locked
(Darin Smith) Mismatched file under file scan data in MGA dianostic report after trying to update to Vista service pack1 failed RRS feed

  • Question

  • Darin Smith, here is a copy of my diagnostic report, as requested in the reply to Axxent's thread.  Can you please tell me how to resolve this issue?   Service pack 1 in for Vista in windows update failed after several attempts, error 80070026 occurred.  After restarting my system I got an error message stating there had been an unauthorized change to windows, I was given two options, learn more online or close.  I chose learn more and was taken to the MS windows verification, where my windows could not be validated.  I tried using prompt command to restart the licensing service but recieved yet another error stating that a system error occurred, error 54273.  The system cannot find message text for message number 0xd401 in the message file for BASE.

    I know that my pre-installed OS is valid, as I validated it shortly after purchasing the machine in order to get an update or something...  I even have the verification number that I recieved that day.  Any help will be greatly appreciated.

     

     

    Diagnostic Report (1.7.0095.0):

    -----------------------------------------

    WGA Data-->

    Validation Status: Invalid License

    Validation Code: 50

    Online Validation Code: 0x80070426

    Cached Validation Code: N/A, hr = 0x80070426

    Windows Product Key: *****-*****-VFWRT-JGH7R-R933G

    Windows Product Key Hash: gYrJFhcKVmHMbiVVuoEU7w/jsC0=

    Windows Product ID: 89580-OEM-7332132-00015

    Windows Product ID Type: 2

    Windows License Type: OEM SLP

    Windows OS version: 6.0.6000.2.00010100.0.0.001

    CSVLK Server: N/A

    CSVLK PID: N/A

    ID: {D4C2A942-DB40-41FF-BE6B-1202C463DA16}(1)

    Is Admin: Yes

    TestCab: 0x0

    WGA Version: Registered, 1.7.69.2

    Signed By: Microsoft

    Product Name: Windows Vista (TM) Ultimate

    Architecture: 0x00000000

    Build lab: 6000.vista_gdr.071023-1545

    TTS Error: M:20080528123710359-

    Validation Diagnostic:

    Resolution Status: N/A

    WgaER Data-->

    ThreatID(s): N/A, hr = 0x80070002

    Version: 6.0.6001.18000

    WGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    File Exists: No

    Version: N/A, hr = 0x80070002

    WgaTray.exe Signed By: N/A, hr = 0x80070002

    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->

    Cached Result: N/A, hr = 0x80070002

    Version: N/A, hr = 0x80070002

    WGATray.exe Signed By: N/A, hr = 0x80070002

    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->

    Office Status: 109 N/A

    OGA Version: Registered, 1.6.28.0

    Signed By: Microsoft

    Office Diagnostics: 025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3

    Browser Data-->

    Proxy settings: N/A

    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)

    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

    Download signed ActiveX controls: Prompt

    Download unsigned ActiveX controls: Disabled

    Run ActiveX controls and plug-ins: Allowed

    Initialize and script ActiveX controls not marked as safe: Disabled

    Allow scripting of Internet Explorer Webbrowser control: Disabled

    Active scripting: Allowed

    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    File Mismatch: C:\Windows\system32\Slsvc.exe[6.0.6000.16509]

    Wednesday, May 28, 2008 7:05 PM

Answers

  • Hi

     

    Vista is in, what is called a 'Mod-Auth' Tamper state.  There are 2 types of Mod-Auth tampers.

     

    1) A critical system file was modified On Disk - What this means is that the file, located on the hard drive, was modified in some way. This can be caused by random file corruption, a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off-chance that the roll back did not occure.

     

    2) A critical system file was modified In Memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way. and is usually caused by a running program that is incompatible with Vista.

     

    Because of the Mismatched files listed under the "File Scan Data-->" line of your Diagnostic Report, your issue is an On Disk Mod-Auth.  In your case, the Critical System File that has been Modified (or that has become Corrupt) is slc.dll Version # 6.0.6000.16509

     

      Normally, to fix this type of issue, I would have you Un-install then Re-install an Update that contains the same version of that file. This would replace the bad file with a unmodified/uncorrupted copy.  Unfortunatly, the only update that contains that version of your modified/corrupted slsvc.exe file, can can only be installed once and can not be uninstalled then reinstalled.

     

      At this point I can give you two options:

     

    A) Repair Windows using System Restore:

     

    1) Reboot Vista into Safe Mode

    2) Go to Control Panel

    3) On the left hand side of the Control Panel window, Click on "Classic View"

    4) Double-click "Backup and Restore Center"

    5) On the left hand side of the window, click "Repair Windows using system restore"

    6) Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.

    7) Click the "Next" button.

    8) Reboot back into Normal mode

    9) Vista should no longer be in Reduced Functionality mode

     

    or

     

    B) Using the Windows Restore software, that came with your computer. The Windows Restore software may be on a disk or on a partition on your computer's hard drive. The software resets Windows back to how it was when it left the factory. (please be sure to take copies, of important files, off the computer before conducting the Windows Restore process.

      Each manufacturer does the Windows Restore process differently, so please see the documentaion that came with the computer or contact the computer's manufacturer for assistance.

     

      An addition, I am pretty sure that SP1 contains a copy of the slsvc.exe file and if you can find a way to get SP1 to install successfully, I believe it will overwrite the bad copy with the known-good copy of the file and will resolve the issue. You can find information on known SP1 issues as well as a link to free SP1 email, phone and chat based support at http://support.microsoft.com/ph/11732#tab0 . I would suggest trying to get SP1 install first,  before attempting the hassle of the Windows Restore process.

     

    Thank you,

    Darin Smith

    WGA Forum Manager

    Wednesday, May 28, 2008 9:20 PM