Answered by:
An unauthorized change has been made to windows

Question
-
Diagnostic Report (1.9.0027.0):-----------------------------------------Windows Validation Data-->Validation Status: GenuineValidation Code: 0Cached Online Validation Code: 0x0Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=Windows Product ID: 89578-OEM-7332157-00204Windows Product ID Type: 2Windows License Type: OEM SLPWindows OS version: 6.0.6001.2.00010300.1.0.003ID: {FB732749-4C9E-430C-A55A-F670213F60A8}(3)Is Admin: YesTestCab: 0x0LegitcheckControl ActiveX: Registered, 1.7.69.2Signed By: MicrosoftProduct Name: Windows Vista (TM) Home PremiumArchitecture: 0x00000000Build lab: 6001.vistasp1_gdr.091208-0542TTS Error: K:20081119124549467-Validation Diagnostic:Resolution Status: N/A
Vista WgaER Data-->ThreatID(s): N/A, hr = 0x80070002Version: 6.0.6002.16398
Windows XP Notifications Data-->Cached Result: N/A, hr = 0x80004005File Exists: NoVersion: N/A, hr = 0x80070002WgaTray.exe Signed By: N/A, hr = 0x80070002WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->Cached Result: 108Version: 2.0.48.0OGAExec.exe Signed By: MicrosoftOGAAddin.dll Signed By: Microsoft
OGA Data-->Office Status: 108 Invalid VLKMicrosoft Office Enterprise 2007 - 108 Invalid VLKMicrosoft Office Home and Student 2007 - 101 Not ActivatedOGA Version: Registered, 2.0.48.0Signed By: MicrosoftOffice Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->Proxy settings: proxy.uow.edu.au:8080User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exeDownload signed ActiveX controls: PromptDownload unsigned ActiveX controls: DisabledRun ActiveX controls and plug-ins: AllowedInitialize and script ActiveX controls not marked as safe: DisabledAllow scripting of Internet Explorer Webbrowser control: DisabledActive scripting: AllowedScript ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->File Mismatch: C:\Windows\system32\gdi32.dll[6.0.6001.18159], Hr = 0x800b0100
Other data-->Office Details: <GenuineResults><MachineData><UGUID>{FB732749-4C9E-430C-A55A-F670213F60A8}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-3017200110-260890109-3709177934</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS M1530 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A08</Version><SMBIOSVersion major="2" minor="4"/><Date>20080319000000.000000+000</Date></BIOS><HWID>E4303507018400F8</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>108</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65476</Pid><PidType>14</PidType></Product><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>101</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>AB96FEF41EA9732</Val><Hash>P5iXi4oN/74OK259Q9NJapaK1R8=</Hash><Pid>81602-921-4955302-68691</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="108"/><App Id="16" Version="12" Result="108"/><App Id="18" Version="12" Result="108"/><App Id="19" Version="12" Result="108"/><App Id="1A" Version="12" Result="108"/><App Id="1B" Version="12" Result="108"/><App Id="44" Version="12" Result="108"/><App Id="A1" Version="12" Result="108"/><App Id="BA" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAABAAAAEcXAAAAAAAAYWECAOhwhqESU+3VmdzKAdArSr9MLECc5R83cvYPeMwQkwj5vQhJlhi7HSqU6jxtjQLlZOHrnrKwTPctEH1w8KCoTUWXhhgs1m231mF4QnA/BvCqnhSkvyhQAcvSo3aU27OKLWTN3/xFyngmD3afWQd5BWut+vD3FqOkH5qwY3q1CzF0U07jqdyoAL0aULPNP9KSju/t9vu9LXUgneZO8FY4AE64zboqR4C2wZdpMQu8VjbvFjoDZ5k4mh5m+ukRM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMXjbcenZaX0Gp16KCigXIPeIfE+UW9sNotH/StFXfATqgqE1Fl4YYLNZtt9ZheEJwd48L05QhJBJ1qx8pgDenqtuzii1kzd/8Rcp4Jg92n1kHeQVrrfrw9xajpB+asGN6tQsxdFNO46ncqAC9GlCzzT/Sko7v7fb7vS11IJ3mTvBWOABOuM26KkeAtsGXaTELvFY27xY6A2eZOJoeZvrpETOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zCcFklHjRTpRV+hRH9mxZf1Xc8b+Pgnckck96yNh+kkCoKhNRZeGGCzWbbfWYXhCcEGfu/tsqVesdQ/lwfEvJuTbs4otZM3f/EXKeCYPdp9ZB3kFa6368PcWo6QfmrBjerULMXRTTuOp3KgAvRpQs80/0pKO7+32+70tdSCd5k7wVjgATrjNuipHgLbBl2kxC7xWNu8WOgNnmTiaHmb66REzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMw1ybn1b+7YuupHkTMcgbj2b6rCux4vzAjtn+KASDOABqCoTUWXhhgs1m231mF4QnALaO7gPzuZn6NEAW0nqw3f27OKLWTN3/xFyngmD3afWQd5BWut+vD3FqOkH5qwY3q1CzF0U07jqdyoAL0aULPNP9KSju/t9vu9LXUgneZO8FY4AE64zboqR4C2wZdpMQu8VjbvFjoDZ5k4mh5m+ukRM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jM5pMmiSU5Pbg4zQ3J3jMkh03c0RIavO+cuS9BovQ5gnSgqE1Fl4YYLNZtt9ZheEJwKEeoIPmxypSFUleD+9TTKtuzii1kzd/8Rcp4Jg92n1kHeQVrrfrw9xajpB+asGN6tQsxdFNO46ncqAC9GlCzzT/Sko7v7fb7vS11IJ3mTvBWOABOuM26KkeAtsGXaTELvFY27xY6A2eZOJoeZvrpETOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zMGwxPc/f9rMgKD7n6DuHe6EaQcYfiERSu7/r/757WcPoKhNRZeGGCzWbbfWYXhCcI+RKuAi1/QkGvX45U5/Anvbs4otZM3f/EXKeCYPdp9ZB3kFa6368PcWo6QfmrBjerULMXRTTuOp3KgAvRpQs80/0pKO7+32+70tdSCd5k7wVjgATrjNuipHgLbBl2kxC7xWNu8WOgNnmTiaHmb66REzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMzL1y1fzdzCZQohtINIETj9juCWJE2+ysrdtWMKIw7B86CoTUWXhhgs1m231mF4QnBK14orzoY+JcnVsr2ADH3e27OKLWTN3/xFyngmD3afWQd5BWut+vD3FqOkH5qwY3q1CzF0U07jqdyoAL0aULPNP9KSju/t9vu9LXUgneZO8FY4AE64zboqR4C2wZdpMQu8VjbvFjoDZ5k4mh5m+ukRM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMZGqE0HmTJh5MBSjxwlom59dZj6J/7EincaTFjj2CE5WgqE1Fl4YYLNZtt9ZheEJwRUlVLPugw61NqhcCGerKqNuzii1kzd/8Rcp4Jg92n1kHeQVrrfrw9xajpB+asGN6tQsxdFNO46ncqAC9GlCzzT/Sko7v7fb7vS11IJ3mTvBWOABOuM26KkeAtsGXaTELvFY27xY6A2eZOJoeZvrpETOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zKxteOdQbDWyCKWlvb2+MIImW7gjAprdP30Fb0778b3boKhNRZeGGCzWbbfWYXhCcK7Jo/eU+RVCuGPtXzj/c4Xbs4otZM3f/EXKeCYPdp9ZB3kFa6368PcWo6QfmrBjerULMXRTTuOp3KgAvRpQs80/0pKO7+32+70tdSCd5k7wVjgATrjNuipHgLbBl2kxC7xWNu8WOgNnmTiaHmb66REzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMyc98sfpTnetm8u7WyyNNhXMkmsOEQ1oiS6K/uDGYKTA6CoTUWXhhgs1m231mF4QnCY7Kw6Jp6ta2tnI2fjBE/K27OKLWTN3/xFyngmD3afWQd5BWut+vD3FqOkH5qwY3q1CzF0U07jqdyoAL0aULPNP9KSju/t9vu9LXUgneZO8FY4AE64zboqR4C2wZdpMQu8VjbvFjoDZ5k4mh5m+ukRM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMDDaOFxahUeBA5UQQZHEMPjDSqKDhJX34/1wj8Qd5+fygqE1Fl4YYLNZtt9ZheEJw+1F0eXJRU0mOqnlgxWXfKtuzii1kzd/8Rcp4Jg92n1kHeQVrrfrw9xajpB+asGN6tQsxdFNO46ncqAC9GlCzzT/Sko7v7fb7vS11IJ3mTvBWOABOuM26KkeAtsGXaTELvFY27xY6A2eZOJoeZvrpETOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zMNQf3qayslQB8OQFRLfTTu3j4Kv2V2d71ubv5FWgjB3oKhNRZeGGCzWbbfWYXhCcAXUv5yc+SUbBaTKiw4wHqPbs4otZM3f/EXKeCYPdp9ZB3kFa6368PcWo6QfmrBjerULMXRTTuOp3KgAvRpQs80/0pKO7+32+70tdSCd5k7wVjgATrjNuipHgLbBl2kxC7xWNu8WOgNnmTiaHmb66REzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMxkwYIrbWHyzkBgnX+oBIO66w8+ry8ICjpHd2JbviVRuKCoTUWXhhgs1m231mF4QnBZ/Wyv0BANdX4DxVu0+KMq27OKLWTN3/xFyngmD3afWQd5BWut+vD3FqOkH5qwY3q1CzF0U07jqdyoAL0aULPNP9KSju/t9vu9LXUgneZO8FY4AE64zboqR4C2wZdpMQu8VjbvFjoDZ5k4mh5m+ukRM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=
Licensing Data-->Software licensing service version: 6.0.6001.18000Name: Windows(TM) Vista, HomePremium editionDescription: Windows Operating System - Vista, OEM_SLP channelActivation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895fApplication ID: 55c92734-d682-4d71-983e-d6ec3f16059fExtended PID: 89578-00146-321-500204-02-3081-6001.0000-1712008Installation ID: 004260909176716494815541854184466905540284271200270874Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475Partial Product Key: B9HD2License Status: Licensed
Windows Activation Technologies-->N/A
HWID Data-->HWID Hash Current: PAAAAAEABgABAAEAAQABAAAABAABAAEA6GEgKxaWEnlOapp6HrMyD0aDZFa+ffL07hG9Cu58Uo6sVkbK
OEM Activation 1.0 Data-->N/A
OEM Activation 2.0 Data-->BIOS valid for OA 2.0: yesWindows marker version: 0x20000OEMID and OEMTableID Consistent: yesBIOS Information:ACPI Table Name OEMID Value OEMTableID ValueAPIC DELL M08FACP DELL M08HPET DELL M08BOOT DELL M08MCFG DELL M08SLIC DELL M08OSFR DELL M08SSDT PmRef CpuPm
Tuesday, April 20, 2010 9:29 AM
Answers
-
Hello Riddy64,
The core of your issue centers on the line in your Diagnostic Report that reads:
File Scan Data-->File Mismatch: C:\Windows\system32\gdi32.dll[6.0.6001.18159], Hr = 0x800b0100This means the file has been Tampered, Modified or has become Corrupt. Vista see this as an attack to bypass it's Licensing security.
To resolve the issue, you need to either repair file .
First try repairing Windows using System Restore:
1) Reboot Vista into Safe Mode
2) Click the ‘Start’ button
3) In the Start Search field, type: System Restore and hit “Enter” keyboard key
4) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
5) Click the "Next" button.
6) Reboot back into Normal mode
7) Vista should no longer be in Reduced Functionality mode
If that doesn't work, we'll try doing a System Scan. The scan will look for bad Vista files and will attempt to repair them, if possible.
1) Login to Vista in Normal Mode (not safe mode)
2) Launch an Internet Browser
3) Type: %windir%\system32\ in the browser's address field
4) Scroll down till you find the file cmd.exe
5) Right-click the file and select 'Run as Administrator'
6) In the CMD window, type: sfc /scannow
7) Reboot twice and see if that resolves the issue.
If neither of these sets of steps resolves the issue, my only other suggestions would be either to contact Vista support at http://support.microsoft.com or reinstall Vista.
Thank you,
Darin MS- Marked as answer by Darin Smith MS Tuesday, April 20, 2010 8:09 PM
Tuesday, April 20, 2010 8:09 PM
All replies
-
You have a blocked VLK for office 2007, you will need to uninstall office and reinstall a legitimate version. I would suggest downloading and installing the free public beta or office 2010, give it a try and purchase that before the beta period expires.
Windows appears to be activated, we need more detailed information. Go to www.microsoft.com/genuine and validate windows AFTER removing the office product. After validating report any errors here and post a new diagnostic report.
Thanks
Carl
Tuesday, April 20, 2010 1:10 PM -
Hello Riddy64,
The core of your issue centers on the line in your Diagnostic Report that reads:
File Scan Data-->File Mismatch: C:\Windows\system32\gdi32.dll[6.0.6001.18159], Hr = 0x800b0100This means the file has been Tampered, Modified or has become Corrupt. Vista see this as an attack to bypass it's Licensing security.
To resolve the issue, you need to either repair file .
First try repairing Windows using System Restore:
1) Reboot Vista into Safe Mode
2) Click the ‘Start’ button
3) In the Start Search field, type: System Restore and hit “Enter” keyboard key
4) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
5) Click the "Next" button.
6) Reboot back into Normal mode
7) Vista should no longer be in Reduced Functionality mode
If that doesn't work, we'll try doing a System Scan. The scan will look for bad Vista files and will attempt to repair them, if possible.
1) Login to Vista in Normal Mode (not safe mode)
2) Launch an Internet Browser
3) Type: %windir%\system32\ in the browser's address field
4) Scroll down till you find the file cmd.exe
5) Right-click the file and select 'Run as Administrator'
6) In the CMD window, type: sfc /scannow
7) Reboot twice and see if that resolves the issue.
If neither of these sets of steps resolves the issue, my only other suggestions would be either to contact Vista support at http://support.microsoft.com or reinstall Vista.
Thank you,
Darin MS- Marked as answer by Darin Smith MS Tuesday, April 20, 2010 8:09 PM
Tuesday, April 20, 2010 8:09 PM