locked
An unauthorized change was made to windows RRS feed

  • Question

  • I infected my pc with some malware. I spent 3 days trying to get rid of it. None of the antivirus programs or spyware porgrams I tried helped me. AVG, kapersky, search and destroy, ccleaner, hijack this, ad-aware.

    I managed to find 2 dll files that I deleted in safe mode cmd prompt only after I killed a few processes, I forgot what process it was. What ever that process was is still there and tried to write to regisrty HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BMbf07be72 Rundll32.exe "C:\Windows\system32\dusgrfxg.dll",s. This was in use to xxwuu.dll from my system32 directory. I deleted the two dll's and the registry keys and they are not coming back after reboots into safe mode.

    Now all of a sudden when I boot into windows vista I get An unauthorized change was made to windows and all I can run is internet browser.

    Kapersky was scanning my pc when I killed a process that blue screened my pc - maybe this cause my license problem.

    I booted back into safe mode and ran a free tool to check my product key and it is correct.

    How do I fix this?
    Sunday, March 9, 2008 1:45 PM

Answers

  • In order to recieve the best support, we request all users initially download and run the Genuine Diagnostics tool at this link http://go.microsoft.com/fwlink/?linkid=52012. Click "Continue" click the Windows tab, click the "Copy" button, then paste the report into a response message in this thread.


    If you do not have access to the Start Button:

    1) Login to Vista and Click the option that brings up Internet Explorer.

    2) Type: http://go.microsoft.com/fwlink/?linkid=52012 into the browser address bar.

    3) A window will come up asking if you want to Run or Save, Select Run

    4) When the program runs, Click the Continue button, then click the Copy button.

    5) Return to this thread by Typing: http://forums.microsoft.com/Genuine/ShowPost.aspx?PostID=2974206&SiteID=25 into the browser address bar.

    6) In a reply post, Paste the Diagnostic Report.

     

    Wednesday, March 12, 2008 9:07 PM

All replies

  • Please follow this troubleshooting procedure:

     

    1. Download and run the MGA Diagnostic Tool: http://go.microsoft.com/fwlink/?linkid=52012

     

    2. After running the MGA Diagnostic Tool, click on the "Windows" tab and then click on "Copy".

     

    3. Next, visit the following website and create a post in the "WGA Validation Problems" forum and paste the results of the WGA Diagnostic Data in a detailed post. http://forums.microsoft.com/Genuine/default.aspx?SiteID=25

     

    4. A WGA troubleshooting specialist will analyze the data and try to recommend an appropriate solution.

     

     

    Sunday, March 9, 2008 1:51 PM
    Moderator
  • nevermind
    Sunday, March 9, 2008 4:19 PM
  • Reliability monitor shows that update KB937287  was installed on 3/8.
    Windows  failures =
    boot failure
    OS Stopped working

    Misc failures =
    Disruptive shutdown

     I have no restore points.


    Sunday, March 9, 2008 4:22 PM
  • My windows license is valid. I purchased via upgradeanytime back in Sept/Oct time frame. My pc was running great until I was hit with malware.
    Sunday, March 9, 2008 4:25 PM
  • In order to recieve the best support, we request all users initially download and run the Genuine Diagnostics tool at this link http://go.microsoft.com/fwlink/?linkid=52012. Click "Continue" click the Windows tab, click the "Copy" button, then paste the report into a response message in this thread.


    If you do not have access to the Start Button:

    1) Login to Vista and Click the option that brings up Internet Explorer.

    2) Type: http://go.microsoft.com/fwlink/?linkid=52012 into the browser address bar.

    3) A window will come up asking if you want to Run or Save, Select Run

    4) When the program runs, Click the Continue button, then click the Copy button.

    5) Return to this thread by Typing: http://forums.microsoft.com/Genuine/ShowPost.aspx?PostID=2974206&SiteID=25 into the browser address bar.

    6) In a reply post, Paste the Diagnostic Report.

     

    Wednesday, March 12, 2008 9:07 PM