locked
Tamper Mode keeps coming back RRS feed

  • Question

  • Hi, I'm having repeated problems with Vista Home Premium going into tamper mode randomly after boot-up, for several weeks now.  I have been through all the threads and verified that there have been no new programs installed, tried re-entering the product key, etc. At least now i don't get the 'this is not a genuine copy of windows' notification, but i seem to keep going into tamper mode. When I delete the Cumulative Update for Media Center update the problem seems to go away, but that may be coincidence. I'd really like some help here, i've just about reached my limit with random vista errors and i'm days away from chucking vista and using my alternative xp boot or <shudder> buying a mac.

    Diagnostic report attached below.

    thanks,
    aviv

    Diagnostic Report (1.9.0011.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0

    Cached Validation Code: 0x0
    Windows Product Key: *****-*****-CK483-TPY6M-X4J8T
    Windows Product Key Hash: IwGRTzthS/vozq/o5oO9smUkxUg=
    Windows Product ID: 89578-OEM-7217031-29886
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {FB181FCC-FAD5-4CC7-98CF-ED61967754BB}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.9.9.1
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6001.vistasp1_gdr.090302-1506
    TTS Error: K:20090720084446953-M:20090720191456334-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Standard Edition 2003 - 100 Genuine
    OGA Version: Registered, 1.7.111.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{FB181FCC-FAD5-4CC7-98CF-ED61967754BB}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-X4J8T</PKey><PID>89578-OEM-7217031-29886</PID><PIDType>8</PIDType><SID>S-1-5-21-1248861237-4170362584-1683533694</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv6000 (GM007UA#ABL)  </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.25     </Version><SMBIOSVersion major="2" minor="4"/><Date>20070512000000.000000+000</Date></BIOS><HWID>A2313507018400EE</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>4DFE27E2EACF864</Val><Hash>8NYT8L9c1zTCKNvdv6x9vL7ZcEo=</Hash><Pid>70141-050-2344285-56647</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAOIGAAAAAAAAYWECAOhgpqVtpw722tfJARhy9171jCizkdIEkQaJZ65r4uwwk3zI7J9FcVF+WKDoJOxTpKBJyBmyFdkDl55yoDxmIhnxJS6W2ohsCzadr0LLfcvRF3q4n/VM9a50ID5rBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpB28UWdzFHrZPNCjSPxzetUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOE3ppKHhVqCwkvaDzBS7RRf801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeuhh0ZNvxbDwO/4826H3rZZzN8JZtq8kkImFmTTtJxShFRdB/TofoSRMO1ykgEoUW317FeSaUe0gkYMa0e2YbYwNZo5I814XKveJuPHHiahjj7tVLwe28YiH1BLYCERqYZDkmvhBlGHDl+f1L5AB51ccqVKU2BSf+UPRIXRoSSmEybGyYrHLwGFoM8hWdM+/ctDipudwcPOu4RzRON1r2alCNEX9TKgNw+bFnxMO1njX8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrqvPe8JQvACMHLjfWYtGRljwGDixcvam9J5OU/YpEPRCUXQf06H6EkTDtcpIBKFFt01XqS9MXv5w9rfAa1d8B+bWaOSPNeFyr3ibjxx4moY4+7VS8HtvGIh9QS2AhEamGQ5Jr4QZRhw5fn9S+QAedXHKlSlNgUn/lD0SF0aEkphMmxsmKxy8BhaDPIVnTPv3LQ4qbncHDzruEc0Tjda9mpQjRF/UyoDcPmxZ8TDtZ41/M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhy9171jCizkdIEkQaJZ65Mqtzb7kFWTVKCKbBND6K4pefBO58GOL6LAxKtILwAWBQjdPDwDinTfkQXASERseG2K4GbVlNv7/bagZDY+ne7k/oA/SfEX6ot/bnNmgLA1vu1UvB7bxiIfUEtgIRGphkOSa+EGUYcOX5/UvkAHnVxypUpTYFJ/5Q9EhdGhJKYTJsbJiscvAYWgzyFZ0z79y2BX7mQ2Q7393z5XQ50VXv9mhrKhq4UIi+PwtGQfjOGIjOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeuwDQcM05OrBN1+EoKcMOCsuXthMwBoXiLUDBRfIj5W+FRdB/TofoSRMO1ykgEoUW3YKVwZ/tbjgcUQZIqpdfhRtZo5I814XKveJuPHHiahjj7tVLwe28YiH1BLYCERqYZDkmvhBlGHDl+f1L5AB51ccqVKU2BSf+UPRIXRoSSmEybGyYrHLwGFoM8hWdM+/ctDipudwcPOu4RzRON1r2alCNEX9TKgNw+bFnxMO1njX8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrrlbN40B7hdkp2ZY0BBGDRaOUA8Q5PAUiwmZzzysaH2ZUXQf06H6EkTDtcpIBKFFtw83EMaJvFgZIR1oAxxINorWaOSPNeFyr3ibjxx4moY4+7VS8HtvGIh9QS2AhEamGQ5Jr4QZRhw5fn9S+QAedXHKlSlNgUn/lD0SF0aEkphMmxsmKxy8BhaDPIVnTPv3LQ4qbncHDzruEc0Tjda9mpQjRF/UyoDcPmxZ8TDtZ41/M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhy9171jCizkdIEkQaJZ64EeLL/gfMlMmF7kM8C+zVaArUMJjRhqjfw8FJSrceXljxmIhnxJS6W2ohsCzadr0J2BXLtCKvbyJ922j+nlE3ZBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpB28UWdzFHrZPNCjSPxzetUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOE3ppKHhVqCwkvaDzBS7RRf801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeuTzEyhucPK2gXV4aBh/vn/chEmpux98a0udSAEt0n7JRRdB/TofoSRMO1ykgEoUW3Pk6/xtH3xYwXKvSrZUXKyNZo5I814XKveJuPHHiahjj7tVLwe28YiH1BLYCERqYZDkmvhBlGHDl+f1L5AB51ccqVKU2BSf+UPRIXRoSSmEybGyYrHLwGFoM8hWdM+/ctDipudwcPOu4RzRON1r2alCNEX9TKgNw+bFnxMO1njX8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrvH81MfeGu8yV+zSFolydCkcD1VnTJr0Bj8jptDNGsw/FCN08PAOKdN+RBcBIRGx4cNYZscw+1YLGo2rNN6/G+uT+gD9J8Rfqi39uc2aAsDW+7VS8HtvGIh9QS2AhEamGQ5Jr4QZRhw5fn9S+QAedXHKlSlNgUn/lD0SF0aEkphMmxsmKxy8BhaDPIVnTPv3LYFfuZDZDvf3fPldDnRVe/2aGsqGrhQiL4/C0ZB+M4YiM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhy9171jCizkdIEkQaJZ64hFPn1hN+QfhDyA3beoOkI8qDd1e78gBeT0ab8vfgxaFF0H9Oh+hJEw7XKSAShRbcRU88t/vOiS2BaVlzaHcmV1mjkjzXhcq94m48ceJqGOPu1UvB7bxiIfUEtgIRGphkOSa+EGUYcOX5/UvkAHnVxypUpTYFJ/5Q9EhdGhJKYTJsbJiscvAYWgzyFZ0z79y0OKm53Bw867hHNE43WvZqUI0Rf1MqA3D5sWfEw7WeNfzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeu0yZpgBVvGUOlrnNIDFklzNDHEZcJptqYrzmBH9N99vRRdB/TofoSRMO1ykgEoUW34UWgQAbP9Opz303LB3aMXdZo5I814XKveJuPHHiahjj7tVLwe28YiH1BLYCERqYZDkmvhBlGHDl+f1L5AB51ccqVKU2BSf+UPRIXRoSSmEybGyYrHLwGFoM8hWdM+/ctDipudwcPOu4RzRON1r2alCNEX9TKgNw+bFnxMO1njX8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1648, 9) (null): 0xC004D401

    HWID Data-->
    HWID Hash Current: OgAAAAEABQABAAIAAQABAAAAAwABAAEAnJ8e+ggDFrugNIbzbKrqTlaoeGsCvPL0qqUmxCx8rFb0SA==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   HP      30BB   
      FACP   INTEL   CALISTGA
      HPET   HP      30BB   
      BOOT   HP      30BB   
      MCFG   HP      30BB   
      TCPA   HP      30BB   
      APIC   HP      30BB   
      SLIC   HPQOEM  SLIC-MPC
      SSDT   HP  30BB   
      SSDT   HP  30BB   
      SSDT   HP  30BB   
      SSDT   HP  30BB   
      SSDT   HP  30BB   

     

    Tuesday, July 21, 2009 3:39 AM

Answers

  • Hello asg1927,

    In Memory Mod-Auths are some of the hardest issues to resolve. 

      In memory Mod-Auths are caused by a running program that is attempting to Hook or Shim (modify) Vista systems files while they run in system memory.


     The hardest part about fixing a In Memory Mod-Auth is that the program that is causing the problem is actually sending command to other systems, those systems will, in turn, send commands to other systems and so on, till eventually one of the commands ends up causing the Modification of the system file and thus causing the Mod-Auth tamper error. Because of this, it's impossible for us to back track to the ultimate program that's causing the problem.

      I can provide tips and tricks to assist in the identification process (you said you've read the other threads, so you have seen my suggestions) but other then that, there is little I can do.

      The two biggest tips I can provide is that
    a) The Program must be running for the issue to occure, so if you see the issue, you know that problem programs is running right then.
    b) The programs that cause this issue can be either a legitimate program that happen to be incompatible with Vista or it can be caused by some sort of Malware. (The malware is doing, on purpose, the same things that Incompatible Programs do by accident).

      Lastly, you can create a (no cost) email support request at http://go.microsoft.com/fwlink/?linkid=52029 and see if they can provide any additional assistance. But I did want to set your expectations that the help they are able to provide will, most likely, be as limited what I was able to provide.


    I am very sorry I couldn't be more help,
    Darin MS
    Tuesday, July 21, 2009 6:00 PM