none
Unauthorised change to windows - but only on one user account

    Question

  • This morning i woke to find a pop up on my desktop saying 'An unauthorised change has been made to windows'...

    Thinking this was some sort of Malware (I've never seen it before) I closed the window, only to find the computer automatically logged me off.

    Logging back on again just gave me a black screen with the same popup in the middle. I clicked on the link provided, which directed me to the microsoft website (therefore it wasn't a malware popup)

    Attempting to follow the authentication steps resulted in failure is it could not complete the authentication. A second popup appeared asking to do the same thing, on and on in a never ending cycle. It was also directing me to a screen to purchase Windows 7. I was beginning to think this could be a scam by Microsoft to bully people into upgrading their OS.

    I rebooted in safe mode, and ran Malwarebytes and found nothing untoward was lurking.

    I then tried to restart in normal mode, but this time logging on to my partner's account (I created one for her a while back after her laptop HDD failed)

    This user account booted up successfully without the anauthorised change to windows error. Everything was fine with that account.

    Next, I restarted in safemode, logging into my own one (being the administrator account), and created a third User account with full administrator privileges.

    Rebooted again normally, this time logging into the newly created administrator account.

    Everything fine. So now all my important files and folders from the old account are being transferred to the new one.

    Hopefully it won't happen again. I do ponder though what exactly happened to cause that issue with the main User account though. Presumably something got corrupted, but what?

    I've also noticed a post here on the forum about Avast being the cause of the authentication issue, however no one has posted anything on that thread about it effecting only one User account, so I don't think Avast is the cause in this instance.

    The computer has 64bit Vista Home premium OEM installed. It is a modified (now almost custom built) Packard Bell. It originally came with a 32bit OS which did not fit my needs since I do a lot of 3d CGI work, so decided to purchase a 64 bit version when I made the RAM and graphics card upgrades. The 64 bit OS was purchased quite a while back and has never been an issue. I've seen some threads relating to authentication errors with OEM, but again I do not think this is an issue - especially as no hardware upgrade has been performed since the initial installation of the OS.

     

    I post this thread in hope someone can shed some light on what caused that particular user profile to become corrupted and cause this error.(Or indeed if that is the error)

    Hopefully the issue will not resurface again...

     

     

     

     

     

     

    Thursday, July 7, 2011 11:59 AM

Answers

  • "silverwolfy" wrote in message news:ad98c509-677c-431b-8ef1-8100ff8f2ca3...

    Hi Noel, thanks for getting back to me.

    It happened again with the newly created user account, so I rebooted in safe mode and uninstalled Avast. Lo and behold, it is working again.

    I made a note of the errors on the windows anauthorised change issue:

     

    0xC004D401

    System file mismatch error

     

    Also, attempting to run the windows validation returns, "Windows Validation Interrupted" in a big green box on the browser.

    I tried to run the executable to start the diagnostics, and got, "Not enough quota available to fix command"

     

    So, after restarting in safe mode, and uninstalling Avast, I'm able to get in again on a normal boot.

    On running the diagonstics, I got this: (I hashed out part of the Product ID key to stop someone else getting their hands on it)

     

    Now off to find a new AV software.

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-RHGF7-TW69K-498W4
    Windows Product Key Hash: FF7Db3SU0OolNsgKDQjA9pFrjeY=
    Windows Product ID: *****-OEM-*******-87060
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6001.vistasp1_gdr.101014-0432
    TTS Error: K:20110707021413331-M:20110707150740105-


    The Product ID is public knowledge :) - it's the Key that is 'secret', and the MGADiag report takes care of that so that it can't be used to create a valid one.
    Nice catch about Avast :)
     
    Interestingly it looks as if you may still have a problem - there's two Tampers (TTS Error) noted in the report, and usually removing Avast kills both stone dead, but the time on one is 15:07, which is only about 30 minutes before your post.
    To check this, please reboot your machine TWICE, then attempt manual validation at www.microsoft.com/genuine/validate and then run another MGADiag report.
    post the results.
     
    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, July 7, 2011 5:20 PM
    Moderator

All replies

  • "silverwolfy" wrote in message news:a39cfcaf-6f96-4478-8b8e-9e5648dceac8...

    This morning i woke to find a pop up on my desktop saying 'An unauthorised change has been made to windows'...

    Thinking this was some sort of Malware (I've never seen it before) I closed the window, only to find the computer automatically logged me off.

    Logging back on again just gave me a black screen with the same popup in the middle. I clicked on the link provided, which directed me to the microsoft website (therefore it wasn't a malware popup)

    Attempting to follow the authentication steps resulted in failure is it could not complete the authentication. A second popup appeared asking to do the same thing, on and on in a never ending cycle. It was also directing me to a screen to purchase Windows 7. I was beginning to think this could be a scam by Microsoft to bully people into upgrading their OS.

    I rebooted in safe mode, and ran Malwarebytes and found nothing untoward was lurking.

    I then tried to restart in normal mode, but this time logging on to my partner's account (I created one for her a while back after her laptop HDD failed)

    This user account booted up successfully without the anauthorised change to windows error. Everything was fine with that account.

    Next, I restarted in safemode, logging into my own one (being the administrator account), and created a third User account with full administrator privileges.

    Rebooted again normally, this time logging into the newly created administrator account.

    Everything fine. So now all my important files and folders from the old account are being transferred to the new one.

    Hopefully it won't happen again. I do ponder though what exactly happened to cause that issue with the main User account though. Presumably something got corrupted, but what?

    I've also noticed a post here on the forum about Avast being the cause of the authentication issue, however no one has posted anything on that thread about it effecting only one User account, so I don't think Avast is the cause in this instance.

    The computer has 64bit Vista Home premium OEM installed. It is a modified (now almost custom built) Packard Bell. It originally came with a 32bit OS which did not fit my needs since I do a lot of 3d CGI work, so decided to purchase a 64 bit version when I made the RAM and graphics card upgrades. The 64 bit OS was purchased quite a while back and has never been an issue. I've seen some threads relating to authentication errors with OEM, but again I do not think this is an issue - especially as no hardware upgrade has been performed since the initial installation of the OS.

     

    I post this thread in hope someone can shed some light on what caused that particular user profile to become corrupted and cause this error.(Or indeed if that is the error)

    Hopefully the issue will not resurface again...

     


     
    This sounds like malware - please run an MGADiag report in the affected account, then reboot the machine to the unaffected account (do NOT logout and log in - restart please!), and run another MGADiag report.
    ....To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
    Once saved, run the tool.
    Click on the Continue button, which will produce the report.
    To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.


    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, July 7, 2011 12:44 PM
    Moderator
  • Hi Noel, thanks for getting back to me.

    It happened again with the newly created user account, so I rebooted in safe mode and uninstalled Avast. Lo and behold, it is working again.

    I made a note of the errors on the windows anauthorised change issue:

     

    0xC004D401

    System file mismatch error

     

    Also, attempting to run the windows validation returns, "Windows Validation Interrupted" in a big green box on the browser.

    I tried to run the executable to start the diagnostics, and got, "Not enough quota available to fix command"

     

    So, after restarting in safe mode, and uninstalling Avast, I'm able to get in again on a normal boot.

    On running the diagonstics, I got this: (I hashed out part of the Product ID key to stop someone else getting their hands on it)

     

    Now off to find a new AV software.

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-RHGF7-TW69K-498W4
    Windows Product Key Hash: FF7Db3SU0OolNsgKDQjA9pFrjeY=
    Windows Product ID: *****-OEM-*******-87060
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6001.vistasp1_gdr.101014-0432
    TTS Error: K:20110707021413331-M:20110707150740105-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-498W4</PKey><PID>89583-OEM-7359972-87060</PID><PIDType>3</PIDType><SID>S-1-5-21-4251014459-3832437721-376091308</SID><SYSTEM><Manufacturer>Packard Bell BV</Manufacturer><Model>IMEDIA X2416</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>PBDV11.P04</Version><SMBIOSVersion major="2" minor="5"/><Date>20080901000000.000000+000</Date></BIOS><HWID>CA303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>PacBel</OEMID><OEMTableID>PBDT000A</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAEuNQQIAAAAAYWECAAAAAABQ3BZ0KjzMARhy9171jCizkdIEkQaJZ67Pi0l4xkLJkQtj/IvCxed8samaxmqMIgkKxUq3yDC13yd7IPmIgITKmLNv1wD2WLYR4PUy2eBMT+WTZoPGjdKZqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsOgBe4wEVRYcHWzat6M07q88GxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeu7GlAg+ptdt+Q/egEuYHp+n5ktOt2CEXw+NOc2bwHcSkneyD5iICEypizb9cA9li2/m9V//msH5u76uaWZUMS96mjnBHePB2LDp7apxATyFCKmjFUudMbBoU4rtr9x04y5c7GrsNazemD7b74ZYJrDoAXuMBFUWHB1s2rejNO6vPBsQaaKdFsIrgV2uR17s7NTlOZKSOCpvN3B2TJ+QZmNh3Sjw/LTWJMD9+CvRJIn/ozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnru+P5ofQIQuQEVcy/CxiJgtW/BkXtak9viQYw3yLOTPwzDmK9l/JOUcNossB+uJVcRbNo2HijPToOC4tc8uykd0LUv4Mdy+wjEzV+1V/c3vQkzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7qtEQf8LoemSJ+jz0ZAYaaw801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDA==

    Licensing Data-->
    Software licensing service version: 6.0.6001.18000
    Name: Windows(TM) Vista, HomePremium edition
    Description: Windows Operating System - Vista, OEM_COA_NSLP channel
    Activation ID: f3acdd3c-119a-4932-a3d7-0b6f33a1dca9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 89583-00146-599-787060-02-2057-6001.0000-0782009
    Installation ID: 002265286003053823243513823231832046688611120924864175
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
    Partial Product Key: 498W4
    License Status: Licensed

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NgAAAAEABAABAAEAAQACAAAAAgABAAEA6GGeKaDHFNwWpbRz7MXofZb88vS2aigtkrysVkxY

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            090108        APIC1108
      FACP            090108        FACP1108
      HPET            090108        OEMHPET0
      MCFG            090108        OEMMCFG
      WDRT            090108        NV-WDRT
      SLIC            PacBel        PBDT000A
      OEMB            090108        OEMB1108
      NVHD            090108        NVHDCP
      SSDT            DpgPmm        CpuPm



     

     

    Thursday, July 7, 2011 2:41 PM
  • "silverwolfy" wrote in message news:ad98c509-677c-431b-8ef1-8100ff8f2ca3...

    Hi Noel, thanks for getting back to me.

    It happened again with the newly created user account, so I rebooted in safe mode and uninstalled Avast. Lo and behold, it is working again.

    I made a note of the errors on the windows anauthorised change issue:

     

    0xC004D401

    System file mismatch error

     

    Also, attempting to run the windows validation returns, "Windows Validation Interrupted" in a big green box on the browser.

    I tried to run the executable to start the diagnostics, and got, "Not enough quota available to fix command"

     

    So, after restarting in safe mode, and uninstalling Avast, I'm able to get in again on a normal boot.

    On running the diagonstics, I got this: (I hashed out part of the Product ID key to stop someone else getting their hands on it)

     

    Now off to find a new AV software.

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-RHGF7-TW69K-498W4
    Windows Product Key Hash: FF7Db3SU0OolNsgKDQjA9pFrjeY=
    Windows Product ID: *****-OEM-*******-87060
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6001.vistasp1_gdr.101014-0432
    TTS Error: K:20110707021413331-M:20110707150740105-


    The Product ID is public knowledge :) - it's the Key that is 'secret', and the MGADiag report takes care of that so that it can't be used to create a valid one.
    Nice catch about Avast :)
     
    Interestingly it looks as if you may still have a problem - there's two Tampers (TTS Error) noted in the report, and usually removing Avast kills both stone dead, but the time on one is 15:07, which is only about 30 minutes before your post.
    To check this, please reboot your machine TWICE, then attempt manual validation at www.microsoft.com/genuine/validate and then run another MGADiag report.
    post the results.
     
    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, July 7, 2011 5:20 PM
    Moderator
  • Hi Noel,

     

    Here's the result of the MGAdiag after two reboots.

    What's also interesting to me is the first TTS entry, which seemed to have occurred at 0214. The 1507 would have corresponded to the time I uninstalled Avast. I wonder if 0214 was the time when Avast updated itself and created the problem. I had the computer switched on over night. Usually I leave it switched on because I run a lot of renders and/or simulation algorithms overnight so I can view the results in the morning.

     

     

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-RHGF7-TW69K-498W4
    Windows Product Key Hash: FF7Db3SU0OolNsgKDQjA9pFrjeY=
    Windows Product ID: 89583-OEM-7359972-87060
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6001.vistasp1_gdr.101014-0432
    TTS Error: K:20110707021413331-M:20110707150740105-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{BA33FC4E-6429-4D11-A85F-CEC9FE3BD452}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-498W4</PKey><PID>89583-OEM-7359972-87060</PID><PIDType>3</PIDType><SID>S-1-5-21-4251014459-3832437721-376091308</SID><SYSTEM><Manufacturer>Packard Bell BV</Manufacturer><Model>IMEDIA X2416</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>PBDV11.P04</Version><SMBIOSVersion major="2" minor="5"/><Date>20080901000000.000000+000</Date></BIOS><HWID>CA303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>PacBel</OEMID><OEMTableID>PBDT000A</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAEuNQQIAAAAAYWECAAAAAABQ3BZ0KjzMARhy9171jCizkdIEkQaJZ67Pi0l4xkLJkQtj/IvCxed8samaxmqMIgkKxUq3yDC13yd7IPmIgITKmLNv1wD2WLYR4PUy2eBMT+WTZoPGjdKZqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsOgBe4wEVRYcHWzat6M07q88GxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeu7GlAg+ptdt+Q/egEuYHp+n5ktOt2CEXw+NOc2bwHcSkneyD5iICEypizb9cA9li2/m9V//msH5u76uaWZUMS96mjnBHePB2LDp7apxATyFCKmjFUudMbBoU4rtr9x04y5c7GrsNazemD7b74ZYJrDoAXuMBFUWHB1s2rejNO6vPBsQaaKdFsIrgV2uR17s7NTlOZKSOCpvN3B2TJ+QZmNh3Sjw/LTWJMD9+CvRJIn/ozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnru+P5ofQIQuQEVcy/CxiJgtW/BkXtak9viQYw3yLOTPwzDmK9l/JOUcNossB+uJVcRbNo2HijPToOC4tc8uykd0LUv4Mdy+wjEzV+1V/c3vQkzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7qtEQf8LoemSJ+jz0ZAYaaw801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDA==

    Licensing Data-->
    Software licensing service version: 6.0.6001.18000
    Name: Windows(TM) Vista, HomePremium edition
    Description: Windows Operating System - Vista, OEM_COA_NSLP channel
    Activation ID: f3acdd3c-119a-4932-a3d7-0b6f33a1dca9
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 89583-00146-599-787060-02-2057-6001.0000-0782009
    Installation ID: 002265286003053823243513823231832046688611120924864175
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
    Partial Product Key: 498W4
    License Status: Licensed

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NgAAAAEABAABAAEAAQACAAAAAgABAAEA6GGeKaDHFNwWpbRz7MXofZb88vS2aigtkrysVkxY

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            090108        APIC1108
      FACP            090108        FACP1108
      HPET            090108        OEMHPET0
      MCFG            090108        OEMMCFG
      WDRT            090108        NV-WDRT
      SLIC            PacBel        PBDT000A
      OEMB            090108        OEMB1108
      NVHD            090108        NVHDCP
      SSDT            DpgPmm        CpuPm



    Thursday, July 7, 2011 11:46 PM
  • "silverwolfy" wrote in message news:969d7361-c889-4a7b-870d-71addf4aa1c8...

    Hi Noel,

     

    Here's the result of the MGAdiag after two reboots.

    What's also interesting to me is the first TTS entry, which seemed to have occurred at 0214. The 1507 would have corresponded to the time I uninstalled Avast. I wonder if 0214 was the time when Avast updated itself and created the problem. I had the computer switched on over night. Usually I leave it switched on because I run a lot of renders and/or simulation algorithms overnight so I can view the results in the morning.

     

     

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-RHGF7-TW69K-498W4
    Windows Product Key Hash: FF7Db3SU0OolNsgKDQjA9pFrjeY=
    Windows Product ID: 89583-OEM-7359972-87060
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6001.2.00010300.1.0.003



     


    Good - the time hasn't changed (and it normally seems to be set to the boot time of the last boot in an affected system - I do wish MS would get the system to clear the entry at some point... Darin? is there any way to do this to clean up people's history?)
     
    I suspect that you're right about the 0214 timestamp. Do you remember when you upgraded to v6?
    (oh - and you really should update to SP2, unless you have reasons not to.)

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, July 8, 2011 10:50 AM
    Moderator
  • Good - the time hasn't changed (and it normally seems to be set to the boot time of the last boot in an affected system - I do wish MS would get the system to clear the entry at some point... Darin? is there any way to do this to clean up people's history?)
     

    Noel: Short of a reinstall, no, not that I am aware of :( It doesn't hurt anything, it's just annoying to those of us that read Diagnostic Reports for fun and profit.

     

    Silverwolfy: Your Diagnostic Report looks good now, but I just want to confirm the issue is resolved (I wasn't sure of it from your last post)


    Darin MS
    Wednesday, July 13, 2011 9:50 PM