locked
An Unauthorized Change Was Made to Windows caused limited functionality RRS feed

  • Question

  • Hi Everyone,

    Two days ago I managed to acquire a Trojan SPM/LX and since then I have had loads of trouble... I'm not that clued up with computers so any help would be great...

    the trojan originally blocked me from using my windows security feature, and after running Stop Zilla and a few more anti spyware programs, they always find loads...anyway, after all of this I re started my computer and now I get the error message in the title with a black screen around it...

    I can still acess the internet when it's like that but that's it...but most sites I cannot get on which i think is due to the trojan etc...

    I can re boot my pc in safe mode and everything but I have no idea on how to get things back to normaly...

    As mentioned I cannot access most websites that could potentially offer solutions such as this one so for the present I am using my second computer which is fine...

    Please help...
    Friday, October 9, 2009 7:41 AM

Answers

  • No reply from original poster.

    Closing thread as Answered.

    All other users that may be experiencing a Activation or Validation issue, please create your own thread.

    Darin MS
    • Marked as answer by Darin Smith MS Wednesday, October 14, 2009 6:04 PM
    Wednesday, October 14, 2009 6:04 PM

All replies

  • Hi franko1986,

      I can't help you remove Malware (which there still seems to be some still installed if you can access specific websites that may help)

      Howeve, the Non-Genuine issue, I can help you with.

      First off, I can say with 99.9% certainty that the Non-Genuine issue is directly caused by the Malware modifing, deleting or corrupting system files.

      There is two ways to do this,

    a) It could be while the files are running in system memory. This requires the program causing the problem to be running also.  If the program that is causing the issue stops running or is uninstralled/deleted, the problem will go away. (called an In Memory Mod-Auth Tamper)
    or
    b) If could be while the files are not running, just sitting on the hard drive.  In this case, even if the cause of the problem was removed, the damage will still remain and must be repaired to fix the issue. (called an On Disk Mod-Auth Tamper)

    For me to find out which of the Tampers is occuring (or if I'm wrong, to see what is actually the problem) would you download and run the Genuine Diagnostics tool (MGADiag.exe) at this link http://go.microsoft.com/fwlink/?linkid=52012. Click "Continue", click the "Copy" button then “Paste” the report into a reply message in this thread.

    If you do not have access to the Start Button:
    1) Login to Vista and click the option that brings up Internet Explorer.
    2) Type: http://go.microsoft.com/fwlink/?linkid=52012 into the browser address bar.
    3) A window will come up asking if you want to “Run” or “Save”, Select “Run”
    4) When the program runs, click the “Continue” button, then click the “Copy” button.
    5) Return to this thread http://social.microsoft.com/Forums/en-US/genuinevista/thread/8bb93910-34bb-456b-99f2-87a03b691808.
    6) In a reply post, paste the Diagnostic Report.

    Thank you
    Darin MS

    Friday, October 9, 2009 6:59 PM
  • Diagnostic Report (1.9.0011.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50

    Cached Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-4GV68-6D8JB-G6MF9
    Windows Product Key Hash: Ua+OBZ1y48sKA/bWkfKXiuCrOjY=
    Windows Product ID: 89578-OEM-7332157-00203
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {A1979880-4967-4ABC-947E-C3869B3E9A6C}(1)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.9.9.1
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6001.vistasp1_gdr.090302-1506
    TTS Error: M:20091011121137324-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Visio Professional 2007 - 100 Genuine
    2007 Microsoft Office system - 100 Genuine
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_70AFE6BE-656-80070057_E2AD56EA-815-80070057

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\rpcrt4.dll[6.0.6001.18247]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A1979880-4967-4ABC-947E-C3869B3E9A6C}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-G6MF9</PKey><PID>89578-OEM-7332157-00203</PID><PIDType>2</PIDType><SID>S-1-5-21-697482920-55385059-951024729</SID><SYSTEM><Manufacturer>Sony Corporation</Manufacturer><Model>VGN-NS10L_S</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>R0190Y3</Version><SMBIOSVersion major="2" minor="4"/><Date>20080709000000.000000+000</Date></BIOS><HWID>16333507018400FA</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>Sony</OEMID><OEMTableID>VAIO</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0051-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2007</Name><Ver>12</Ver><Val>3AB862DE70D8D86</Val><Hash>UfpXsJvSSVcPufbDdjd0NK73+ug=</Hash><Pid>89405-707-4159871-63347</Pid><PidType>14</PidType></Product><Product GUID="{91120000-0031-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>2007 Microsoft Office system</Name><Ver>12</Ver><Val>68FABB429E1F82E</Val><Hash>W5w6d1YimtIvX20owVzmDLMlxFM=</Hash><Pid>89451-OEM-6602374-23980</Pid><PidType>11</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="53" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAALQTAAAAAAAAYWECAAQQ6IdCb/M0WErKAdArSr9MLECc5R83cvYPeMyT9Qma1kA4mIvRrOLr2TpZe2tbEGLM0t3l2AvXiamMz1+gwhNu+IeQRxhCs7OCF+MCPJIH8ZrPCnPxIHbWXLuUGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlIVcU1NmgXOc/3y+M9lv7f0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMBXroPKz0v+vDCkaoERCNL4eqeJ7+S8P7Q5Ul7ofP00RfoMITbviHkEcYQrOzghfjK+EfEnJmE7QQYTrZp6Durxg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJSFXFNTZoFznP98vjPZb+39JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    Software Licensing service is not running.

    HWID Data-->
    HWID Hash Current: NgAAAAEAAwABAAIAAQABAAAAAwABAAEAeqgAQsDylj4uZZpGkjNqciof8vSCMtJRIoOsViqF

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            Sony        VAIO
      FACP            Sony        VAIO
      HPET            Sony        VAIO
      MCFG            Sony        VAIO
      SLIC            Sony        VAIO
      SSDT            Sony        VAIO
      SSDT            Sony        VAIO


    Sunday, October 11, 2009 11:21 AM
  • No reply from original poster.

    Closing thread as Answered.

    All other users that may be experiencing a Activation or Validation issue, please create your own thread.

    Darin MS
    • Marked as answer by Darin Smith MS Wednesday, October 14, 2009 6:04 PM
    Wednesday, October 14, 2009 6:04 PM