locked
An unauthorized change was made to Windows RRS feed

  • Question

  • About two months ago (around March 2nd) I was working on my computer and a popup came up that said "An unauthorized change has been made to Windows. You will no longer receive notifications, including those about your license or activation. Use the link below to find out how to fix your system. Error: 0xC004D401 The security process reported a system file mismatch error". I looked up this error, found this site, and managed to read a couple of posts about it. But I was busy, so I turned my computer off and left. When I came home that night I turned it on, but didn't see the popup, so I didn't worry about it. The next day, Windows had problems starting up. I restarted the computer in safe mode and did a System Restore to a week before.

    My computer ran normally for about 2 more weeks, until around the 21st of March when I turned my computer on and the popup started appearing again. I haven't used my computer in almost a month, but when I turned it on today I ran the diagnostic tool, and the popup appeared again immediately after the diagnostic finished, so I might post another diagnostic report later to see if the results are different.

    I checked the support website, but I don't have any of those programs listed on my computer. I am using Windows Vista Home Premium 64 bit with (I think) with Service Pack 1 installed. I use avast antivirus and I downloaded MalwareBytes the second time I noticed this error, but neither of these are finding anything. The only other problem I've been having with my computer is that avast has been taking a much longer time to update than usual (except in the two week period that nothing unusual was happening).

    Here is a copy of my diagnostic report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97
    Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=
    Windows Product ID: 89583-OEM-7332157-00211
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {E99380B2-1018-435A-B6EC-E31B7731031E}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6001.vistasp1_gdr.101014-0432
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E99380B2-1018-435A-B6EC-E31B7731031E}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6CJ97</PKey><PID>89583-OEM-7332157-00211</PID><PIDType>2</PIDType><SID>S-1-5-21-2874558843-139040748-3051068678</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>LX6810-01</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-A1</Version><SMBIOSVersion major="2" minor="5"/><Date>20090113000000.000000+000</Date></BIOS><HWID>6E313507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>3C95944474E5F0E</Val><Hash>5BqdlS8502EGyWaS5/w0jQU4eHA=</Hash><Pid>81602-903-3956685-68768</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAJonFQAAAAAAYWECAAD4//96kgAY6NnLARhy9171jCizkdIEkQaJZ66MCmxJa9DhXCPXeuYUNkjWC5zJpLsBECMHpJqYtIJZCyd7IPmIgITKmLNv1wD2WLafOV9FT1KJMhRtDP0Bry7LqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsO7TtXiHJbmqvzuSde4tUlmcGxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeuXYKhX9Pw5We4IXUQzHvIf6ZWoK5rW+fu0ECoKOIoG1oneyD5iICEypizb9cA9li2cQBPY2pCaVioivnmbEqUx6mjnBHePB2LDp7apxATyFCKmjFUudMbBoU4rtr9x04y5c7GrsNazemD7b74ZYJrDu07V4hyW5qr87knXuLVJZnBsQaaKdFsIrgV2uR17s7NTlOZKSOCpvN3B2TJ+QZmNh3Sjw/LTWJMD9+CvRJIn/ozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1648, 9) (null): 0xC004D401

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NAAAAAEAAAABAAEAAwACAAAAAwABAAEAln10xHx0tm5kW5K8Rgvy9KAXwA0g9qxWZb1MWA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  APIC1411
      FACP   ACRSYS  FACP1411
      HPET   ACRSYS  OEMHPET0
      MCFG   ACRSYS  OEMMCFG
      WDRT   ACRSYS  NV-WDRT
      SLIC   ACRSYS  ACRPRDCT
      OEMB   ACRSYS  OEMB1411
      NVHD   ACRSYS  NVHDCP
      AWMI   ACRSYS  OEMB1411
      SSDT   DpgPmm  CpuPm

     


    • Edited by Yes418 Wednesday, April 27, 2011 3:52 AM
    Wednesday, April 27, 2011 2:57 AM

Answers

  • No further reply from the Original Poster.

    Issue is assumed to be resolved.


    Darin MS
    Thursday, May 12, 2011 9:05 PM

All replies

  • I just ran the diagnostic again, and the results are different.

    I also checked the reliability monitor for around the time I started seeing these problems back in March, but I don't see anything unusual aside from internet explorer having an error on the day this occurred and a lot of definition updates for Windows Defender. I do remember, however, that a few days before this started happening I tried to perform a manual update of avast, but cancelled it.

    Here is the new diagnostic report.

    Diagnostic Report (1.9.0027.0)
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97
    Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=
    Windows Product ID: 89583-OEM-7332157-00211
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {E99380B2-1018-435A-B6EC-E31B7731031E}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6001.vistasp1_gdr.101014-0432
    TTS Error: M:20110426203035966-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E99380B2-1018-435A-B6EC-E31B7731031E}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6CJ97</PKey><PID>89583-OEM-7332157-00211</PID><PIDType>2</PIDType><SID>S-1-5-21-2874558843-139040748-3051068678</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>LX6810-01</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-A1</Version><SMBIOSVersion major="2" minor="5"/><Date>20090113000000.000000+000</Date></BIOS><HWID>6E313507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>3C95944474E5F0E</Val><Hash>5BqdlS8502EGyWaS5/w0jQU4eHA=</Hash><Pid>81602-903-3956685-68768</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAJonFQAAAAAAYWECAAD4//96kgAY6NnLARhy9171jCizkdIEkQaJZ66MCmxJa9DhXCPXeuYUNkjWC5zJpLsBECMHpJqYtIJZCyd7IPmIgITKmLNv1wD2WLafOV9FT1KJMhRtDP0Bry7LqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsO7TtXiHJbmqvzuSde4tUlmcGxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeuXYKhX9Pw5We4IXUQzHvIf6ZWoK5rW+fu0ECoKOIoG1oneyD5iICEypizb9cA9li2cQBPY2pCaVioivnmbEqUx6mjnBHePB2LDp7apxATyFCKmjFUudMbBoU4rtr9x04y5c7GrsNazemD7b74ZYJrDu07V4hyW5qr87knXuLVJZnBsQaaKdFsIrgV2uR17s7NTlOZKSOCpvN3B2TJ+QZmNh3Sjw/LTWJMD9+CvRJIn/ozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrkWrl2Mt2NTa1WtTbAA+jBD0IRacCDvWICzLQyi3BN8JJ3sg+YiAhMqYs2/XAPZYtgeIzcunygDcQNoHKN4/iuypo5wR3jwdiw6e2qcQE8hQipoxVLnTGwaFOK7a/cdOMuXOxq7DWs3pg+2++GWCaw7tO1eIcluaq/O5J17i1SWZwbEGminRbCK4Fdrkde7OzU5TmSkjgqbzdwdkyfkGZjYd0o8Py01iTA/fgr0SSJ/6M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDA==

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NAAAAAEAAAABAAEAAwACAAAAAwABAAEAln10xHx0tm5kW5K8Rgvy9KAXwA0g9qxWZb1MWA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  APIC1411
      FACP   ACRSYS  FACP1411
      HPET   ACRSYS  OEMHPET0
      MCFG   ACRSYS  OEMMCFG
      WDRT   ACRSYS  NV-WDRT
      SLIC   ACRSYS  ACRPRDCT
      OEMB   ACRSYS  OEMB1411
      NVHD   ACRSYS  NVHDCP
      AWMI   ACRSYS  OEMB1411
      SSDT   DpgPmm  CpuPm

     


    Wednesday, April 27, 2011 3:08 AM
  • "Yes418" wrote in message news:4c019fa5-9e86-402c-9dcc-be3297d22176...

    I just ran the diagnostic again, and the results are different.

    I also checked the reliability monitor for around the time I started seeing these problems back in March, but I don't see anything unusual aside from internet explorer having an error on the day this occurred and a lot of definition updates for Windows Defender. I do remember, however, that a few days before this started happening I tried to perform a manual update of avast, but cancelled it.

    Here is the new diagnostic report.

    Diagnostic Report (1.9.0027.0)
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97
    Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=
    Windows Product ID: 89583-OEM-7332157-00211
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401

     

     



    You have two problems now :)
    1) - the original - your licensing store is corrupted
    2) You have a Mod-Auth Tamper present, which has appeared since the first run of the tool
     
    I think we'll try to fix the Licensing store first - it may also solve the Tamper.
    Please try the below steps to recreate the Store files.  This may resolve the issue.
     
    1) Open an Internet Browser window.
    2) Type: %windir%\system32 into the browser address bar.
    3) Find the file CMD.exe
    4) Right-Click on CMD.exe and select 'Run as Administrator'
    5) Type: net stop slsvc  (it may ask you if you are sure, select yes)
    6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing
    7) Type: rename tokens.dat tokens.bar
    8) Type: cd %windir%\system32
    9) Type: net start slsvc
    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)
    11) Restart your computer twice.
    12) You may be required to enter the Product Key and/or Activate.
     
     Reboot
     
    Once complete, please post back with a new MGADiag report
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Proposed as answer by Darin Smith MS Wednesday, April 27, 2011 11:56 PM
    Wednesday, April 27, 2011 6:22 AM
    Moderator
  • I see. I'll try this tomorrow afternoon or night when I have some time and post back with results/a report. :)

    Just out of curiosity, do you know what causes the licensing store to become corrupted? And if I'm asked to enter a product key, I use the one on the side of my computer, correct?


    Friday, April 29, 2011 12:26 AM
  • "Yes418" wrote in message news:1cdf586f-3e80-436a-9844-29529114ea7c...

    I see. I'll try this tomorrow afternoon or night when I have some time and post back with results/a report. :)

    Just out of curiosity, do you know what causes the licensing store to become corrupted? And if I'm asked to enter a product key, I use the one on the side of my computer, correct?


    I wish I did know - I'd probably make a fortune :) It seems to be relatively random, so is probably caused by conflicts between the licensing service and other software on the PC (possibly the AV?).
    Yes - use the Key on the COA sticker.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, April 29, 2011 7:03 AM
    Moderator
  • I'm logged on and haven't tried it yet, but I ran a diagnostic report before doing this and the information under "Licensing Data" was a lot different (the Tamper from a couple days ago is still present). I didn't get the popup error the first time, but when I ran the diagnostic a second time I got the error and the "Licensing Data" line looked similar to the way it did in the previous two diagnostics I've posted here. Does this mean anything?

    And I am suspicious of avast, since this all started to happen after downloading the new program (version 6.0.1000). I've used avast since I got this computer (two years ago) and have had no previous problems with it. There is a new program available for installation, but I think I'll wait on downloading (or  uninstalling) until after this.

    Here is the first diagnostic today BEFORE recreating the licensing store. Sorry for posting diagnostics like crazy, but this seems a little weird to me. :/

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Status: Genuine

    Validation Code: 0

    Cached Online Validation Code: N/A, hr = 0xc004f012

    Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97

    Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=

    Windows Product ID: 89583-OEM-7332157-00211

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.0.6001.2.00010300.1.0.003

    ID: {E99380B2-1018-435A-B6EC-E31B7731031E}(3)

    Is Admin: Yes

    TestCab: 0x0

    LegitcheckControl ActiveX: N/A, hr = 0x80070002

    Signed By: N/A, hr = 0x80070002

    Product Name: Windows Vista (TM) Home Premium

    Architecture: 0x00000009

    Build lab: 6001.vistasp1_gdr.101014-0432

    TTS Error: M:20110426203035966-

    Validation Diagnostic:

    Resolution Status: N/A

     

    Vista WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

     

    Windows XP Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

     

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    OGAExec.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

     

    OGA Data-->

    Office Status: 100 Genuine

    Microsoft Office Home and Student 2007 - 100 Genuine

    OGA Version: N/A, 0x80070002

    Signed By: N/A, hr = 0x80070002

    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

     

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

     

    File Scan Data-->

     

    Other data-->

    Office Details: <GenuineResults><MachineData><UGUID>{E99380B2-1018-435A-B6EC-E31B7731031E}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6CJ97</PKey><PID>89583-OEM-7332157-00211</PID><PIDType>2</PIDType><SID>S-1-5-21-2874558843-139040748-3051068678</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>LX6810-01</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-A1</Version><SMBIOSVersion major="2" minor="5"/><Date>20090113000000.000000+000</Date></BIOS><HWID>6E313507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>3C95944474E5F0E</Val><Hash>5BqdlS8502EGyWaS5/w0jQU4eHA=</Hash><Pid>81602-903-3956685-68768</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

     

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAJonFQAAAAAAYWECAAD4//96kgAY6NnLARhy9171jCizkdIEkQaJZ66MCmxJa9DhXCPXeuYUNkjWC5zJpLsBECMHpJqYtIJZCyd7IPmIgITKmLNv1wD2WLafOV9FT1KJMhRtDP0Bry7LqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsO7TtXiHJbmqvzuSde4tUlmcGxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeuXYKhX9Pw5We4IXUQzHvIf6ZWoK5rW+fu0ECoKOIoG1oneyD5iICEypizb9cA9li2cQBPY2pCaVioivnmbEqUx6mjnBHePB2LDp7apxATyFCKmjFUudMbBoU4rtr9x04y5c7GrsNazemD7b74ZYJrDu07V4hyW5qr87knXuLVJZnBsQaaKdFsIrgV2uR17s7NTlOZKSOCpvN3B2TJ+QZmNh3Sjw/LTWJMD9+CvRJIn/ozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrkWrl2Mt2NTa1WtTbAA+jBD0IRacCDvWICzLQyi3BN8JJ3sg+YiAhMqYs2/XAPZYtgeIzcunygDcQNoHKN4/iuypo5wR3jwdiw6e2qcQE8hQipoxVLnTGwaFOK7a/cdOMuXOxq7DWs3pg+2++GWCaw7tO1eIcluaq/O5J17i1SWZwbEGminRbCK4Fdrkde7OzU5TmSkjgqbzdwdkyfkGZjYd0o8Py01iTA/fgr0SSJ/6M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDA==

     

    Licensing Data-->

    Software licensing service version: 6.0.6001.18000

    Name: Windows(TM) Vista, HomePremium edition

    Description: Windows Operating System - Vista, OEM_SLP channel

    Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 89583-00146-321-500211-02-1033-6001.0000-1382009

    Installation ID: 014583913711430383094286794862679001162665210741960904

    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473

    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474

    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476

    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475

    Partial Product Key: 6CJ97

    License Status: Licensed

     

    Windows Activation Technologies-->

    N/A

     

    HWID Data-->

    HWID Hash Current: NAAAAAEAAAABAAEAAwACAAAAAwABAAEAln10xHx0tm5kW5K8Rgvy9KAXwA0g9qxWZb1MWA==

     

    OEM Activation 1.0 Data-->

    N/A

     

    OEM Activation 2.0 Data-->

    BIOS valid for OA 2.0: yes

    Windows marker version: 0x20000

    OEMID and OEMTableID Consistent: yes

    BIOS Information:

      ACPI Table Name  OEMID Value          OEMTableID Value

      APIC                                       ACRSYS                   APIC1411

      FACP                                      ACRSYS                   FACP1411

      HPET                                     ACRSYS                   OEMHPET0

      MCFG                                    ACRSYS                   OEMMCFG

      WDRT                                   ACRSYS                   NV-WDRT

      SLIC                                       ACRSYS                   ACRPRDCT

      OEMB                                   ACRSYS                   OEMB1411

      NVHD                                    ACRSYS                   NVHDCP

      AWMI                                   ACRSYS                   OEMB1411

      SSDT                                     DpgPmm                                CpuPm

     


    Friday, April 29, 2011 10:33 PM
  • "Yes418" wrote in message news:732aa74b-c24e-4299-965d-bf7eb5190cf0...

    I'm logged on and haven't tried it yet, but I ran a diagnostic report before doing this and the information under "Licensing Data" was a lot different (the Tamper from a couple days ago is still present). I didn't get the popup error the first time, but when I ran the diagnostic a second time I got the error and the "Licensing Data" line looked similar to the way it did in the previous two diagnostics I've posted here. Does this mean anything?

    And I am suspicious of avast, since this all started to happen after downloading the new program (version 6.0.1000). I've used avast since I got this computer (two years ago) and have had no previous problems with it. There is a new program available for installation, but I think I'll wait on downloading (or  uninstalling) until after this.

    Here is the first diagnostic today BEFORE recreating the licensing store. Sorry for posting diagnostics like crazy, but this seems a little weird to me. :/

     

    Diagnostic Report (1.9.0027.0):

    -----------------------------------------

    Windows Validation Data-->

    Validation Status: Genuine

    Validation Code: 0

    Cached Online Validation Code: N/A, hr = 0xc004f012

    Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97

    Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=

    Windows Product ID: 89583-OEM-7332157-00211

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.0.6001.2.00010300.1.0.003



    Certainly Avast has been implicated a few times in these forums for various problems
     
    The report above would seem to be fine - it really only needs manual validation an your should be good to go (the Mod_Auth Tamper note doesn't always disappear when the tamper is removed)
     
    Do I understand that you're back to square one now? please post the latest report - if the one above is the latest, then go to manual validation to clear the last error and see what happens...
    www.microsoft.com/genuine/validate. Note that there's a bug on the site for some Vista users (MS is working on a fix) where the user is immediately redirected to the Bing search engine, so don't fret if that happens, simply try again in a couple of days.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, April 29, 2011 11:03 PM
    Moderator
  • Ehhh, this isn't good. I just ran another one, and now I have two, one of which is a K Stamp. And the licensing data is back to what it originally was. :( I still haven't attempted to recreate the store yet.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97
    Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=
    Windows Product ID: 89583-OEM-7332157-00211
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {E99380B2-1018-435A-B6EC-E31B7731031E}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6001.vistasp1_gdr.101014-0432
    TTS Error: K:20110429174222272-M:20110429163921627-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E99380B2-1018-435A-B6EC-E31B7731031E}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6CJ97</PKey><PID>89583-OEM-7332157-00211</PID><PIDType>2</PIDType><SID>S-1-5-21-2874558843-139040748-3051068678</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>LX6810-01</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-A1</Version><SMBIOSVersion major="2" minor="5"/><Date>20090113000000.000000+000</Date></BIOS><HWID>6E313507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>3C95944474E5F0E</Val><Hash>5BqdlS8502EGyWaS5/w0jQU4eHA=</Hash><Pid>81602-903-3956685-68768</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAJonFQAAAAAAYWECAAD4//96kgAY6NnLARhy9171jCizkdIEkQaJZ66MCmxJa9DhXCPXeuYUNkjWC5zJpLsBECMHpJqYtIJZCyd7IPmIgITKmLNv1wD2WLafOV9FT1KJMhRtDP0Bry7LqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsO7TtXiHJbmqvzuSde4tUlmcGxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeuXYKhX9Pw5We4IXUQzHvIf6ZWoK5rW+fu0ECoKOIoG1oneyD5iICEypizb9cA9li2cQBPY2pCaVioivnmbEqUx6mjnBHePB2LDp7apxATyFCKmjFUudMbBoU4rtr9x04y5c7GrsNazemD7b74ZYJrDu07V4hyW5qr87knXuLVJZnBsQaaKdFsIrgV2uR17s7NTlOZKSOCpvN3B2TJ+QZmNh3Sjw/LTWJMD9+CvRJIn/ozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrkWrl2Mt2NTa1WtTbAA+jBD0IRacCDvWICzLQyi3BN8JJ3sg+YiAhMqYs2/XAPZYtgeIzcunygDcQNoHKN4/iuypo5wR3jwdiw6e2qcQE8hQipoxVLnTGwaFOK7a/cdOMuXOxq7DWs3pg+2++GWCaw7tO1eIcluaq/O5J17i1SWZwbEGminRbCK4Fdrkde7OzU5TmSkjgqbzdwdkyfkGZjYd0o8Py01iTA/fgr0SSJ/6M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhy9171jCizkdIEkQaJZ65eMeLisuo9rnx5KSzgtHWl+Q6jMlmEddDniRUZJerJyid7IPmIgITKmLNv1wD2WLa6n9lUcZoX2ZYhRQ6n5sXmqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsO7TtXiHJbmqvzuSde4tUlmcGxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NAAAAAEAAAABAAEAAwACAAAAAwABAAEAln10xHx0tm5kW5K8Rgvy9KAXwA0g9qxWZb1MWA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  APIC1411
      FACP   ACRSYS  FACP1411
      HPET   ACRSYS  OEMHPET0
      MCFG   ACRSYS  OEMMCFG
      WDRT   ACRSYS  NV-WDRT
      SLIC   ACRSYS  ACRPRDCT
      OEMB   ACRSYS  OEMB1411
      NVHD   ACRSYS  NVHDCP
      AWMI   ACRSYS  OEMB1411
      SSDT   DpgPmm  CpuPm


     



    • Edited by Yes418 Friday, April 29, 2011 11:24 PM
    Friday, April 29, 2011 11:16 PM
  • "Yes418" wrote in message news:c9d1ef51-67ff-4b05-bd23-967e6d95cf7f...

    Ehhh, this isn't good. I just ran another one, and now I have both the original AND a K Stamp as well. And the licensing data is back to what it originally was. :( I still haven't attempted to recreate the store yet.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97
    Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=
    Windows Product ID: 89583-OEM-7332157-00211
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {E99380B2-1018-435A-B6EC-E31B7731031E}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6001.vistasp1_gdr.101014-0432
    TTS Error: K:20110429174222272-M:20110429163921627-

     



    I wouldn't bother with trying to recreate the store yet - you almost certainly have a live malware infection.
     
    Download, install, update and run Malwarebytes Anti-Malware (www.malwarebytes.org ) and see what it finds - run a Full scan in your usual User account, and a Quick scan in every other account  (otherwise one can reinfect the whole machine)

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, April 29, 2011 11:24 PM
    Moderator
  • I scanned the AppData folder and found nothing with MalwareBytes, but I tried with avast and it found five objects, so I had it quarantine them.

    The report doesn't appear to have changed much from last time, so I'm not sure whether or not this was the problem or if I need to keep looking. What do you think?

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97
    Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=
    Windows Product ID: 89583-OEM-7332157-00211
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {E99380B2-1018-435A-B6EC-E31B7731031E}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6001.vistasp1_gdr.101014-0432
    TTS Error: K:20110429212922931-M:20110429163921627-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E99380B2-1018-435A-B6EC-E31B7731031E}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6CJ97</PKey><PID>89583-OEM-7332157-00211</PID><PIDType>2</PIDType><SID>S-1-5-21-2874558843-139040748-3051068678</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>LX6810-01</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R01-A1</Version><SMBIOSVersion major="2" minor="5"/><Date>20090113000000.000000+000</Date></BIOS><HWID>6E313507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>3C95944474E5F0E</Val><Hash>5BqdlS8502EGyWaS5/w0jQU4eHA=</Hash><Pid>81602-903-3956685-68768</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAJonFQAAAAAAYWECAAD4//96kgAY6NnLARhy9171jCizkdIEkQaJZ66MCmxJa9DhXCPXeuYUNkjWC5zJpLsBECMHpJqYtIJZCyd7IPmIgITKmLNv1wD2WLafOV9FT1KJMhRtDP0Bry7LqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsO7TtXiHJbmqvzuSde4tUlmcGxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeuXYKhX9Pw5We4IXUQzHvIf6ZWoK5rW+fu0ECoKOIoG1oneyD5iICEypizb9cA9li2cQBPY2pCaVioivnmbEqUx6mjnBHePB2LDp7apxATyFCKmjFUudMbBoU4rtr9x04y5c7GrsNazemD7b74ZYJrDu07V4hyW5qr87knXuLVJZnBsQaaKdFsIrgV2uR17s7NTlOZKSOCpvN3B2TJ+QZmNh3Sjw/LTWJMD9+CvRJIn/ozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrkWrl2Mt2NTa1WtTbAA+jBD0IRacCDvWICzLQyi3BN8JJ3sg+YiAhMqYs2/XAPZYtgeIzcunygDcQNoHKN4/iuypo5wR3jwdiw6e2qcQE8hQipoxVLnTGwaFOK7a/cdOMuXOxq7DWs3pg+2++GWCaw7tO1eIcluaq/O5J17i1SWZwbEGminRbCK4Fdrkde7OzU5TmSkjgqbzdwdkyfkGZjYd0o8Py01iTA/fgr0SSJ/6M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhy9171jCizkdIEkQaJZ65eMeLisuo9rnx5KSzgtHWl+Q6jMlmEddDniRUZJerJyid7IPmIgITKmLNv1wD2WLa6n9lUcZoX2ZYhRQ6n5sXmqaOcEd48HYsOntqnEBPIUIqaMVS50xsGhTiu2v3HTjLlzsauw1rN6YPtvvhlgmsO7TtXiHJbmqvzuSde4tUlmcGxBpop0WwiuBXa5HXuzs1OU5kpI4Km83cHZMn5BmY2HdKPD8tNYkwP34K9Ekif+jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NAAAAAEAAAABAAEAAwACAAAAAwABAAEAln10xHx0tm5kW5K8Rgvy9KAXwA0g9qxWZb1MWA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  APIC1411
      FACP   ACRSYS  FACP1411
      HPET   ACRSYS  OEMHPET0
      MCFG   ACRSYS  OEMMCFG
      WDRT   ACRSYS  NV-WDRT
      SLIC   ACRSYS  ACRPRDCT
      OEMB   ACRSYS  OEMB1411
      NVHD   ACRSYS  NVHDCP
      AWMI   ACRSYS  OEMB1411
      SSDT   DpgPmm  CpuPm

     


    Saturday, April 30, 2011 3:59 AM
  • "Yes418" wrote in message news:658a69de-ddf7-40eb-9b7f-97ba9bbcad22...

    I scanned the AppData folder and found nothing with MalwareBytes, but I tried with avast and it found five objects, so I had it quarantine them.

    The report doesn't appear to have changed much from last time, so I'm not sure whether or not this was the problem or if I need to keep looking. What do you think?

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97
    Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=
    Windows Product ID: 89583-OEM-7332157-00211
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {E99380B2-1018-435A-B6EC-E31B7731031E}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6001.vistasp1_gdr.101014-0432
    TTS Error: K:20110429212922931-M:20110429163921627-

    Data-->
    C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401

     



    Why did you only scan the AppData  folder? you need to scan the WHOLE PC!

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, April 30, 2011 7:24 AM
    Moderator
  • I have been (and still am) performing multiple quick and full system scans. The reason I only mentioned AppsData is because that's the only place I've found anything through doing a Quick Scan, which doesn't even matter anyway because it obviously isn't the source of the problem.
    Saturday, April 30, 2011 5:48 PM
  • "Yes418" wrote in message news:3af5fe5d-63b3-4808-b007-cef336d9d96c...
    I have been (and still am) performing multiple quick and full system scans. The reason I only mentioned AppsData is because that's the only place I've found anything through doing a Quick Scan, which doesn't even matter anyway because it obviously isn't the source of the problem.
    Ah - that's what confused me :)

     
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Sunday, May 1, 2011 8:08 AM
    Moderator
  • I probably could have been more clear about that. Sorry.

    But I ran several full system scans and they came up with nothing. I can't turn the computer on normally anymore, or at least I couldn't last time I attempted (all I get is a black screen with a similar error message saying that a change has been made that will result in limited functionality. I can either open a browser window to the windows validation website or close it and be automatically logged out). :/

    Do you think there could be malware on the computer that avast and malwarebytes aren't picking up on?

    Monday, May 2, 2011 10:53 PM
  • "Yes418" wrote in message news:96c09a7f-b207-47eb-a14d-b68c7139d8d2...

    I probably could have been more clear about that. Sorry.

    But I ran several full system scans and they came up with nothing. I can't turn the computer on normally anymore, or at least I couldn't last time I attempted (all I get is a black screen with a similar error message saying that a change has been made that will result in limited functionality. I can either open a browser window to the windows validation website or close it and be automatically logged out). :/

    Do you think there could be malware on the computer that avast and malwarebytes aren't picking up on?

    Unlikely, but possible.
     
    Try recreating the Licensing store now - it shouldn't hurt, and may help.

    1) Open an Internet Browser window.
    2) Type: %windir%\system32 into the browser address bar.
    3) Find the file CMD.exe
    4) Right-Click on CMD.exe and select 'Run as Administrator'
    5) Type: net stop slsvc  (it may ask you if you are sure, select yes)
    6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing
    7) Type: rename tokens.dat tokens.bar
    8) Type: cd %windir%\system32
    9) Type: net start slsvc
    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)
    11) Restart your computer twice.
    12) You may be required to enter the Product Key and/or Activate.
     
     Reboot
     
    Once complete, please post back with a new MGADiag report
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, May 3, 2011 2:58 AM
    Moderator
  • No further reply from the Original Poster.

    Issue is assumed to be resolved.


    Darin MS
    Thursday, May 12, 2011 9:05 PM
  • Hi there... I got the same problem likely 2 weeks ago, but well solved just by MBAM scanning. But then now back with the problem  

    "An unauthorized change was made to Windows

    Error : 0xC004D401

    Description : The security processor reported a system file mismatch error."

    So I found this page, took the advices... went through MBAM scanning, nothing found... tried to recreate the Licensing store, didnt succeed..

    Was on step 9) net start slsvc, it says "The Software Licensing service could not be started. A system error has occured. System error 54529 has occured."

    Please... i do really need help, Im such a novice on this stuff.

    Friday, July 15, 2011 8:53 PM
  • "quine mcailova" wrote in message news:8290d1c5-3fc4-4258-9941-1faa88d76978...

    Hi there... I got the same problem likely 2 weeks ago, but well solved just by MBAM scanning. But then now back with the problem  

    "An unauthorized change was made to Windows

    Error : 0xC004D401

    Description : The security processor reported a system file mismatch error."

    So I found this page, took the advices... went through MBAM scanning, nothing found... tried to recreate the Licensing store, didnt succeed..

    Was on step 9) net start slsvc, it says "The Software Licensing service could not be started. A system error has occured. System error 54529 has occured."

    Please... i do really need help, Im such a novice on this stuff.


    Please start your OWN NEW thread  - and include a copy of your OWN MGADiag report.... and tell us what Anti-Virus program you are using.
     
    To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
    Once saved, run the tool.
    Click on the Continue button, which will produce the report.
    To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
     - IN YOUR OWN THREAD, please
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, July 15, 2011 10:25 PM
    Moderator