Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Unauthorized change made to windows RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

     

    After installing Kaspersky, when I restarted my computer I got a blank screen with a message saying that ans Unauthorized change was made to windows! What do I do?

     

     

    Diagnostic Report (1.7.0095.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0xc004d401
    Cached Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-GD2PK-BD3R2-44MV3
    Windows Product Key Hash: f7FPE6g/CLFmnJ4E6GbEU9Xn1sA=
    Windows Product ID: 89572-OEM-7332166-00021
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6000.2.00010300.0.0.002
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {F8AE8173-F309-4121-8124-776D24B810D6}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Basic
    Architecture: 0x00000000
    Build lab: 6000.vista_gdr.071023-1545
    TTS Error: K:20080527201957520-M:20080530073054739-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{F8AE8173-F309-4121-8124-776D24B810D6}</UGUID><Version>1.7.0095.0</Version><OS>6.0.6000.2.00010300.0.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-44MV3</PKey><PID>89572-OEM-7332166-00021</PID><PIDType>2</PIDType><SID>S-1-5-21-1203609226-2964196858-312999683</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>Presario C500 (RZ342UA#ABA)       </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.24</Version><SMBIOSVersion major="2" minor="4"/><Date>20070425000000.000000+000</Date></BIOS><HWID>57303507018400DA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><BRT/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAB6WLwAAAAAAYWECADAgAADguQsC4bHIARhDs/4hWdo7Xkl9D+HKpnipIeLaYOeuO7QXx5UPH5WanQdCY+eSMWQ1yLSCLi2oZ+fDvX0zCybmDilyQLttVIxXGXhDgPOiLxC60bO1jq3vsEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTCDPKtQZQFIQcDXIAwFGl6D92xawlw1xRakOj2kK/e8EbxOVVm9fICZUkfHdDNbo72qUqYYmAlRJO05+WV1r70w2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4NtNazYsQCdRxVdjwgYNoWTwo5H9Y5TqZF1gZS4B3gSjnw719Mwsm5g4pckC7bVSMaZHOxaM/cpuPssff/VtvQLBBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwgzyrUGUBSEHA1yAMBRpeg/dsWsJcNcUWpDo9pCv3vBG8TlVZvXyAmVJHx3QzW6O9qlKmGJgJUSTtOfllda+9MNjuj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmePN+4GWYWFhk9a75ehh977FX4iZ5xxwSDVig7YAF0BbM58O9fTMLJuYOKXJAu21UjNdPsLWYBD2EbL7/C5C7exawQaeZHRF4n0qVYImi7Gro8AjAfAdUx+81q5JsW+ZpMIM8q1BlAUhBwNcgDAUaXoP3bFrCXDXFFqQ6PaQr97wRvE5VWb18gJlSR8d0M1ujvapSphiYCVEk7Tn5ZXWvvTDY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7Wd5DLG48USTh5fPwg3JkytOVQgh/aTXEmEE+MzcORPXwO97BuxrKcj+9gzTrUJt+r1Cnkwp1kbu0U38n3L6QLH0nKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nqHVGQ6bSfqRZNe2nn6cdb8ZysNIlzwo+Sgmb+rcc15HvewbsaynI/vYM061Cbfq9lxFTigYq4aH0bfN5SgV695ynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJyqlhbdjKLpGQf1HE3wSXA++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ+IHCg3MzeZQ8FlBijaOBE6byAkE5FJkkC3WJq81XNFH73sG7GspyP72DNOtQm36vRb61JUZVrqu4UGYcVzwJNOcp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TScqpYW3Yyi6RkH9RxN8ElwPvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7Wc1D0MCKL+zv6/5SYQP6YdRIFArZ6B+hysyTrlE3d3Zre97BuxrKcj+9gzTrUJt+r3gNe7GY1dAyFJDesm9cSMonKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nNQ9DAii/s7+v+UmED+mHUW8yV8+7MWnfJh7WfVumThvvewbsaynI/vYM061Cbfq9vH/T/75zWB4Ex1/xyzyKp5ynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJyqlhbdjKLpGQf1HE3wSXA++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ2XRuEFJHpQpkwqhbAFML2A7JN7wWOwRloY8DqBKcRk373sG7GspyP72DNOtQm36vZLwM7gMOFz79P/6glNb6Zacp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TScqpYW3Yyi6RkH9RxN8ElwPvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7WemtgdDJKxffSmiiZ7a0/VuqV+QMNzU7ZYlr4OqkiwP5O97BuxrKcj+9gzTrUJt+r3PCJ+IP0iyEHPgha5ARvZ6nKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nbJhHhG4gr/wn1ZFIorpFwcHzdJH5zuhGX8vtdQwOt/vvewbsaynI/vYM061Cbfq9t8c6VDXPE9avZYOwynnlGpynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJyqlhbdjKLpGQf1HE3wSXA++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ5gLTrEMIeuCEsoNlq6znIBJxGc1tQxLWi4ywjMW5k0X73sG7GspyP72DNOtQm36vRq5TrsLjb6GqARbUUOhxM2cp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TScqpYW3Yyi6RkH9RxN8ElwPvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7WdDAQXWPXKNv0JeQIRLtvkEbMjHdU54d/FyJg3LVC4hgO97BuxrKcj+9gzTrUJt+r1gersytgqko3c7wLCPtTV7nKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nt4RXxpZTK10kqgNTMkCJkR+QsxSaYkyTzzw9syQFvB3vewbsaynI/vYM061Cbfq9YvR5JNK7DlGm0Yf3rvPi1Zynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJyqlhbdjKLpGQf1HE3wSXA++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ8CveBmzm8eMNAz7VTwa5pn/W+/LwEMtbuHBE5YDFTyB73sG7GspyP72DNOtQm36vRq5TrsLjb6GqARbUUOhxM2cp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TScqpYW3Yyi6RkH9RxN8ElwPvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7Wcn9Rg4osOqtu2tx2V8eC2vkVPrwMeJ0NUI6JfVLVYq++97BuxrKcj+9gzTrUJt+r0+rk8dSr6aJhhStjy/wNa9nKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

     

    Friday, May 30, 2008 11:45 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Chel-C,

     

    Vista is in, what we call, a 'Mod-Auth' Tamper state.  There are 2 types of Mod-Auth tampers.

     

    1) A critical system file was modified On Disk - What this means is that the file, located on the hard drive, was modified in some way. This can be caused by a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). 

     

    2) A critical system file was modified In Memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way. and is usually caused by a running program that is incompatible with Vista.

     

      Because there are No Mismatched files listed under the "File Scan Data-->" line of your Diagnostic Report, your issue is a In Memory Mod-Auth and therefore caused by an incompatible program. This means there is a program install and Running that is trying to access parts of the OS that Vista does not allow which by definition means it is incompatible with Vista.

     

     I have seen reports that Kaspersky (even though it is supposed to be compatible with Vista) can sometimes cause this type of issue.

     

      You have a couple options at this point.

     

    a) You could do a search of this forum for the word "Kaspersky". You should find about 48 results. In those results, you may find a resolution to your issue.

     

    b) You could go to the Kaspersky forums (http://forum.kaspersky.com) and see if there is any workarounds for your issue. (while you are there, you may want to confirm that you have the most up-to-date version of Kaspersky).

     

    c) Uninstall Kaspersky

     

     

    Thank you,

    Darin Smith

    WGA Forum Manager

     

    Friday, May 30, 2008 10:46 PM