Remove From My Forums

Unauthorized Changes in Windows ERROR!!!

Question
0

Sign in to vote

It is sick... I used the licensed version for 1 year already. Today I got the unauthorized problem. PLEASE HELP!!!

Diagnostic Report (1.7.0069.0):
-----------------------------------------
WGA Data-->
Validation Status: Invalid License
Validation Code: 50
Online Validation Code: 0x80072efe
Cached Validation Code: N/A, hr = 0xc004d401
Windows Product Key: *****-*****-JC4BT-FD8Y6-PMWXB
Windows Product Key Hash: raFg9jcjm6Q/V6ciEGVhZqad8dY=
Windows Product ID: 89572-OEM-7300846-90697
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6000.2.00010300.0.0.002
CSVLK Server: N/A
CSVLK PID: N/A
ID: {4C55E992-EBC4-4434-8C80-2CD48AE7D959}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6000.vista_gdr.071023-1545
TTS Error: M:20080322190517388-
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-2920-80070002_7E90FEE8-198-80004005_025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3_E2AD56EA-337-800d_E2AD56EA-338-2eff_16E0B333-89-80004005_B4D0AA8B-888-80004005_E2AD56EA-337-800d_E2AD56EA-338-2eff_16E0B333-89-80004005_B4D0AA8B-888-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\crypt32.dll[6.0.6000.16425]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4C55E992-EBC4-4434-8C80-2CD48AE7D959}</UGUID><Version>1.7.0069.0</Version><OS>6.0.6000.2.00010300.0.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PMWXB</PKey><PID>89572-OEM-7300846-90697</PID><PIDType>3</PIDType><SID>S-1-5-21-3911511540-1182024986-1348709323</SID><SYSTEM><Manufacturer>Unknow</Manufacturer><Model>Unknow</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="4"/><Date>20070328000000.000000+000</Date></BIOS><HWID>AC303507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>SE Asia Standard Time(GMT+07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>58A0AD5342B9586</Val><Hash>4bgT+QAbzmodD+/bpv3t0artVAk=</Hash><Pid>89409-707-4407661-65317</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0015-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Access 2007</Name><Ver>12</Ver><Val>4850AD3A5132D86</Val><Hash>38v3TfO7ipQuygQdzLLb+4Quh6o=</Hash><Pid>89384-707-2511516-63410</Pid><PidType>14</PidType></Product><Product GUID="{90120000-001B-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Word 2007</Name><Ver>12</Ver><Val>4850AD3A5132D86</Val><Hash>38v3TfO7ipQuygQdzLLb+4Quh6o=</Hash><Pid>89407-707-2511516-63047</Pid><PidType>14</PidType></Product></Products></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAABAAAAKYHAAAAAAAAYWECAHBJNpwSk5wij4vIAdArSr9MLECc5R83cvYPeMxEPkKgktGCwkQAyhNUuvioq3S6G5RlSHaqlC8xBzpbmPntWBSfBE4VXPDimrIEzWHf9pLYbmxT75dVnpRs7+L2gt4fFk63gL51i1bN/uktHF9NnJ4kBVVZxxNaOR4lt2FLfZhdiZz0/9Zinc6fT9PGUnUkf1ggRM9YVjVPaXfq9mW6WYVn+vzvGWUcoGZ5YLI44S+OfjhBlV8uAxe01I/ZKZNWwwdYiXpc/hINcaDhijOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jM9sUyFBRWeqCoIfye5WcuVOyTIiJPaG1Cttxyp2u4DJv57VgUnwROFVzw4pqyBM1h8YF4x+eBbJIJmW/m9y1AtoLeHxZOt4C+dYtWzf7pLRxfTZyeJAVVWccTWjkeJbdhS32YXYmc9P/WYp3On0/TxlJ1JH9YIETPWFY1T2l36vZlulmFZ/r87xllHKBmeWCyOOEvjn44QZVfLgMXtNSP2SmTVsMHWIl6XP4SDXGg4YozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zFYclZ9eyFPGX2hmOiXNTnUIu0D6qGWyGhrtLwZ0gFg9+e1YFJ8EThVc8OKasgTNYZWPhU4tfsTop5c5qfiuXjOC3h8WTreAvnWLVs3+6S0cX02cniQFVVnHE1o5HiW3YUt9mF2JnPT/1mKdzp9P08ZSdSR/WCBEz1hWNU9pd+r2ZbpZhWf6/O8ZZRygZnlgsjjhL45+OEGVXy4DF7TUj9kpk1bDB1iJelz+Eg1xoOGKM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDA==

Saturday, March 22, 2008 12:26 PM

Answers

0

Sign in to vote

Hi Steve,

Hello,

Vista is in, what is called a 'Mod-Auth' Tamper state. There are 2 types of Mod-Auth tampers.

1) A critical system file was modified On Disk - What this means is that the file, located on the hard drive, was modified in some way. This can be caused by random file corruption, a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off-chance that the roll back did not occure.

2) A critical system file was modified In Memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way. and is usually caused by a running program that is incompatible with Vista.

Because of the Mismatched file listed under the "File Scan Data-->" line of your Diagnostic Report, your issue is an On Disk Mod-Auth. The Mismatched file (crypt32.dll[6.0.6000.16425]) is the file that has been Modified or has become corrupted.

Normally, I would look up the version number of this file and figure out which current Windows Update contained that file. I would then tell you to install (or re-install) the update. This would replace the bad file with an unmodified/corrupted copy. But now that Service Pack 1 for Vista has been released, the issue has become allot easier to resolve. All you need to do is install SP1 for Vista (found at http://www.microsoft.com/downloads/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674&DisplayLang=en). This should replace the bad crypt32.dll file with a known good (and updated) copy.

Please tell me if this has resolved your issue.

Thank you,

Darin Smith

WGA Forum Manager

Monday, March 24, 2008 9:43 PM

All replies

0

Sign in to vote

Hi Steve,

Hello,

Vista is in, what is called a 'Mod-Auth' Tamper state. There are 2 types of Mod-Auth tampers.

1) A critical system file was modified On Disk - What this means is that the file, located on the hard drive, was modified in some way. This can be caused by random file corruption, a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off-chance that the roll back did not occure.

2) A critical system file was modified In Memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way. and is usually caused by a running program that is incompatible with Vista.

Because of the Mismatched file listed under the "File Scan Data-->" line of your Diagnostic Report, your issue is an On Disk Mod-Auth. The Mismatched file (crypt32.dll[6.0.6000.16425]) is the file that has been Modified or has become corrupted.

Normally, I would look up the version number of this file and figure out which current Windows Update contained that file. I would then tell you to install (or re-install) the update. This would replace the bad file with an unmodified/corrupted copy. But now that Service Pack 1 for Vista has been released, the issue has become allot easier to resolve. All you need to do is install SP1 for Vista (found at http://www.microsoft.com/downloads/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674&DisplayLang=en). This should replace the bad crypt32.dll file with a known good (and updated) copy.

Please tell me if this has resolved your issue.

Thank you,

Darin Smith

WGA Forum Manager

Monday, March 24, 2008 9:43 PM
0

Sign in to vote

Hi Smith,

I tested most of the cases mentioned in the other posts but failed. What I found out is

1. Restored the system back to previous stage by using the original CD->repair->restore.

2. Triggered the windows upgrade.

3. Waited for the end of the update without errors.

4. Restart the machine.

I got the same Unauthorized Changes in Windows error again.

I tested 2 times with the same result. What I did now is suspended the automation of windows upgrade. Any idea how to fix it?

Rgds,
Steve

Tuesday, March 25, 2008 12:17 PM

Stevewoy wrote:

Hi Smith,

I tested most of the cases mentioned in the other posts but failed. What I found out is

1. Restored the system back to previous stage by using the original CD->repair->restore.

So you did a System Restore to a point before Vista had the issue or did you do a Vista Repair using the CD?

Did it fix the issue?

Stevewoy wrote:

2. Triggered the windows upgrade.

When you say "windows upgrade", I assume you mean Service Pack 1 for Vista, correct?

Stevewoy wrote:

3. Waited for the end of the update without errors.

4. Restart the machine.

I got the same Unauthorized Changes in Windows error again.

So installing Service Pack 1 for Vista did not replace the Modified/Corrupt file crypt32.dll with a unmodified/uncorrupted copy? (i.e. did not fix the issue)?

Thank you,

Darin

Tuesday, March 25, 2008 8:00 PM

Yes, I booted up the system by the original CD--> Started repairing system --> No error found --> Manualy restored the system to previous safe point.

I found the cases related to KB931573 & KB915597. Whenever these 2 updated into the system, I got the error.

I also don't understand why Vista still keeps on upgrading the system even though I turned off Windows Update service.

Sunday, March 30, 2008 9:09 AM

Answered by:

Unauthorized Changes in Windows ERROR!!!

Question

Answers

All replies