Remove From My Forums

Unauthorised change to windows - but only on one user account

Question
0

Sign in to vote

This morning i woke to find a pop up on my desktop saying 'An unauthorised change has been made to windows'...

Thinking this was some sort of Malware (I've never seen it before) I closed the window, only to find the computer automatically logged me off.

Logging back on again just gave me a black screen with the same popup in the middle. I clicked on the link provided, which directed me to the microsoft website (therefore it wasn't a malware popup)

Attempting to follow the authentication steps resulted in failure is it could not complete the authentication. A second popup appeared asking to do the same thing, on and on in a never ending cycle. It was also directing me to a screen to purchase Windows 7. I was beginning to think this could be a scam by Microsoft to bully people into upgrading their OS.

I rebooted in safe mode, and ran Malwarebytes and found nothing untoward was lurking.

I then tried to restart in normal mode, but this time logging on to my partner's account (I created one for her a while back after her laptop HDD failed)

This user account booted up successfully without the anauthorised change to windows error. Everything was fine with that account.

Next, I restarted in safemode, logging into my own one (being the administrator account), and created a third User account with full administrator privileges.

Rebooted again normally, this time logging into the newly created administrator account.

Everything fine. So now all my important files and folders from the old account are being transferred to the new one.

Hopefully it won't happen again. I do ponder though what exactly happened to cause that issue with the main User account though. Presumably something got corrupted, but what?

I've also noticed a post here on the forum about Avast being the cause of the authentication issue, however no one has posted anything on that thread about it effecting only one User account, so I don't think Avast is the cause in this instance.

The computer has 64bit Vista Home premium OEM installed. It is a modified (now almost custom built) Packard Bell. It originally came with a 32bit OS which did not fit my needs since I do a lot of 3d CGI work, so decided to purchase a 64 bit version when I made the RAM and graphics card upgrades. The 64 bit OS was purchased quite a while back and has never been an issue. I've seen some threads relating to authentication errors with OEM, but again I do not think this is an issue - especially as no hardware upgrade has been performed since the initial installation of the OS.

I post this thread in hope someone can shed some light on what caused that particular user profile to become corrupted and cause this error.(Or indeed if that is the error)

Hopefully the issue will not resurface again...

Thursday, July 7, 2011 11:59 AM

Answers

0

Sign in to vote
"silverwolfy" wrote in message news:ad98c509-677c-431b-8ef1-8100ff8f2ca3...

Hi Noel, thanks for getting back to me.

It happened again with the newly created user account, so I rebooted in safe mode and uninstalled Avast. Lo and behold, it is working again.

I made a note of the errors on the windows anauthorised change issue:

0xC004D401

System file mismatch error

Also, attempting to run the windows validation returns, "Windows Validation Interrupted" in a big green box on the browser.

I tried to run the executable to start the diagnostics, and got, "Not enough quota available to fix command"

So, after restarting in safe mode, and uninstalling Avast, I'm able to get in again on a normal boot.

On running the diagonstics, I got this: (I hashed out part of the Product ID key to stop someone else getting their hands on it)

Now off to find a new AV software.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-RHGF7-TW69K-498W4
Windows Product Key Hash: FF7Db3SU0OolNsgKDQjA9pFrjeY=
Windows Product ID: *****-OEM-*******-87060
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000009
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error: K:20110707021413331-M:20110707150740105-

The Product ID is public knowledge :) - it's the Key that is 'secret', and the MGADiag report takes care of that so that it can't be used to create a valid one.

Nice catch about Avast :)

Interestingly it looks as if you may still have a problem - there's two Tampers (TTS Error) noted in the report, and usually removing Avast kills both stone dead, but the time on one is 15:07, which is only about 30 minutes before your post.

To check this, please reboot your machine TWICE, then attempt manual validation at www.microsoft.com/genuine/validate and then run another MGADiag report.

post the results.

--

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Proposed as answer by Darin Smith MS Thursday, July 7, 2011 10:23 PM
- Marked as answer by Darin Smith MS Monday, July 18, 2011 9:00 PM
Thursday, July 7, 2011 5:20 PM

Moderator

All replies

0

Sign in to vote

"silverwolfy" wrote in message news:a39cfcaf-6f96-4478-8b8e-9e5648dceac8...

This morning i woke to find a pop up on my desktop saying 'An unauthorised change has been made to windows'...

Thinking this was some sort of Malware (I've never seen it before) I closed the window, only to find the computer automatically logged me off.

Logging back on again just gave me a black screen with the same popup in the middle. I clicked on the link provided, which directed me to the microsoft website (therefore it wasn't a malware popup)

Attempting to follow the authentication steps resulted in failure is it could not complete the authentication. A second popup appeared asking to do the same thing, on and on in a never ending cycle. It was also directing me to a screen to purchase Windows 7. I was beginning to think this could be a scam by Microsoft to bully people into upgrading their OS.

I rebooted in safe mode, and ran Malwarebytes and found nothing untoward was lurking.

I then tried to restart in normal mode, but this time logging on to my partner's account (I created one for her a while back after her laptop HDD failed)

This user account booted up successfully without the anauthorised change to windows error. Everything was fine with that account.

Next, I restarted in safemode, logging into my own one (being the administrator account), and created a third User account with full administrator privileges.

Rebooted again normally, this time logging into the newly created administrator account.

Everything fine. So now all my important files and folders from the old account are being transferred to the new one.

Hopefully it won't happen again. I do ponder though what exactly happened to cause that issue with the main User account though. Presumably something got corrupted, but what?

I've also noticed a post here on the forum about Avast being the cause of the authentication issue, however no one has posted anything on that thread about it effecting only one User account, so I don't think Avast is the cause in this instance.

The computer has 64bit Vista Home premium OEM installed. It is a modified (now almost custom built) Packard Bell. It originally came with a 32bit OS which did not fit my needs since I do a lot of 3d CGI work, so decided to purchase a 64 bit version when I made the RAM and graphics card upgrades. The 64 bit OS was purchased quite a while back and has never been an issue. I've seen some threads relating to authentication errors with OEM, but again I do not think this is an issue - especially as no hardware upgrade has been performed since the initial installation of the OS.

I post this thread in hope someone can shed some light on what caused that particular user profile to become corrupted and cause this error.(Or indeed if that is the error)

Hopefully the issue will not resurface again...

This sounds like malware - please run an MGADiag report in the affected account, then reboot the machine to the unaffected account (do NOT logout and log in - restart please!), and run another MGADiag report.

....To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
Once saved, run the tool.
Click on the Continue button, which will produce the report.
To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.

--

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Thursday, July 7, 2011 12:44 PM

Moderator
0

Sign in to vote

Hi Noel, thanks for getting back to me.

It happened again with the newly created user account, so I rebooted in safe mode and uninstalled Avast. Lo and behold, it is working again.

I made a note of the errors on the windows anauthorised change issue:

0xC004D401

System file mismatch error

Also, attempting to run the windows validation returns, "Windows Validation Interrupted" in a big green box on the browser.

I tried to run the executable to start the diagnostics, and got, "Not enough quota available to fix command"

So, after restarting in safe mode, and uninstalling Avast, I'm able to get in again on a normal boot.

On running the diagonstics, I got this: (I hashed out part of the Product ID key to stop someone else getting their hands on it)

Now off to find a new AV software.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-RHGF7-TW69K-498W4
Windows Product Key Hash: FF7Db3SU0OolNsgKDQjA9pFrjeY=
Windows Product ID: *****-OEM-*******-87060
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000009
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error: K:20110707021413331-M:20110707150740105-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-498W4</PKey><PID>89583-OEM-7359972-87060</PID><PIDType>3</PIDType><SID>S-1-5-21-4251014459-3832437721-376091308</SID><SYSTEM><Manufacturer>Packard Bell BV</Manufacturer><Model>IMEDIA X2416</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>PBDV11.P04</Version><SMBIOSVersion major="2" minor="5"/><Date>20080901000000.000000+000</Date></BIOS><HWID>CA303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>PacBel</OEMID><OEMTableID>PBDT000A</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAACAAAAEuNQQIAAAAAYWECAAAAAABQ3BZ0KjzMARhy9171jCizkdIEkQaJZ67Pi0l4xkLJkQtj/IvCxed8samaxmqMIgkKxUq3yDC13yd7IPmIgITKmLNv1wD2WLYR4PUy2eBMT+WTZoPGjdKZqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsOgBe4wEVRYcHWzat6M07q88GxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeu7GlAg+ptdt+Q/egEuYHp+n5ktOt2CEXw+NOc2bwHcSkneyD5iICEypizb9cA9li2/m9V//msH5u76uaWZUMS96mjnBHePB2LDp7apxATyFCKmjFUudMbBoU4rtr9x04y5c7GrsNazemD7b74ZYJrDoAXuMBFUWHB1s2rejNO6vPBsQaaKdFsIrgV2uR17s7NTlOZKSOCpvN3B2TJ+QZmNh3Sjw/LTWJMD9+CvRJIn/ozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnru+P5ofQIQuQEVcy/CxiJgtW/BkXtak9viQYw3yLOTPwzDmK9l/JOUcNossB+uJVcRbNo2HijPToOC4tc8uykd0LUv4Mdy+wjEzV+1V/c3vQkzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7qtEQf8LoemSJ+jz0ZAYaaw801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDA==

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_COA_NSLP channel
Activation ID: f3acdd3c-119a-4932-a3d7-0b6f33a1dca9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89583-00146-599-787060-02-2057-6001.0000-0782009
Installation ID: 002265286003053823243513823231832046688611120924864175
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: 498W4
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAEABAABAAEAAQACAAAAAgABAAEA6GGeKaDHFNwWpbRz7MXofZb88vS2aigtkrysVkxY

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name    OEMID Value    OEMTableID Value
APIC            090108        APIC1108
FACP            090108        FACP1108
HPET            090108        OEMHPET0
MCFG            090108        OEMMCFG
WDRT            090108        NV-WDRT
SLIC            PacBel        PBDT000A
OEMB            090108        OEMB1108
NVHD            090108        NVHDCP
SSDT            DpgPmm        CpuPm

Thursday, July 7, 2011 2:41 PM
0

Sign in to vote
"silverwolfy" wrote in message news:ad98c509-677c-431b-8ef1-8100ff8f2ca3...

Hi Noel, thanks for getting back to me.

It happened again with the newly created user account, so I rebooted in safe mode and uninstalled Avast. Lo and behold, it is working again.

I made a note of the errors on the windows anauthorised change issue:

0xC004D401

System file mismatch error

Also, attempting to run the windows validation returns, "Windows Validation Interrupted" in a big green box on the browser.

I tried to run the executable to start the diagnostics, and got, "Not enough quota available to fix command"

So, after restarting in safe mode, and uninstalling Avast, I'm able to get in again on a normal boot.

On running the diagonstics, I got this: (I hashed out part of the Product ID key to stop someone else getting their hands on it)

Now off to find a new AV software.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-RHGF7-TW69K-498W4
Windows Product Key Hash: FF7Db3SU0OolNsgKDQjA9pFrjeY=
Windows Product ID: *****-OEM-*******-87060
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000009
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error: K:20110707021413331-M:20110707150740105-

The Product ID is public knowledge :) - it's the Key that is 'secret', and the MGADiag report takes care of that so that it can't be used to create a valid one.

Nice catch about Avast :)

Interestingly it looks as if you may still have a problem - there's two Tampers (TTS Error) noted in the report, and usually removing Avast kills both stone dead, but the time on one is 15:07, which is only about 30 minutes before your post.

To check this, please reboot your machine TWICE, then attempt manual validation at www.microsoft.com/genuine/validate and then run another MGADiag report.

post the results.

--

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Proposed as answer by Darin Smith MS Thursday, July 7, 2011 10:23 PM
- Marked as answer by Darin Smith MS Monday, July 18, 2011 9:00 PM
Thursday, July 7, 2011 5:20 PM

Moderator
0

Sign in to vote

Hi Noel,

Here's the result of the MGAdiag after two reboots.

What's also interesting to me is the first TTS entry, which seemed to have occurred at 0214. The 1507 would have corresponded to the time I uninstalled Avast. I wonder if 0214 was the time when Avast updated itself and created the problem. I had the computer switched on over night. Usually I leave it switched on because I run a lot of renders and/or simulation algorithms overnight so I can view the results in the morning.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-RHGF7-TW69K-498W4
Windows Product Key Hash: FF7Db3SU0OolNsgKDQjA9pFrjeY=
Windows Product ID: 89583-OEM-7359972-87060
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000009
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error: K:20110707021413331-M:20110707150740105-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-498W4</PKey><PID>89583-OEM-7359972-87060</PID><PIDType>3</PIDType><SID>S-1-5-21-4251014459-3832437721-376091308</SID><SYSTEM><Manufacturer>Packard Bell BV</Manufacturer><Model>IMEDIA X2416</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>PBDV11.P04</Version><SMBIOSVersion major="2" minor="5"/><Date>20080901000000.000000+000</Date></BIOS><HWID>CA303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>PacBel</OEMID><OEMTableID>PBDT000A</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAACAAAAEuNQQIAAAAAYWECAAAAAABQ3BZ0KjzMARhy9171jCizkdIEkQaJZ67Pi0l4xkLJkQtj/IvCxed8samaxmqMIgkKxUq3yDC13yd7IPmIgITKmLNv1wD2WLYR4PUy2eBMT+WTZoPGjdKZqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsOgBe4wEVRYcHWzat6M07q88GxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeu7GlAg+ptdt+Q/egEuYHp+n5ktOt2CEXw+NOc2bwHcSkneyD5iICEypizb9cA9li2/m9V//msH5u76uaWZUMS96mjnBHePB2LDp7apxATyFCKmjFUudMbBoU4rtr9x04y5c7GrsNazemD7b74ZYJrDoAXuMBFUWHB1s2rejNO6vPBsQaaKdFsIrgV2uR17s7NTlOZKSOCpvN3B2TJ+QZmNh3Sjw/LTWJMD9+CvRJIn/ozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnru+P5ofQIQuQEVcy/CxiJgtW/BkXtak9viQYw3yLOTPwzDmK9l/JOUcNossB+uJVcRbNo2HijPToOC4tc8uykd0LUv4Mdy+wjEzV+1V/c3vQkzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7qtEQf8LoemSJ+jz0ZAYaaw801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDA==

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_COA_NSLP channel
Activation ID: f3acdd3c-119a-4932-a3d7-0b6f33a1dca9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89583-00146-599-787060-02-2057-6001.0000-0782009
Installation ID: 002265286003053823243513823231832046688611120924864175
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: 498W4
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAEABAABAAEAAQACAAAAAgABAAEA6GGeKaDHFNwWpbRz7MXofZb88vS2aigtkrysVkxY

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name    OEMID Value    OEMTableID Value
APIC            090108        APIC1108
FACP            090108        FACP1108
HPET            090108        OEMHPET0
MCFG            090108        OEMMCFG
WDRT            090108        NV-WDRT
SLIC            PacBel        PBDT000A
OEMB            090108        OEMB1108
NVHD            090108        NVHDCP
SSDT            DpgPmm        CpuPm

Thursday, July 7, 2011 11:46 PM
0

Sign in to vote

"silverwolfy" wrote in message news:969d7361-c889-4a7b-870d-71addf4aa1c8...

Hi Noel,

Here's the result of the MGAdiag after two reboots.

What's also interesting to me is the first TTS entry, which seemed to have occurred at 0214. The 1507 would have corresponded to the time I uninstalled Avast. I wonder if 0214 was the time when Avast updated itself and created the problem. I had the computer switched on over night. Usually I leave it switched on because I run a lot of renders and/or simulation algorithms overnight so I can view the results in the morning.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-RHGF7-TW69K-498W4
Windows Product Key Hash: FF7Db3SU0OolNsgKDQjA9pFrjeY=
Windows Product ID: 89583-OEM-7359972-87060
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6001.2.00010300.1.0.003

Good - the time hasn't changed (and it normally seems to be set to the boot time of the last boot in an affected system - I do wish MS would get the system to clear the entry at some point... Darin? is there any way to do this to clean up people's history?)

I suspect that you're right about the 0214 timestamp. Do you remember when you upgraded to v6?

(oh - and you really should update to SP2, unless you have reasons not to.)

--

Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

Friday, July 8, 2011 10:50 AM

Moderator
0

Sign in to vote

Good - the time hasn't changed (and it normally seems to be set to the boot time of the last boot in an affected system - I do wish MS would get the system to clear the entry at some point... Darin? is there any way to do this to clean up people's history?)

Noel: Short of a reinstall, no, not that I am aware of :( It doesn't hurt anything, it's just annoying to those of us that read Diagnostic Reports for fun and profit.

Silverwolfy: Your Diagnostic Report looks good now, but I just want to confirm the issue is resolved (I wasn't sure of it from your last post)

Darin MS

Wednesday, July 13, 2011 9:50 PM

Answered by:

Unauthorised change to windows - but only on one user account

Question

Answers

All replies