none
"An unauthorized change was made to Windows" - Reinstall required!

    Question

  • This happened on an OEM install of Vista. Because Microsoft no longer includes the installation disk, it is impossible to reinstall Windows. There is no reasonable way to get the system working again (but there are unreasonable solutions that involve giving more money to Microsoft.... or Apple).

    The "File Scan" section shows:

    File Scan Data-->
    File Mismatch: C:\Windows\system32\shell32.dll[6.0.6002.18646], Hr = 0x800b0100
    

    ....but I compared that file with the same file on a working Vista system and found them to be byte-for-byte identical. Here is the complete diagnostic report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-C6VHG-HFY2Y-QKJBC
    Windows Product Key Hash: gxUqS56PIdmA4fmdIuLlSyTtWs0=
    Windows Product ID: 89578-OEM-7250421-72397
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {DF232663-4A6F-4966-937B-8AB3C09B6FE8}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.130308-1436
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A
    
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398
    
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    
    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    
    File Scan Data-->
    File Mismatch: C:\Windows\system32\shell32.dll[6.0.6002.18646], Hr = 0x800b0100
    
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{DF232663-4A6F-4966-937B-8AB3C09B6FE8}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-QKJBC</PKey><PID>89578-OEM-7250421-72397</PID><PIDType>8</PIDType><SID>S-1-5-21-2451316926-822776585-1986153624</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>T5246</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="4"/><Date>20071110000000.000000+000</Date></BIOS><HWID>F3303507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>GATEWA</OEMID><OEMTableID>SYSTEM  </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
    
    Spsys.log Content: U1BMRwEAAAAAAQAABAAAABUGAAAAAAAAYWECAASA5JDbKxIfSgnOASPvOhE4aiPWkIrToHXwxdroccfQ51oqbI3L4AW6ebltk6IF68QmnKAretE6l9Uo9DOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeTc94onuYMBS1pAlQZVEVuIT+6OzXxmdmouU38j2Nwu0zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
    
    Licensing Data-->
    Software licensing service version: 6.0.6002.18005
    
    Windows Activation Technologies-->
    N/A
    
    HWID Data-->
    HWID Hash Current: OAAAAAEAAwABAAIAAQACAAAAAwABAAEAJJQ8QEJT1vcEX5IAtHwQMYQu8vRiPZxZ1gysVr/4yPQ=
    
    OEM Activation 1.0 Data-->
    N/A
    
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name	OEMID Value	OEMTableID Value
      APIC			GATEWA		SYSTEM  
      FACP			GATEWA		SYSTEM  
      HPET			GATEWA		SYSTEM  
      MCFG			GATEWA		SYSTEM  
      SLIC			GATEWA		SYSTEM  
      SSDT			PTLTD 		POWERNOW
    
    
    

    Thursday, December 12, 2013 7:10 PM

Answers

  • Sorry about the delay!

    I've uploaded a file - sdfaa.zip - to my SkyDrive at Noel's SkyDrive

    Please download and save it.

    Right-click on the saved file and select Extract all...

    Change the target to C:\ and click on Extract

    Close all windows (it would be a good idea to print these
    instructions!)

    Now reboot to the Repair Environment - as soon as the machine restarts, start
    tapping F8 - this should bring up the Advanced Boot Menu, at the top of which
    should be the option 'Repair my Computer'

    Pick that

    You'll have to log in with your username and password.

    Pick the option to use a Command Prompt

    At the prompt type

    DIR C:\sdfaa

    hit the enter key - if you get a 'Not
    Found' error try

    DIR D:\sdfaa

    or

    DIR E:\sdfaa

    The drive letter in use when you find the folder will need to be substituted (for<drive>) into the following
    command...

    XCOPY  <drive>:\sdfaa  <drive>:\windows\winsxs /y /i /s /v /h

    (e.g. XCOPY P:\wfire P:\windows\winsxs /y /i /s /v /h )

    run the command (it should take almost no time) and when the prompt returns, type

    EXIT

    and hit the Enter key to exit Command Prompt - reboot to Normal Mode Windows.

    Now run SFC /SCANNOW in an Elevated Command Prompt

    then reboot and upload the new CBS.log file to your SkyDrive Public folder, and
    post a new link

    Also run a new MGADiag report, and post the result.



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, December 19, 2013 2:19 PM
    Moderator

All replies

  • Please run a full CHKDSK and SFC scan....

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

    At the Command prompt, type

    CHKDSK C: /R

    and hit the Enter key.

    You will be told that the drive is locked,

    and the CHKDSK will run at he next boot - hit the Y key, press Enter, and then reboot.

    The CHKDSK will take a few hours depending on the size of the drive, so be patient!

    After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) -

    then run the SFC.

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

    At the Command prompt, type

    SFC /SCANNOW

    and hit the Enter key

    Wait for the scan to finish - make a note of any error messages - and then reboot.

    Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive Public folder (http://skydrive.live.com ) and post a link to it so that I can take a look.

    Post a new MGADiag report with details of any error messages encountered.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, December 13, 2013 9:22 AM
    Moderator
  • CBS.zip

    Console output from SFC was as follows:

    Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 100% complete. Windows Resource Protection found corrupt files but was unable to fix some of th em. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log The system file repair changes will take effect after the next reboot.

    The new MGADiag report is as follows:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-C6VHG-HFY2Y-QKJBC
    Windows Product Key Hash: gxUqS56PIdmA4fmdIuLlSyTtWs0=
    Windows Product ID: 89578-OEM-7250421-72397
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {DF232663-4A6F-4966-937B-8AB3C09B6FE8}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.130308-1436
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A
    
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398
    
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    
    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    
    File Scan Data-->
    
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{DF232663-4A6F-4966-937B-8AB3C09B6FE8}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-QKJBC</PKey><PID>89578-OEM-7250421-72397</PID><PIDType>8</PIDType><SID>S-1-5-21-2451316926-822776585-1986153624</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>T5246</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="4"/><Date>20071110000000.000000+000</Date></BIOS><HWID>F3303507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>GATEWA</OEMID><OEMTableID>SYSTEM  </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
    
    Spsys.log Content: U1BMRwEAAAAAAQAABAAAABUGAAAAAAAAYWECAASA5JDbKxIfSgnOASPvOhE4aiPWkIrToHXwxdroccfQ51oqbI3L4AW6ebltk6IF68QmnKAretE6l9Uo9DOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeTc94onuYMBS1pAlQZVEVuIT+6OzXxmdmouU38j2Nwu0zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
    
    Licensing Data-->
    Software licensing service version: 6.0.6002.18005
    
    Windows Activation Technologies-->
    N/A
    
    HWID Data-->
    HWID Hash Current: OAAAAAEAAwABAAIAAQACAAAAAwABAAEAJJQ8QEJT1vcEX5IAtHwQMYQu8vRiPZxZ1gysVr/4yPQ=
    
    OEM Activation 1.0 Data-->
    N/A
    
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name	OEMID Value	OEMTableID Value
      APIC			GATEWA		SYSTEM  
      FACP			GATEWA		SYSTEM  
      HPET			GATEWA		SYSTEM  
      MCFG			GATEWA		SYSTEM  
      SLIC			GATEWA		SYSTEM  
      SSDT			PTLTD 		POWERNOW
    
    
    

    Tuesday, December 17, 2013 6:08 PM
  • Here's the summary from the SFC log...

    	Line 275320: 2013-12-17 12:54:54, Info                  CSI    0000021c [SR] Repairing 4 components
    	Line 275321: 2013-12-17 12:54:54, Info                  CSI    0000021d [SR] Beginning Verify and Repair transaction
    	Line 275324: 2013-12-17 12:54:54, Info                  CSI    0000021f [SR] Cannot repair member file [l:50{25}]"PhotoLibraryResources.dll" of Microsoft-Windows-PhotoLibraryResources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    	Line 275327: 2013-12-17 12:54:54, Info                  CSI    00000221 [SR] Cannot repair member file [l:22{11}]"shell32.dll" of Microsoft-Windows-shell32, Version = 6.0.6002.18646, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    	Line 275330: 2013-12-17 12:54:54, Info                  CSI    00000223 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
    	Line 275333: 2013-12-17 12:54:54, Info                  CSI    00000225 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
    	Line 275342: 2013-12-17 12:54:54, Info                  CSI    00000229 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
    	Line 275345: 2013-12-17 12:54:54, Info                  CSI    0000022b [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
    

    I'm surprised that the Shell32.dll problem doesn't show in the MGADiag report!

    I'll post a fix protocol for the outstanding errors a little later, and we'll see how that works.

    You may want to check for malware, since damaged system files like this are often the result of infestations.

    Please download and install  Malwarebytes Anti-malware (free version) from  http://www.malwarebytes.org/products/malwarebytes_free/ - UNtick 'Enable free trial of MBAM PRO' at the end of the installation -  and update it, then run a full scan  in your main account, and Quick scans in any other user accounts.

    Delete everything it finds   


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, December 18, 2013 9:48 AM
    Moderator
  • Sorry about the delay!

    I've uploaded a file - sdfaa.zip - to my SkyDrive at Noel's SkyDrive

    Please download and save it.

    Right-click on the saved file and select Extract all...

    Change the target to C:\ and click on Extract

    Close all windows (it would be a good idea to print these
    instructions!)

    Now reboot to the Repair Environment - as soon as the machine restarts, start
    tapping F8 - this should bring up the Advanced Boot Menu, at the top of which
    should be the option 'Repair my Computer'

    Pick that

    You'll have to log in with your username and password.

    Pick the option to use a Command Prompt

    At the prompt type

    DIR C:\sdfaa

    hit the enter key - if you get a 'Not
    Found' error try

    DIR D:\sdfaa

    or

    DIR E:\sdfaa

    The drive letter in use when you find the folder will need to be substituted (for<drive>) into the following
    command...

    XCOPY  <drive>:\sdfaa  <drive>:\windows\winsxs /y /i /s /v /h

    (e.g. XCOPY P:\wfire P:\windows\winsxs /y /i /s /v /h )

    run the command (it should take almost no time) and when the prompt returns, type

    EXIT

    and hit the Enter key to exit Command Prompt - reboot to Normal Mode Windows.

    Now run SFC /SCANNOW in an Elevated Command Prompt

    then reboot and upload the new CBS.log file to your SkyDrive Public folder, and
    post a new link

    Also run a new MGADiag report, and post the result.



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, December 19, 2013 2:19 PM
    Moderator
  • Any update on this?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, December 29, 2013 1:42 PM
    Moderator
  • No update yet. My employer was closed for the holidays. I'll post it as soon as I have it.

    Thursday, January 2, 2014 6:25 PM
  • No problem - come back when you can!


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, January 2, 2014 7:47 PM
    Moderator
  • Any further progress?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Sunday, January 19, 2014 10:55 AM
    Moderator