Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
An unauthorized changed was made to Windows Vista RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    I recently started to get this message whenever Windows is started. I did not install new software recently, apart from F-secure when I discovered the PC got a virus. F-secure got rid of the Trojan virus.

    The error code of the Windows Vista Genuine Validation is [0xC004D401]

    The log of the diagnostic utility is below.

    Thank you

    Diagnostic Report (1.7.0110.1):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0xc004d401
    Cached Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-9TX8Y-WD3YK-Q2CHC
    Windows Product Key Hash: 0EdCgMB30bdZIt298toEFkylFvo=
    Windows Product ID: 89578-OEM-7304115-60019
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {86E50911-1336-4ECE-9D4E-565F2CBA84F7}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.5.723.1
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6001.vistasp1_gdr.080917-1612
    TTS Error: K:20090123202106284-M:20090123220249761-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-203-80070002_025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3_FA827CE6-153-8007007e_FA827CE6-180-8007007e

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: E:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{86E50911-1336-4ECE-9D4E-565F2CBA84F7}</UGUID><Version>1.7.0110.1</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-Q2CHC</PKey><PID>89578-OEM-7304115-60019</PID><PIDType>3</PIDType><SID>S-1-5-21-617159096-642253877-2751888035</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0107    </Version><SMBIOSVersion major="2" minor="3"/><Date>20060802000000.000000+000</Date></BIOS><HWID>F6333507018400EA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAANIwIwAAAAAAWmICAARQuYWupncYGHTJAW4aG1/FHasdtBRBPRnxqCJX3fOw8gqJOijkI20V6loXiqrroyx39r3HkvkXjiKrw0z+IC6+DkVoY5YIOIKjUKb2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agiV93zsPIKiToo5CNtFepaF5o7Ft4p4RNC3k4bQBbxIPJM/iAuvg5FaGOWCDiCo1Cm9lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoIvgonqxmUaen/eUOwzy8Lcj8sIfxzTqFeTjSkUYl47xAsaRLV4kJJwIufDMuL0p/TvZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDG4aG1/FHasdtBRBPRnxqCL4KJ6sZlGnp/3lDsM8vC3IRf6dtGGouoBoaqB5w40XMbGkS1eJCScCLnwzLi9Kf072WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agib6hrscCqQcW1byaC8WerfVZcvChoXDrE+mFp9BL7em7L8caA5dk82PKz8vYItEi79lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoImYu631LkjphPrjKAe1KSSLWoyf2ObjYgtrfjzi0gA5s1o7/74cnEv66AHwGls3SA/ZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDG4aG1/FHasdtBRBPRnxqCLbnNmceOlVPX4AQgvcwQofyPIVg28X9fFaFRxu3d0XQ+tsdMhBTjTLt4UKLzl75Db2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agi25zZnHjpVT1+AEIL3MEKH8jyFYNvF/XxWhUcbt3dF0PrbHTIQU40y7eFCi85e+Q29lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoIl08n6JaQM6kO21WaF4tCbvtWcLsH21z9LCtR+ka6zCtVa0vT7+OB2muM3q/15VusPZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDG4aG1/FHasdtBRBPRnxqCKTFnskMGDjGQfr/8KThTV3aUe2g1ksBnwz4/3Y9ze30ldIqRmDxwJh41yyn8ssp6D2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agiT5wZfJplJt7OhsuP57CbCQ3xd2vVoJeHle+BvayC74XxoTsh+9TQlAOdstFgySq/9lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoIqvHJB6fe2sIciWF+vxx3l7aSWBWA3D0OrjfsfMcQ7V/wqluzVa+8Fum/86d0EQ9PPZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDG4aG1/FHasdtBRBPRnxqCKrxyQen3trCHIlhfr8cd5e2klgVgNw9Dq437HzHEO1f8Kpbs1WvvBbpv/OndBEPTz2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agiXq4MJB20SWUPj6tqpActffq9/AsN+DFQ+cHe5jOsqw1M/iAuvg5FaGOWCDiCo1Cm9lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoIuzwoQtgYi5CL9O+ducBYo+668J6Y28gnM9Ms4WhSjjosaRLV4kJJwIufDMuL0p/TvZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDG4aG1/FHasdtBRBPRnxqCIguzNs5z+o3wH8/E/PEwTp+PlCJcn10EJqRK8IKSNqGiayuzSeq5VM/KCbdghq6Lf2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agiILszbOc/qN8B/PxPzxME6R1j9BIpsodBuqZP6yw5G5Amsrs0nquVTPygm3YIaui39lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoIo+roiX7JM8IiJCI4Q7HsK26bZTUcw2ZQ1pyxUfOn1hJNtYPsd46L41lFuX81J2ajPZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDG4aG1/FHasdtBRBPRnxqCKPq6Il+yTPCIiQiOEOx7Ctum2U1HMNmUNacsVHzp9YSTbWD7HeOi+NZRbl/NSdmoz2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agiNJO5Pa1BQsXLG4Aiy4kxYhE3XtHee1UcubKhA6ZJklS+oBjo3NN/kUo6VEiSo6ol9lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoIrk2ye3RnKN8oJVabFaiw4ZpXBKoV+g2g+ixyZBNLQxDvWbrGAy1LiPnzgV2mQGVG/ZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDG4aG1/FHasdtBRBPRnxqCIamCAMgI7zmCY5dKa5XaY6NyH/kMCOZRfEg4PJfmlAaP2chyBFv/5UZUEfjWdbdOT2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agiIMSdgn7ae1s3qEiZlJiD0gKWEA/FapdwPhlISarYtSWdy/QXzlsfGBChcwvsiseH9lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoIozU9Sy3M3635dkN0GrzO0F5laLYE67nH+N8cQnAKHhTTCXlaFR3SfXd2I56arYwVvZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWg

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401

    HWID Data-->
    HWID Hash Current: PAAAAAEABgABAAEAAQADAAAAAgABAAEAnJ+yTT4c9v2Yk1r/qnZI5HQm3Aqu5/L0rNrYTRMM9EesViqF

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            A M I         OEMAPIC
      FACP            A M I         OEMFACP
      MCFG            A M I         OEMMCFG
      OEMB            A M I         AMI_OEM


    Friday, January 23, 2009 9:30 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello pierocol,

        Your issue is, what we call, an In Memory Mod-Auth Tamper. It is caused by a program that is incompatible with Vista. The program is attempting to access parts of Vista that the OS does not allow.

      Regardless if you have recently installed any programs or not, there is a program (Viruses and Trojans are programs too) that is attempting to access parts of Vista that the OS does not allow. It is that incompatible program which is causing your issue.

      The key to fixing the issue is to identify the offending program and remove or update it (to a compatible version).

      It sounds like you have already researched the forum, for this error and you probably have already seen the steps I am providing below, but I have included them anyways, just in case.

      In addition to the below steps, if you believe the issue is being caused by a incompatible Virus or Trojan, I encourage you to call our PC Safety line. PC Safety is a Microsoft group that provides free support for malware related infections.

    -----------

      Below I have provided a number of steps to help you identify the program that is causing the tamper:

      First, go to http://support.microsoft.com/kb/931699/ and confirm that you do not have any of the programs known to cause this type of issue.
     
      Second, in your Diagnostic report above, you can see the line that starts with 'TTS Error:' followed by a bunch numbers: M:xxxxxxxxxxxxxxxxx- This is the Tamper Time Stamp and it breaks down like this:

        (year)  (month) (day) (time in 24format) (millisecond)
    M:2009       01          23             2202                   49761-

    Note, I also see a "K" type Tamper Time Stamp. The “K“ stands for Kernel Mode tamper. This is a minor tamper and is most likey directly related to the Mod-Auth tamper. Once you remove the program that is causing the Mod-Auth tamper, I believe that the Kernel mode tamper will stop as well.


    Now that you know the time of the tamper, you can now try to connect that time with a program.

    1) Login to Vista and select the option that launches an Internet Browser

    2) Type into the browser address bar: %windir%\system32\perfmon.msc and hit Enter

    3) When asked if you want to Open or Save this file, select Open

    4) In the left hand panel, click Reliability Monitor

    5) Click on the “System Stability Chart” above the date 01/23

    6) Below the chart, in the “System Stability Report” section look at the report titled "Software (Un)Installs for 01/23/2009"

    7) Look for any program that shows "Application Install" in the 'Activity' column.

    8) Since the process that detects Tampers runs randomly, it can take up to 3 days for the process to detect the tamper and set Vista to a Tamper State. Because of this, please repeat steps 5) thru 7) for the dates 01/22/2009, 01/21/2009 and 01/20/2009 

      This could tell you what programs were installed on or around the Tamper date and should help you narrow down the possible programs that could be causing the issue . Unfortunately, if you installed the programsome point in the past, but hadn't run it till now, this process may not be helpful.  The removal of any application you may have installed recently could go a long way to troubleshooting this issues.  

    Note: Since everyone has different programs installed on their computer, it is extremely hard for support to figure out what program is causing the problem, but if you still need assistance in identifying the Incompatible Program, please create a no cost support request at http://go.microsoft.com/fwlink/?linkid=52029

    Darin MS

    Attention Forum All Users: Please Do Not post your issue in someone else's Thread...Create your own.
    Friday, January 23, 2009 10:37 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thank you,
    I browsed around the PC safety website and I found out about the OneCare Safety scanner. I did it and it found some other virus, which, once eliminated, actually solved the validation issue!
    I am left with one minor problem now. The virus did something to my registry I guess and I am not able to change the desktop background anymore. If I try I get the message: "This feature has been disabled. Contact our system Administrator". But I AM the system administrator I did not find out what to do in order to change things back to their original state. CAn you help me further?
    Thank you
    • Marked as answer by Darin Smith MS Monday, February 2, 2009 11:27 PM
    Monday, February 2, 2009 12:29 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello pierocol,

        Your issue is, what we call, an In Memory Mod-Auth Tamper. It is caused by a program that is incompatible with Vista. The program is attempting to access parts of Vista that the OS does not allow.

      Regardless if you have recently installed any programs or not, there is a program (Viruses and Trojans are programs too) that is attempting to access parts of Vista that the OS does not allow. It is that incompatible program which is causing your issue.

      The key to fixing the issue is to identify the offending program and remove or update it (to a compatible version).

      It sounds like you have already researched the forum, for this error and you probably have already seen the steps I am providing below, but I have included them anyways, just in case.

      In addition to the below steps, if you believe the issue is being caused by a incompatible Virus or Trojan, I encourage you to call our PC Safety line. PC Safety is a Microsoft group that provides free support for malware related infections.

    -----------

      Below I have provided a number of steps to help you identify the program that is causing the tamper:

      First, go to http://support.microsoft.com/kb/931699/ and confirm that you do not have any of the programs known to cause this type of issue.
     
      Second, in your Diagnostic report above, you can see the line that starts with 'TTS Error:' followed by a bunch numbers: M:xxxxxxxxxxxxxxxxx- This is the Tamper Time Stamp and it breaks down like this:

        (year)  (month) (day) (time in 24format) (millisecond)
    M:2009       01          23             2202                   49761-

    Note, I also see a "K" type Tamper Time Stamp. The “K“ stands for Kernel Mode tamper. This is a minor tamper and is most likey directly related to the Mod-Auth tamper. Once you remove the program that is causing the Mod-Auth tamper, I believe that the Kernel mode tamper will stop as well.


    Now that you know the time of the tamper, you can now try to connect that time with a program.

    1) Login to Vista and select the option that launches an Internet Browser

    2) Type into the browser address bar: %windir%\system32\perfmon.msc and hit Enter

    3) When asked if you want to Open or Save this file, select Open

    4) In the left hand panel, click Reliability Monitor

    5) Click on the “System Stability Chart” above the date 01/23

    6) Below the chart, in the “System Stability Report” section look at the report titled "Software (Un)Installs for 01/23/2009"

    7) Look for any program that shows "Application Install" in the 'Activity' column.

    8) Since the process that detects Tampers runs randomly, it can take up to 3 days for the process to detect the tamper and set Vista to a Tamper State. Because of this, please repeat steps 5) thru 7) for the dates 01/22/2009, 01/21/2009 and 01/20/2009 

      This could tell you what programs were installed on or around the Tamper date and should help you narrow down the possible programs that could be causing the issue . Unfortunately, if you installed the programsome point in the past, but hadn't run it till now, this process may not be helpful.  The removal of any application you may have installed recently could go a long way to troubleshooting this issues.  

    Note: Since everyone has different programs installed on their computer, it is extremely hard for support to figure out what program is causing the problem, but if you still need assistance in identifying the Incompatible Program, please create a no cost support request at http://go.microsoft.com/fwlink/?linkid=52029

    Darin MS

    Attention Forum All Users: Please Do Not post your issue in someone else's Thread...Create your own.
    Friday, January 23, 2009 10:37 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thank you,

    I did as you suggested. The System Stability report shows that I did not install any program lately. It seems to me that it is more of a Trojan or other virus program.

    My understanding is the PC Safety line is available in the US. I am in the Netherlands. Unfortunately I don't understand Dutch very well so I am not able to understand if such a service is available here as well on MS pages in Dutch.

    Can you maybe help me further?

     

     

    Saturday, January 24, 2009 3:18 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi pierocol,

      I talked to the PC Safety manager that sits by me and he knows there is a PC Safety line for Europe, but was unsure about Netherland coverage. He suggests that instead of a phone call, try the PC Safety Online Chat.  Go to http://www.microsoft.com/protect/support/default.mspx and follow the "E-mail or individual chat support" link. (if you are asked to select your country, I suggest selecting US or the closest english speaking county)

     

    Good luck,

    Darin MS


    Attention Forum All Users: Please Do Not post your issue in someone else's Thread...Create your own.
    • Edited by Darin Smith MS Tuesday, January 27, 2009 1:23 AM correct spelling
    Tuesday, January 27, 2009 1:23 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thank you,
    I browsed around the PC safety website and I found out about the OneCare Safety scanner. I did it and it found some other virus, which, once eliminated, actually solved the validation issue!
    I am left with one minor problem now. The virus did something to my registry I guess and I am not able to change the desktop background anymore. If I try I get the message: "This feature has been disabled. Contact our system Administrator". But I AM the system administrator I did not find out what to do in order to change things back to their original state. CAn you help me further?
    Thank you
    • Marked as answer by Darin Smith MS Monday, February 2, 2009 11:27 PM
    Monday, February 2, 2009 12:29 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi pierocol,


      Very happy to have been helpful in resolving your issue.

      As for the secondary problem, that's really outside my area of knowledge.  I can suggest describing the issue in one of the Vista newgroups at http://www.microsoft.com/windowsxp/expertzone/newsgroups/reader.mspx and see if anyone has a helpful suggestion, or going to http://support.microsoft.com for additional support options.

    Darin MS
    Attention Forum All Users: Please Do Not post your issue in someone else's Thread...Create your own.
    Monday, February 2, 2009 11:25 PM