none
Help - An unauthorized change to windows?

    Question

  • Diagnostic Report (1.9.0019.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50

    Cached Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-WRM6D-3RPXT-2V7GR
    Windows Product Key Hash: 4LO/4hv3KjBdeK/bB8H9JqmXuLo=
    Windows Product ID: 89578-OEM-7332157-00078
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6000.2.00010300.0.0.003
    ID: {00AC7D95-0E1A-48E5-9880-02D2C9FE68A7}(3)
    Is Admin: No
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6000.vista_gdr.100218-0019
    TTS Error: M:20130417210920925-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 114 Blocked VLK 2
    Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{00AC7D95-0E1A-48E5-9880-02D2C9FE68A7}</UGUID><Version>1.9.0019.0</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2V7GR</PKey><PID>89578-OEM-7332157-00078</PID><PIDType>2</PIDType><SID>S-1-5-21-3027376340-3935330179-3334190306</SID><SYSTEM><Manufacturer>FUJITSU SIEMENS</Manufacturer><Model>AMILO Pi 2515</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>1.01C</Version><SMBIOSVersion major="2" minor="4"/><Date>20070504000000.000000+000</Date></BIOS><HWID>3D323507018400FA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>FSC   </OEMID><OEMTableID>PC      </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17557</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAADkYAAAAAAAAYWECANNwr60ALj9HamvNARhDs/4hWdo7Xkl9D+HKpnjlsZLGh3RRZyZs+Lof6Ij2jKic13Iey19bm2frYTReFlF0H9Oh+hJEw7XKSAShRbf1+uRnTbdEwTpyAVjRUiwK1mjkjzXhcq94m48ceJqGOPu1UvB7bxiIfUEtgIRGphkOSa+EGUYcOX5/UvkAHnVxZcgJE7vAy9kku8TlF45JWpsbJiscvAYWgzyFZ0z79y0OKm53Bw867hHNE43WvZqUI0Rf1MqA3D5sWfEw7WeNfzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4vYuwxito0gvyBeHJH/dxz95Nbx2nXeopY667GyDUX4c8ZiIZ8SUultqIbAs2na9C1Sj/LAhqXs2t/IiFIN/c6QbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqVoAPcagik9qcs1OIpJlV3FB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhN6aSh4VagsJL2g8wUu0UX/NNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmePYDh/ON143A4B56kDEA40dicj2leGZiXQ3JKfJekvyOPGYiGfElLpbaiGwLNp2vQsH+lFsKGG9nkFafwqeDZdYG1TrPLPe/1nYysgdr3Hdbdw0/pgklHNnewY9kx1q4KlaAD3GoIpPanLNTiKSZVdxQfGFx/fxqQlaOtMWZ2Kjcbgxuxl0kUGXogPxno+DM4TemkoeFWoLCS9oPMFLtFF/zTX6H4yxMWRGUnZkCNECIM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhDs/4hWdo7Xkl9D+HKpnhJ3fqXcSQwE3hWXBWyn56bFqf0gX1VYZ8Wh37PkKJS91F0H9Oh+hJEw7XKSAShRbfJgSwh76fEqq1LZdniV8O71mjkjzXhcq94m48ceJqGOPu1UvB7bxiIfUEtgIRGphkOSa+EGUYcOX5/UvkAHnVxZcgJE7vAy9kku8TlF45JWpsbJiscvAYWgzyFZ0z79y0OKm53Bw867hHNE43WvZqUI0Rf1MqA3D5sWfEw7WeNfzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4hPoA9C0fLanUUCCI+oc0c23n8t3NkDELM3BhsoT661baCr5CXGM0f+h/143qcXGZTApxph7AdHesEjCtGLrwwwbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqVoAPcagik9qcs1OIpJlV3FB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4Mzhbaxa+7LoNdRPuFoieetYPfNNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmeApFmWqvfSQYUolI+gxiu4LaWhgcQ5ThR2BpAQtoIhhwPGYiGfElLpbaiGwLNp2vQhyiwpaWmZl4Gb0tp/2da7UG1TrPLPe/1nYysgdr3Hdbdw0/pgklHNnewY9kx1q4KlaAD3GoIpPanLNTiKSZVdxQfGFx/fxqQlaOtMWZ2Kjcbgxuxl0kUGXogPxno+DM4TemkoeFWoLCS9oPMFLtFF/zTX6H4yxMWRGUnZkCNECIM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhDs/4hWdo7Xkl9D+HKpniUa3s/Oe/QaFFwvymgXyf0NmwPxkDcG8Sge4E373Y//VF0H9Oh+hJEw7XKSAShRbdMrFHXNluNFnjyiD1+cAEC1mjkjzXhcq94m48ceJqGOPu1UvB7bxiIfUEtgIRGphkOSa+EGUYcOX5/UvkAHnVxZcgJE7vAy9kku8TlF45JWpsbJiscvAYWgzyFZ0z79y0OKm53Bw867hHNE43WvZqUI0Rf1MqA3D5sWfEw7WeNfzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

    Licensing Data-->
    Software Licensing service is not running.

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: OAAAAAEAAwABAAIAAQABAAAABAABAAEAJJRw+vq5YlgKsUaDcpIOj7Al8vQy2DgN/lOsVrLXKoU=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            INTEL         CRESTLNE
      FACP            INTEL         CRESTLNE
      HPET            INTEL         CRESTLNE
      MCFG            INTEL         CRESTLNE
      TMOR            PTLTD                 
      APIC            INTEL         CRESTLNE
      SLIC            FSC           PC      
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci
      SSDT            SataRe        SataAhci

    What do I do now I have ran the diagnostic tool and got this code?? I cant find any email address for support ? what do I do next?

    Wednesday, April 17, 2013 9:23 PM

Answers

  • You wait for an answer like this :)

    You have a couple of problems

    1) a Mod Auth Tamper

    2) The Software Licensing Service is not running.

    3) a counterfeit installation of Office XP Pro

    Common causes for both the first two are malware.

    What Anti-Virus is installed? Is it up to date?

    Please download and install  Malwarebytes Anti-malware (free version) from  http://www.malwarebytes.org/products/malwarebytes_free/ - UNtick 'Enable free trial of MBAM PRO' at the end of the installation -  and update it, then run a full scan  in your main account, and Quick scans in any other user accounts.

     

    Delete everything it finds   

    Post back with a quick roundup of the results, and we'll see where to go next.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, April 17, 2013 9:51 PM
    Moderator