locked
Unauthorized Change Made to Windows RRS feed

  • Question

  • Getting answers from Microsoft Support is like asking for pigs to fly, except asking for pigs to fly is easier.
    My Vista 'experience' is infuiriating to say the least.  I once upon a time installed an automatic update to 'enhance the performace of my computer'.  It ended up corrupting the kernel and none of the time-consuming recovery programs on the installation disc succeed in helping.  I ended up have to reinstall EVERYTHING from scratch.

    About a week after said installation, I started geting popup boxes from Microsoft telling me I am a theif and this product is counterfeit.  This disc has only been in one hand, mine, and in only one computer, mine.  I did not buy this version from some guy out on the street in China, this disc was shipped directly to me from Microsoft.  This is not a low-end computer from years ago either, I am a software developer and this hardware is high-end.

    I'm getting sick of being called a theif.  I'm getting sick of running in Dysfunctional Mode.  I have a job to do, and for the last month, no one at Microsoft has been helping.

    Diagnostic Report (1.7.0066.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0xc004f012
    Cached Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-V7YRP-DY3X7-F4CHQ
    Windows Product Key Hash: KuHVwhIbrK1URXkSfz7FDrxSlUk=
    Windows Product ID: 89580-448-7539387-71050
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.0.6000.2.00010100.0.0.001
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {C8E31413-7222-4DB9-B8B4-C340D71C9B52}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.59.1
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Ultimate
    Architecture: 0x00000000
    Build lab: 6000.vista_gdr.071009-1548
    TTS Error: K:20080206143824143-M:20080206142726909-
    Validation Diagnostic:
    Resolution Status: N/A

    Notifications Data-->
    Cached Result: N/A
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 1.6.21.0
    Signed By: Microsoft
    Office Diagnostics:

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\Slsvc.exe[6.0.6000.16509]
    File Mismatch: C:\Windows\system32\printui.dll[6.0.6000.16386]
    File Mismatch: C:\Windows\system32\linkinfo.dll[6.0.6000.16386]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{C8E31413-7222-4DB9-B8B4-C340D71C9B52}</UGUID><Version>1.7.0066.0</Version><OS>6.0.6000.2.00010100.0.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-F4CHQ</PKey><PID>89580-448-7539387-71050</PID><PIDType>5</PIDType><SID>S-1-5-21-3949967399-3583814841-1175476503</SID><SYSTEM><Manufacturer>Compaq Presario 061</Manufacturer><Model>PY059AA-ABA SR1550NX NA530</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.12</Version><SMBIOSVersion major="2" minor="4"/><Date>20050420000000.000000+000</Date></BIOS><HWID>74313507018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAAGxAgAAAAAAWmICADAgAAD2XSLgaE3IAWZ6KdOh6pynEAGZ1IqD1OjqSsFczWQYftnLigAMsSkRpidCO9i9a9KIgsEc3hcHbmjwyAn8sMyz34HfM0IHIZCA9ssMuopI3mYKMk9O5fS0sEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTBgAm18BkdJTE0EGACwl7dV9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo725QzYM7NoLIP6BsYz9FHAia30CP0z0OYRuUWLuf4S5JTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxmeinToeqcpxABmdSKg9ToTq4Eu0EPUTqbQphdibCz2PC6CKDlzZeYkwcOYSK1TPho8MgJ/LDMs9+B3zNCByGQgPbLDLqKSN5mCjJPTuX0tLBBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwYAJtfAZHSUxNBBgAsJe3VfUvxlA2HnHjxUSjP5Xkve28TlVZvXyAmVJHx3QzW6O9uUM2DOzaCyD+gbGM/RRwImt9Aj9M9DmEblFi7n+EuSUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMZnop06HqnKcQAZnUioPU6BOvMq0IQhm5dXufnBe0grc6v2TknPmqNfIVif1vmmNWaPDICfywzLPfgd8zQgchkID2ywy6ikjeZgoyT07l9LSwQaeZHRF4n0qVYImi7Gro8AjAfAdUx+81q5JsW+ZpMGACbXwGR0lMTQQYALCXt1X1L8ZQNh5x48VEoz+V5L3tvE5VWb18gJlSR8d0M1ujvblDNgzs2gsg/oGxjP0UcCJrfQI/TPQ5hG5RYu5/hLklM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDGZ6KdOh6pynEAGZ1IqD1OgqMIxx2etJfEdt1Sk8w6/mAdDJIZKG5EE+rXXZUKPFG2jwyAn8sMyz34HfM0IHIZCA9ssMuopI3mYKMk9O5fS0sEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTBgAm18BkdJTE0EGACwl7dV9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo725QzYM7NoLIP6BsYz9FHAia30CP0z0OYRuUWLuf4S5JTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxmeinToeqcpxABmdSKg9ToExFB5fXbYoMCqdTVsTNT3JRLm6HevRM/IRlsSu2Ty4to8MgJ/LDMs9+B3zNCByGQgPbLDLqKSN5mCjJPTuX0tLBBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwYAJtfAZHSUxNBBgAsJe3VfUvxlA2HnHjxUSjP5Xkve28TlVZvXyAmVJHx3QzW6O9uUM2DOzaCyD+gbGM/RRwImt9Aj9M9DmEblFi7n+EuSUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMZnop06HqnKcQAZnUioPU6NRM7SBErb9+T1bJ+cjyuyGbZztedo04Uk6LBDiCSU3DaPDICfywzLPfgd8zQgchkID2ywy6ikjeZgoyT07l9LSwQaeZHRF4n0qVYImi7Gro8AjAfAdUx+81q5JsW+ZpMGACbXwGR0lMTQQYALCXt1X1L8ZQNh5x48VEoz+V5L3tvE5VWb18gJlSR8d0M1ujvblDNgzs2gsg/oGxjP0UcCJrfQI/TPQ5hG5RYu5/hLklM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDGZ6KdOh6pynEAGZ1IqD1OgcrtdLv7wDuU+wAgpaCCyrpzFdMeCb5bVrjW4sHhwbs2jwyAn8sMyz34HfM0IHIZCA9ssMuopI3mYKMk9O5fS0sEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTBgAm18BkdJTE0EGACwl7dV9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo725QzYM7NoLIP6BsYz9FHAia30CP0z0OYRuUWLuf4S5JTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

    Wednesday, February 6, 2008 11:35 PM

Answers

  • Hi Branden,

     

      Vista is not telling you that you are a Pirate, only that you may be a Victum of Piracy. Vista is telling you this because it is in a Mod-Auth tamper state due to the fact that three Critical System Files have been Modified or Corrupted. These files are protected by Vista because either the Window Devs felt the files were critical enough that they didn't want them to be protected against being modified or that in past Windows, they may have been hacked/modified to be able to use the OS without a valid license.

     

      The files that have been Modified/Corrupted are:

     

    C:\Windows\system32\Slsvc.exe [6.0.6000.16509]
    C:\Windows\system32\printui.dll [6.0.6000.16386]
    C:\Windows\system32\linkinfo.dll [6.0.6000.16386]

     

    (shown in the Diagnostic Report under the "File Scan Data-->" line)

      As you probibly already know, the number after each file is that file's build number. Each time a file is updated, the file gets a new build number. I can look up these file/build number combonations and find out what update was last applied to that file.

     

      The reason I do this is that to fix your issue, we need to get thes three files back to an unmodified/uncorrupted state. The best way I know to do this is to re-install the update(s) that update the file to that specific build number.

     

      The problem is, that most Vista updated, once installed, will not allow the update to be reinstalled. If you try, you will usually get the error "This update does not apply to your system". So to be able to re-install the update(s), we will first need to uninstall them.

     

      Note: It appears that Using an Update to fix the modified/corrupted files will only work for file Slsvc.exe [6.0.6000.16509].  The Builds for files printui.dll [6.0.6000.16386] and linkinfo.dll [6.0.6000.16386] appear to have originally came with Vista. To get these files back to an unmodified/uncorrupted state, I suggest conducting a Windows Repair using the Vista install disk.

     

    The update we want to uninstall/reinstall are:

     

    KB933928 (for Slsvc.exe [6.0.6000.16509])

     

    To Uninstall an update:

     

    1) Login to Vista in Safe Mode

    2) Once in Safe Mode, go to the Control Panel

    3) In the Control Panel find and double-click on "Programs and Features"

    4) In the Programs and Features window, click "View installed updates" (it will be located under "Tasks" on the upper left hand side of the window) 

    5) The list of installed updates may take a long time to load.

    6) Once the list loads, find the update with (KB933928) after the name.

    7) Right-click that it and select "Uninstall"

    8) Once the update uninstalls, reboot back into Normal Mode.

     

    To Reinstall updates:

    1) Click the option that launches an Internet Browser

    2) Go to http://www.microsoft.com/downloads/details.aspx?FamilyID=dc2ad07b-d5d7-407a-9a0e-3f3d142682d0&DisplayLang=en

    3) Click the "Download" button

    4) You will be asked if you want to Open or Save the file..select Open

    5) Some other windows will pop-up, click Allow and/or Continue on these windows.

    6) Once the update has installed, reboot (I suggest rebooting 2 times to ensure the Mod-Auth state has cleared).

     

    If you have any problems or receive any error while following my steps, please create a (no cost) support request at http://go.microsoft.com/fwlink/?linkid=52029 for further assistance.

     

    Thank you,

    Darin Smith

    WGA Forum Manager

     

    Thursday, February 7, 2008 1:06 AM

All replies

  • Hi Branden,

     

      Vista is not telling you that you are a Pirate, only that you may be a Victum of Piracy. Vista is telling you this because it is in a Mod-Auth tamper state due to the fact that three Critical System Files have been Modified or Corrupted. These files are protected by Vista because either the Window Devs felt the files were critical enough that they didn't want them to be protected against being modified or that in past Windows, they may have been hacked/modified to be able to use the OS without a valid license.

     

      The files that have been Modified/Corrupted are:

     

    C:\Windows\system32\Slsvc.exe [6.0.6000.16509]
    C:\Windows\system32\printui.dll [6.0.6000.16386]
    C:\Windows\system32\linkinfo.dll [6.0.6000.16386]

     

    (shown in the Diagnostic Report under the "File Scan Data-->" line)

      As you probibly already know, the number after each file is that file's build number. Each time a file is updated, the file gets a new build number. I can look up these file/build number combonations and find out what update was last applied to that file.

     

      The reason I do this is that to fix your issue, we need to get thes three files back to an unmodified/uncorrupted state. The best way I know to do this is to re-install the update(s) that update the file to that specific build number.

     

      The problem is, that most Vista updated, once installed, will not allow the update to be reinstalled. If you try, you will usually get the error "This update does not apply to your system". So to be able to re-install the update(s), we will first need to uninstall them.

     

      Note: It appears that Using an Update to fix the modified/corrupted files will only work for file Slsvc.exe [6.0.6000.16509].  The Builds for files printui.dll [6.0.6000.16386] and linkinfo.dll [6.0.6000.16386] appear to have originally came with Vista. To get these files back to an unmodified/uncorrupted state, I suggest conducting a Windows Repair using the Vista install disk.

     

    The update we want to uninstall/reinstall are:

     

    KB933928 (for Slsvc.exe [6.0.6000.16509])

     

    To Uninstall an update:

     

    1) Login to Vista in Safe Mode

    2) Once in Safe Mode, go to the Control Panel

    3) In the Control Panel find and double-click on "Programs and Features"

    4) In the Programs and Features window, click "View installed updates" (it will be located under "Tasks" on the upper left hand side of the window) 

    5) The list of installed updates may take a long time to load.

    6) Once the list loads, find the update with (KB933928) after the name.

    7) Right-click that it and select "Uninstall"

    8) Once the update uninstalls, reboot back into Normal Mode.

     

    To Reinstall updates:

    1) Click the option that launches an Internet Browser

    2) Go to http://www.microsoft.com/downloads/details.aspx?FamilyID=dc2ad07b-d5d7-407a-9a0e-3f3d142682d0&DisplayLang=en

    3) Click the "Download" button

    4) You will be asked if you want to Open or Save the file..select Open

    5) Some other windows will pop-up, click Allow and/or Continue on these windows.

    6) Once the update has installed, reboot (I suggest rebooting 2 times to ensure the Mod-Auth state has cleared).

     

    If you have any problems or receive any error while following my steps, please create a (no cost) support request at http://go.microsoft.com/fwlink/?linkid=52029 for further assistance.

     

    Thank you,

    Darin Smith

    WGA Forum Manager

     

    Thursday, February 7, 2008 1:06 AM
  • Hi Darin,

    I haven't had any luck with the support request.  I already have one filed and it's been open for a month.

    I could not find that update in the list when I went to uninstall it.  I actually had only 2 updates on that I was able to uninstall.  I uninstalled both of them, but I am failing the Genuine advantage with the same file mismatches.  Do you have any other recomendations?
    Thursday, February 7, 2008 1:32 AM