoiE4Id3d81oyBnvxIiDYpCV4A3NcPj/rL+fDvX0zCybmDilyQLttVIzs6qJDUVUmNehgxfByr0h7sEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTCDPKtQZQFIQcDXIAwFGl6D9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo72qUqYYmAlRJO05+WV1r70w2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMaAuhJTLs0JLTtRuBQw/+Cs3Ppq19OXQ9Lu6mLTMlyJ4jRF/UyoDcPmxZ8TDtZ41/XhUTLTluZ4S7fLa/gWBR4KostOvttek9/t2KR7P+ImfkvDxiVcwE2xHkprZh79txbM4In7e6IxLW1UibwDABMDSkqs5hKGcTzKr4HYhiEDk/b40i1fXcxf/8eDMx4xEWO9/SuEZ7ZybrgiuZnL8g+hQ/h+NizjRbhH/7eykkarAzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zL/ZvQlvG7HjhiKVXSmQsoSuyL19t9ipbnCaKg3tO8ZKI0Rf1MqA3D5sWfEw7WeNf0x5sPx7o3JsEvk2XQQP26+qLLTr7bXpPf7dikez/iJn5Lw8YlXMBNsR5Ka2Ye/bcWzOCJ+3uiMS1tVIm8AwATA0pKrOYShnE8yq+B2IYhA5P2+NItX13MX//HgzMeMRFjvf0rhGe2cm64IrmZy/IPoUP4fjYs40W4R/+3spJGqwM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMwjAA57nf+3G2uRi6SlHKOUs3W15veHKGFNoFkMYC8o6yNEX9TKgNw+bFnxMO1njX87Tsz7+nzAr63ipjcGsOEtqiy06+216T3+3YpHs/4iZ+S8PGJVzATbEeSmtmHv23Fszgift7ojEtbVSJvAMAEwNKSqzmEoZxPMqvgdiGIQOT9vjSLV9dzF//x4MzHjERY739K4RntnJuuCK5mcvyD6FD+H42LONFuEf/t7KSRqsDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4nGX3+sI12R07/dldtMIcLhmcD+3bxxTv0ekmq9zS1E7nw719Mwsm5g4pckC7bVSMjH+xk52fCrUAwf8tTc45YLBBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwgzyrUGUBSEHA1yAMBRpeg/UvxlA2HnHjxUSjP5Xkve28TlVZvXyAmVJHx3QzW6O9qlKmGJgJUSTtOfllda+9MNjuj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zIhLeic3SLZ4QnbmlmKfGtn+HmDs2RbE5ydYtByD/b7GI0Rf1MqA3D5sWfEw7WeNf6U9OuvReClwnlTzr8ia/B2qLLTr7bXpPf7dikez/iJn5Lw8YlXMBNsR5Ka2Ye/bcWzOCJ+3uiMS1tVIm8AwATA0pKrOYShnE8yq+B2IYhA5P2+NItX13MX//HgzMeMRFjvf0rhGe2cm64IrmZy/IPoUP4fjYs40W4R/+3spJGqwM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMyHZIniU3kfVVRmzmr/PG+AmccN0xjKWZIPWLSWuCrHvyNEX9TKgNw+bFnxMO1njX9oSjTQl4A+WDiQaH/qz5oFqiy06+216T3+3YpHs/4iZ+S8PGJVzATbEeSmtmHv23Fszgift7ojEtbVSJvAMAEwNKSqzmEoZxPMqvgdiGIQOT9vjSLV9dzF//x4MzHjERY739K4RntnJuuCK5mcvyD6FD+H42LONFuEf/t7KSRqsDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMyOXbNPvbiXlTLhZTBAg5RtC81gOboh6EniYfhcWbeWcc5WymlRwYw+khP+Aio3jrHe337kOo3Ov8bh7iCU+nxNuzii1kzd/8Rcp4Jg92n1kHeQVrrfrw9xajpB+asGN6HCYVy+Af0rpUT5pEUleqDz/Sko7v7fb7vS11IJ3mTvCbkJz6Jhm/VbqQCWmaNuUiCcRjeYT5WF6tgBQ7IQZvOjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zMjl2zT724l5Uy4WUwQIOUYnfCP+Nv4iYhRHm9Od6uKBI0Rf1MqA3D5sWfEw7WeNf7LHWTJMlN/KIVdwGoIVT9yqLLTr7bXpPf7dikez/iJn5Lw8YlXMBNsR5Ka2Ye/bcWzOCJ+3uiMS1tVIm8AwATA0pKrOYShnE8yq+B2IYhA5P2+NItX13MX//HgzMeMRFjvf0rhGe2cm64IrmZy/IPoUP4fjYs40W4R/+3spJGqwM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMw6iP7fubgMmZytUYKBOxoBZQvnU588BB8mdZUXySuLwhzlbKaVHBjD6SE/4CKjeOsd7ffuQ6jc6/xuHuIJT6fE27OKLWTN3/xFyngmD3afWQd5BWut+vD3FqOkH5qwY3ocJhXL4B/SulRPmkRSV6oPP9KSju/t9vu9LXUgneZO8JuQnPomGb9VupAJaZo25SIJxGN5hPlYXq2AFDshBm86M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMOoj+37m4DJmcrVGCgTsaASX/YXmLdfqp4PJM842vq3sjRF/UyoDcPmxZ8TDtZ41/0L0ihAQck3ytfE1Nura5/KostOvttek9/t2KR7P+ImfkvDxiVcwE2xHkprZh79txbM4In7e6IxLW1UibwDABMDSkqs5hKGcTzKr4HYhiEDk/b40i1fXcxf/8eDMx4xEWO9/SuEZ7ZybrgiuZnL8g+hQ/h+NizjRbhH/7eykkarAzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
Licensing Data-->
Software Licensing service is not running.
HWID Data-->
HWID Hash Current: OAAAAAEAAgABAAIAAgABAAAABAABAAEAnJ/woPl9ROPqTkbGerKCRY3v8vTum+8uptk49KxW9Eg=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: no, invalid SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M07
FACP DELL M07
HPET DELL M07
MCFG DELL M07
SLIC DELL M07
SSDT PmRef CpuPm
If anyone can help, I would be very grateful.
Tuesday, April 7, 2009 6:03 AM
Answers
-
Hi K Dinesh,
The core of your issue centers on the line in your Diagnostic Report that reads:File Scan Data-->
File Mismatch: C:\Windows\system32\Slsvc.exe[6.0.6000.16509]
File Mismatch: C:\Windows\system32\kernel32.dll[6.0.6000.16509]This means the file has been Tampered, Modified or has become Corrupt. Vista see this as an attack to bypass it's Licensing security.
To resolve the issue, you need to either repair or replace the file with a known-good one (of the proper file version)
First try repairing Windows using System Restore:
1) Reboot Vista into Safe Mode
2) Go to Control Panel
3) On the left hand side of the Control Panel window, Click on "Classic View"
4) Double-click "Backup and Restore Center"
5) On the left hand side of the window, click "Repair Windows using system restore"
6) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
7) Click the "Next" button.
8) Reboot back into Normal mode
9) Vista should no longer be in Reduced Functionality modeIf that doesn't work, try doing a System Scan. The scan will look for bad Vista files and will attempt to repair them, if possible.
1) Login to Vista in Normal Mode (not safe mode)
2) Launch an Internet Browser
3) Type: %windir%\system32\ in the browser's address field
4) Scroll down till you find the file cmd.exe
5) Right-click the file and select 'Run as Administrator'
6) In the CMD window, type: sfc /scannow
7) Reboot twice and see if that resolves the issue.Because one of the files is kernel32.dll (basically the heart of Windows) If neither of these sets of steps resolves the issue, my only other suggestions would be to reinstall Vista. You may also try contacting Vista support and see if they have other alternatives.
If you find that you have to reinstall, first you will want to backup all your importent files off the computer. This can be difficult to do when Vista is in Reduced Functionality Mode. It is easier if you login to Vista in Safe Mode, you should be able to freely navigate to your files in that mode.
Thank you,
Darin MS
Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.- Marked as answer by Darin Smith MS Tuesday, April 7, 2009 6:58 PM
Tuesday, April 7, 2009 6:55 PM -
oh, in addition, that fact that you are not able to browse to Anti-Virus related websites is a big indicator that you may have a Conflicker worm infection.
Please see thread "How do you know if your Vista is Infected with Conficker" http://social.microsoft.com/Forums/en-US/genuinevista/thread/afd313cf-cc84-4e6c-b851-ba7cb4c448ef for additional information.
Thank you,
Darin MS
Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.- Marked as answer by Darin Smith MS Tuesday, April 7, 2009 7:02 PM
Tuesday, April 7, 2009 7:01 PM
All replies
-
Hi K Dinesh,
The core of your issue centers on the line in your Diagnostic Report that reads:File Scan Data-->
File Mismatch: C:\Windows\system32\Slsvc.exe[6.0.6000.16509]
File Mismatch: C:\Windows\system32\kernel32.dll[6.0.6000.16509]This means the file has been Tampered, Modified or has become Corrupt. Vista see this as an attack to bypass it's Licensing security.
To resolve the issue, you need to either repair or replace the file with a known-good one (of the proper file version)
First try repairing Windows using System Restore:
1) Reboot Vista into Safe Mode
2) Go to Control Panel
3) On the left hand side of the Control Panel window, Click on "Classic View"
4) Double-click "Backup and Restore Center"
5) On the left hand side of the window, click "Repair Windows using system restore"
6) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
7) Click the "Next" button.
8) Reboot back into Normal mode
9) Vista should no longer be in Reduced Functionality modeIf that doesn't work, try doing a System Scan. The scan will look for bad Vista files and will attempt to repair them, if possible.
1) Login to Vista in Normal Mode (not safe mode)
2) Launch an Internet Browser
3) Type: %windir%\system32\ in the browser's address field
4) Scroll down till you find the file cmd.exe
5) Right-click the file and select 'Run as Administrator'
6) In the CMD window, type: sfc /scannow
7) Reboot twice and see if that resolves the issue.Because one of the files is kernel32.dll (basically the heart of Windows) If neither of these sets of steps resolves the issue, my only other suggestions would be to reinstall Vista. You may also try contacting Vista support and see if they have other alternatives.
If you find that you have to reinstall, first you will want to backup all your importent files off the computer. This can be difficult to do when Vista is in Reduced Functionality Mode. It is easier if you login to Vista in Safe Mode, you should be able to freely navigate to your files in that mode.
Thank you,
Darin MS
Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.- Marked as answer by Darin Smith MS Tuesday, April 7, 2009 6:58 PM
Tuesday, April 7, 2009 6:55 PM -
oh, in addition, that fact that you are not able to browse to Anti-Virus related websites is a big indicator that you may have a Conflicker worm infection.
Please see thread "How do you know if your Vista is Infected with Conficker" http://social.microsoft.com/Forums/en-US/genuinevista/thread/afd313cf-cc84-4e6c-b851-ba7cb4c448ef for additional information.
Thank you,
Darin MS
Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful" button for that post. This will help us showcase the threads that best help our customers.- Marked as answer by Darin Smith MS Tuesday, April 7, 2009 7:02 PM
Tuesday, April 7, 2009 7:01 PM