Answered by:
Unauthorized change made to windows

Question
-
After installing Kaspersky, when I restarted my computer I got a blank screen with a message saying that ans Unauthorized change was made to windows! What do I do?
Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Invalid License
Validation Code: 50
Online Validation Code: 0xc004d401
Cached Validation Code: N/A, hr = 0xc004d401
Windows Product Key: *****-*****-GD2PK-BD3R2-44MV3
Windows Product Key Hash: f7FPE6g/CLFmnJ4E6GbEU9Xn1sA=
Windows Product ID: 89572-OEM-7332166-00021
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6000.2.00010300.0.0.002
CSVLK Server: N/A
CSVLK PID: N/A
ID: {F8AE8173-F309-4121-8124-776D24B810D6}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6000.vista_gdr.071023-1545
TTS Error: K:20080527201957520-M:20080530073054739-
Validation Diagnostic:
Resolution Status: N/AWgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F8AE8173-F309-4121-8124-776D24B810D6}</UGUID><Version>1.7.0095.0</Version><OS>6.0.6000.2.00010300.0.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-44MV3</PKey><PID>89572-OEM-7332166-00021</PID><PIDType>2</PIDType><SID>S-1-5-21-1203609226-2964196858-312999683</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>Presario C500 (RZ342UA#ABA) </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.24</Version><SMBIOSVersion major="2" minor="4"/><Date>20070425000000.000000+000</Date></BIOS><HWID>57303507018400DA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><BRT/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Spsys.log Content: U1BMRwEAAAAAAQAABAAAAB6WLwAAAAAAYWECADAgAADguQsC4bHIARhDs/4hWdo7Xkl9D+HKpnipIeLaYOeuO7QXx5UPH5WanQdCY+eSMWQ1yLSCLi2oZ+fDvX0zCybmDilyQLttVIxXGXhDgPOiLxC60bO1jq3vsEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTCDPKtQZQFIQcDXIAwFGl6D92xawlw1xRakOj2kK/e8EbxOVVm9fICZUkfHdDNbo72qUqYYmAlRJO05+WV1r70w2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4NtNazYsQCdRxVdjwgYNoWTwo5H9Y5TqZF1gZS4B3gSjnw719Mwsm5g4pckC7bVSMaZHOxaM/cpuPssff/VtvQLBBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwgzyrUGUBSEHA1yAMBRpeg/dsWsJcNcUWpDo9pCv3vBG8TlVZvXyAmVJHx3QzW6O9qlKmGJgJUSTtOfllda+9MNjuj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmePN+4GWYWFhk9a75ehh977FX4iZ5xxwSDVig7YAF0BbM58O9fTMLJuYOKXJAu21UjNdPsLWYBD2EbL7/C5C7exawQaeZHRF4n0qVYImi7Gro8AjAfAdUx+81q5JsW+ZpMIM8q1BlAUhBwNcgDAUaXoP3bFrCXDXFFqQ6PaQr97wRvE5VWb18gJlSR8d0M1ujvapSphiYCVEk7Tn5ZXWvvTDY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7Wd5DLG48USTh5fPwg3JkytOVQgh/aTXEmEE+MzcORPXwO97BuxrKcj+9gzTrUJt+r1Cnkwp1kbu0U38n3L6QLH0nKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nqHVGQ6bSfqRZNe2nn6cdb8ZysNIlzwo+Sgmb+rcc15HvewbsaynI/vYM061Cbfq9lxFTigYq4aH0bfN5SgV695ynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJyqlhbdjKLpGQf1HE3wSXA++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ+IHCg3MzeZQ8FlBijaOBE6byAkE5FJkkC3WJq81XNFH73sG7GspyP72DNOtQm36vRb61JUZVrqu4UGYcVzwJNOcp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TScqpYW3Yyi6RkH9RxN8ElwPvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7Wc1D0MCKL+zv6/5SYQP6YdRIFArZ6B+hysyTrlE3d3Zre97BuxrKcj+9gzTrUJt+r3gNe7GY1dAyFJDesm9cSMonKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nNQ9DAii/s7+v+UmED+mHUW8yV8+7MWnfJh7WfVumThvvewbsaynI/vYM061Cbfq9vH/T/75zWB4Ex1/xyzyKp5ynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJyqlhbdjKLpGQf1HE3wSXA++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ2XRuEFJHpQpkwqhbAFML2A7JN7wWOwRloY8DqBKcRk373sG7GspyP72DNOtQm36vZLwM7gMOFz79P/6glNb6Zacp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TScqpYW3Yyi6RkH9RxN8ElwPvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7WemtgdDJKxffSmiiZ7a0/VuqV+QMNzU7ZYlr4OqkiwP5O97BuxrKcj+9gzTrUJt+r3PCJ+IP0iyEHPgha5ARvZ6nKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nbJhHhG4gr/wn1ZFIorpFwcHzdJH5zuhGX8vtdQwOt/vvewbsaynI/vYM061Cbfq9t8c6VDXPE9avZYOwynnlGpynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJyqlhbdjKLpGQf1HE3wSXA++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ5gLTrEMIeuCEsoNlq6znIBJxGc1tQxLWi4ywjMW5k0X73sG7GspyP72DNOtQm36vRq5TrsLjb6GqARbUUOhxM2cp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TScqpYW3Yyi6RkH9RxN8ElwPvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7WdDAQXWPXKNv0JeQIRLtvkEbMjHdU54d/FyJg3LVC4hgO97BuxrKcj+9gzTrUJt+r1gersytgqko3c7wLCPtTV7nKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nt4RXxpZTK10kqgNTMkCJkR+QsxSaYkyTzzw9syQFvB3vewbsaynI/vYM061Cbfq9YvR5JNK7DlGm0Yf3rvPi1Zynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJyqlhbdjKLpGQf1HE3wSXA++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ8CveBmzm8eMNAz7VTwa5pn/W+/LwEMtbuHBE5YDFTyB73sG7GspyP72DNOtQm36vRq5TrsLjb6GqARbUUOhxM2cp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TScqpYW3Yyi6RkH9RxN8ElwPvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7Wcn9Rg4osOqtu2tx2V8eC2vkVPrwMeJ0NUI6JfVLVYq++97BuxrKcj+9gzTrUJt+r0+rk8dSr6aJhhStjy/wNa9nKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=
Friday, May 30, 2008 11:45 AM
Answers
-
Hello Chel-C,
Vista is in, what we call, a 'Mod-Auth' Tamper state. There are 2 types of Mod-Auth tampers.
1) A critical system file was modified On Disk - What this means is that the file, located on the hard drive, was modified in some way. This can be caused by a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system).
2) A critical system file was modified In Memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way. and is usually caused by a running program that is incompatible with Vista.
Because there are No Mismatched files listed under the "File Scan Data-->" line of your Diagnostic Report, your issue is a In Memory Mod-Auth and therefore caused by an incompatible program. This means there is a program install and Running that is trying to access parts of the OS that Vista does not allow which by definition means it is incompatible with Vista.
I have seen reports that Kaspersky (even though it is supposed to be compatible with Vista) can sometimes cause this type of issue.
You have a couple options at this point.
a) You could do a search of this forum for the word "Kaspersky". You should find about 48 results. In those results, you may find a resolution to your issue.
b) You could go to the Kaspersky forums (http://forum.kaspersky.com) and see if there is any workarounds for your issue. (while you are there, you may want to confirm that you have the most up-to-date version of Kaspersky).
c) Uninstall Kaspersky
Thank you,
Darin Smith
WGA Forum Manager
Friday, May 30, 2008 10:46 PM