locked
started receiving error that an unauthorized change has occured to windows..... RRS feed

  • Question

  • here is the windows genuine advantage diagnostic:
    Diagnostic Report (1.9.0011.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50

    Cached Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
    Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
    Windows Product ID: 89583-OEM-7332157-00204
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {47E5D81C-9082-445F-B924-DE69DC378B40}(1)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000009
    Build lab: 6002.vistasp2_gdr.090803-2339
    TTS Error: T:20100201032146957-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{47E5D81C-9082-445F-B924-DE69DC378B40}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89583-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-3581750454-1169041279-1684901004</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio 1737</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="5"/><Date>20090211000000.000000+000</Date></BIOS><HWID>65303507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>M09    </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAP0OAAAAAAAAYWECAAD4//8RI8qTF6PKASPvOhE4aiPWkIrToHXwxdq8/nnTnywjXsydKzR8fSCIOq1pVjET+zR3aErNbKarBDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeaRc2kUuZxEw31YGs7X3bUOwRlZxiKUnpG+IXq3bRoQkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    HWID Data-->
    HWID Hash Current: PAAAAAEABQABAAIAAQABAAAABAABAAEA6GHQBRobeNqObGhBOCt6f0w5UF+GGfL0cl2uxoqUrFaadkbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   PTLTD     APIC 
      FACP   INTEL   CRESTLNE
      HPET   INTEL   CRESTLNE
      BOOT   PTLTD   $SBFTBL$
      MCFG   INTEL   CRESTLNE
      SLIC   DELL    M09   
      OSFR   DELL    DELL   
      SSDT   BrtRef  DD01BRT
      SSDT   BrtRef  DD01BRT
      SSDT   BrtRef  DD01BRT
      SSDT   BrtRef  DD01BRT

     

    Tuesday, February 2, 2010 2:05 AM

Answers

  • Hello bfrankenhoff,

     Your Diagnostic Report is showing that there is a Trusted Store Tamper occuring. This is a fairly rare issue so we don't have good data on what causes it. 

      We believe that it's usually caused by a semi-incompatible driver generating low level errors to Windows. But there is also evidence that Malware may be the cause in some cases.

      I recommend scanning your system with an Anti-Virus program (multiple scans with different AV software is optimal) as well as ensure that all drivers are up to date.


      Below are a few sets of steps that have resolved similar problems in the past:

    Repairing Windows using System Restore:

    1) Reboot Vista into Safe Mode
    2) Click the ‘Start’ button
    3) In the Start Search field, type: System Restore and hit “Enter” keyboard key
    4) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
    5) Click the "Next" button.
    6) Reboot back into Normal mode

    Your Windows should now no longer be in a Non-Genuine state.  However, if the issue was caused by Malware (or ny a semi-incompatible hardware driver), then the Malware is still in your Vista, (or the Driver is still installed) at this point, so unless the malware is removed (or the Driver Updated to a compatible version), Vista may return to a Non-Genuine state.

    ------------------------
    Licensing Store repair:

    1) Open an Internet Browser
    2) Type %windir%\system32 into the browser address bar.
    3) Find the file CMD.exe
    4) Right-Click on CMD.exe and select 'Run as Administrator'
    5) Type: net stop slsvc  (it may ask you if you are sure, select yes)
    6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing
    7) Type: rename tokens.dat tokens.bar
    8) Type: cd %windir%\system32
    9) Type net start slsvc
    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)
    11) Reboot Twice
    12) Windows will likely ask for the Product Key to be re-entered and/or to re-activate  (use the Product key from the sticker on the side or bottom of the PC and Activate by Phone (not over the internet)

    ------------------

    System Scan. The scan will look for bad Vista files and will attempt to repair them, if possible.

    1)    Login to Vista in Normal Mode (not safe mode)

    2)    Launch an Internet Browser

    3)    Type: %windir%\system32\ in the browser's address field

    4)    Scroll down till you find the file cmd.exe

    5)    Right-click the file and select 'Run as Administrator'

    6)    In the CMD window, type: sfc /scannow

    7)    Reboot twice and see if that resolves the issue.

    ----------------------


    If none of these sets of steps resolves the issue, my only other suggestions would be either to contact Vista support at http://support.microsoft.com or reinstall Vista.

    I hope what I have given you helps  (if something does fix the issue, tell us what did the trick. That information may help others in the future)

    Darin MS

    • Marked as answer by Darin Smith MS Tuesday, February 2, 2010 10:49 PM
    • Marked as answer by Darin Smith MS Wednesday, February 3, 2010 8:27 PM
    Tuesday, February 2, 2010 10:48 PM