Answered by:
Unauthorized Change

Question
-
I've had my copy of Windows Vista since March this year and not had many problems with it so far but yesterday everytime I log on it says that there has been an unauthorized change to windows with only two options, 1. Learn More Online, 2.Close (which goes back to log on screen). If I click on the first option it takes me to the genuine windows website and when I try and validate now it says that I may be a victim of software conterfeiting. Apart from that pop up nothing else can be accessed apart from the internet. Please try and help me figure out how to get around this. I have also tried in command prompt (I think I tried this before when looking through other posts) but I got this error come up C:\Windows\System32\slmgr.vbs(291, 5) Microsoft VBScript runtime error: Permission denied. Does my diagnostic report show that my computer has gone into a Tamper State? As I think it says in this line TTS Error: M:20071121153058640
My diagnostic report is as follows:-
Diagnostic Report (1.7.0066.0):
-----------------------------------------
WGA Data-->
Validation Status: Invalid License
Validation Code: 50
Online Validation Code: 0x80070426
Cached Validation Code: N/A, hr = 0x80070426
Windows Product Key: *****-*****-6KX6T-6624B-GYT8F
Windows Product Key Hash: SV8BSR3EvpGqiqqYCJS6+Mm7Aio=
Windows Product ID: 89578-277-4649685-71112
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.0.6000.2.00010300.0.0.003
CSVLK Server: N/A
CSVLK PID: N/A
ID: {663EB30A-861D-4E7C-9ACA-0BF7010972CD}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.59.1
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6000.vista_gdr.070627-1500
TTS Error: M:20071121153058640-
Validation Diagnostic:
Resolution Status: N/ANotifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 114 Blocked VLK 2
OGA Version: Registered, 1.6.21.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
File Mismatch: C:\Windows\system32\rpcrt4.dll[6.0.6000.16525]Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{663EB30A-861D-4E7C-9ACA-0BF7010972CD}</UGUID><Version>1.7.0066.0</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-GYT8F</PKey><PID>89578-277-4649685-71112</PID><PIDType>5</PIDType><SID>S-1-5-21-3251106602-3100689034-2912028805</SID><SYSTEM><Manufacturer>ECS</Manufacturer><Model>P4M800PRO-M</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080012 </Version><SMBIOSVersion major="2" minor="3"/><Date>20060719000000.000000+000</Date></BIOS><HWID>8D313507018400EC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17062</Pid><PidType>14</PidType></Product></Products></Office></Software></GenuineResults>Spsys.log Content: U1BMRwEAAAAAAQAABAAAAFsFAAAAAAAAWmICADAgAABEpeLZ5SfIAdArSr9MLECc5R83cvYPeMyD7XEScii1KZIfI3gsHxREBk1mYV1KA3OATkJlhzLfRV+gwhNu+IeQRxhCs7OCF+Np72PYEGLDh/dlt+H6yYeLGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMrxH0MlJ7LsRbsiSi87XbtFrbwmidlESWa0K+rKV/OfFfoMITbviHkEcYQrOzghfjwpn1IatIJ5YiP9nhw92F0xg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zOTpqNYs8HLoD0mmmO9UM7c4TsKr1LE6e3OclqG5/w9BX6DCE274h5BHGEKzs4IX47WOQ7yx9uG1qgeK8DjecS4YPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMxYGKHrWCQWoWGIGtiPF+PscuW5veQf54PV0jf2t7qa5V+gwhNu+IeQRxhCs7OCF+Nq20Kcd3hDTPuPwbAWhhIQGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMNMghaXjAGZ98NhDDYYHC8efnTYO7gr8buGeWjtUofOdfoMITbviHkEcYQrOzghfjqDuSHd6UPhpwunNeplwLEBg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zNBkq/aB7g+g7qF+r8hqaa9m0Hr9skPkIRRoPQzXaWuiX6DCE274h5BHGEKzs4IX43W5rfO6R4ml0atPUYwsIUoYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMyniJcrZoXAMpZaXSLuDp5FuOoN8EnnKCMr5sTEtgHeOV+gwhNu+IeQRxhCs7OCF+Nn7O9mK3zkS2El91BTZrHTGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMQg0uo1oyIhnBK5e69hrpWF6jC2skuMNBPuUCAeO+SyZfoMITbviHkEcYQrOzghfjBcNNKfg62CdNdpvb+bQJ4xg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zCQ4yrVzQeFy5oXNYA1fR/YBNaJRmvCQwFiYz3Tc9IqkX6DCE274h5BHGEKzs4IX43EPvoynrQJqS5KeMVXHkocYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMxnnj8G20gdKr97G0ZOE4cy6a86kl4BWqX+x6tdDPt2/F+gwhNu+IeQRxhCs7OCF+MgPC3O8Ht92Om4PoqNMCYkGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMCax/1OeXPv7GudoWd9CuztdeaP+LqTCAY1cojm4h+I5foMITbviHkEcYQrOzghfjvER/HGR7fv35Dq/5e37BDxg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zHb91dn2KTJX/YgFX8RPVKRvLvPDgiJFWdmrBAz8YVaZX6DCE274h5BHGEKzs4IX43E4ieu60sm2MNCfrb8vXPMYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMwqyljA5fAATYqWyEzMVmpcZIF+y4TaKKyRknDXHNF2G1+gwhNu+IeQRxhCs7OCF+M5K9wAovbHimTBi/6gSkLgGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMKwUQ1u0R/f6uMUUunvTqw8rWlqEewXEGNTLzcm3hOc9foMITbviHkEcYQrOzghfjOSvcAKL2x4pkwYv+oEpC4Bg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zI6FBvarpa2Mz8BeCrfsuM7q+NDtonv4dlDDJX+MYbx5X6DCE274h5BHGEKzs4IX4zY2t3bBEDAUdOvf4imvxHIYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMzBrOHWNqJE528USBm6mkhwdoJVSGTdjlp6PDDrJC0Ix1+gwhNu+IeQRxhCs7OCF+Pq4RDCRXGyzDq5abH21M3hGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jM6abJD0NKGLW+lhNHIOT3j2PMYXBdfmUo1jp28XYgU9JfoMITbviHkEcYQrOzghfj6z8XTslXBhDoLss9AHqLYBg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zIBzfBJxBQhGH8cKs+RsudSkCu6czisZZSN5rxjzg8QfX6DCE274h5BHGEKzs4IX47sPu2qDWHDUzhudVsFYKv4YPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMwP5ypis30ProiF9bc5pFRKRcnHnJRDETFaGZq89OV0ol+gwhNu+IeQRxhCs7OCF+NmzXr2mQ7/b1L3FCJ7PHxlGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=
Thanks for any help. Kalani
Thursday, November 22, 2007 12:13 AM
Answers
-
Hi Kalani,
Just to confirm, your issue was resolved when you uninstalled the update?
When I searched for KB933729, I found 9 updates with that number in the name. You want the one for Vista.
The direct URL to update "Security Update for Windows Vista (KB933729)" is: http://www.microsoft.com/downloads/info.aspx?na=22&p=4&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3dceca7f8c-7b56-48fc-8c17-87ffadf25629%26DisplayLang%3den
Thanks,
Darin Smith
WGA Forum ManagerWednesday, November 28, 2007 11:35 PM
All replies
-
Hi kalani,
Yes, you are correct, Vista is in, what is called a 'Mod-Auth' Tamper state. There are 2 types of Mod-Auth tampers.
1) A critical system file was modified on disk - What this means is that the file, located on the hard drive, was modified in some way.
2) A critical system file was modified in memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way.
Because of the Mismatched files listed under the "File Scan Data-->" line of your Diagnostic Report, I beleive your issue is caused by: 1) A critical system file was modified on disk
Number 2 is usually caused by a running program that is incompatible with Vista.
Number 1 can be caused by a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off chance that the roll back did not occure.
So, what I would like to do is exclude a failed update as the cause of your issue. To do that, I would like you to uninstall/reinstall the update that correspond with mismatched critical system files seen in your Diagnostic Report under the "File Scan Data-->" line. (i.e. rpcrt4.dll[6.0.6000.16525]) by following the below steps:
First, uninstall the updates:
(The below steps assume Vista is currently in reduced functionality)
1) Log in to Vista and select the options that brings up the Internet Browser
2) Type: %windir%\system32\control.exe
3) You may be asked if you want to Save or Run, select Run
4) Control Panel will open
5) Double click the ‘Programs and Features’ icon (in XP it was called the ‘Add/Remove Programs’)
6) In the upper left hand corner of the window (right under ‘Tasks’) click the “View installed updates” link
7) Now look for and select KB9337298) Click ‘Uninstall’
9) Reboot
Now, reinstall the updates:
(At this point, Vista may or may not be in reduced functionality, the below steps assume that Vista is in reduced functionality)
10) Log in to Vista and select the options that brings up the Internet Browser.
11) Go to http://www.microsoft.com/downloads
12) Search for KB933729
13) In the search results, click the Vista version of the update that has KB925902 in the name.
14) Click the 'Download' button.
15) You will be given the choice to Save or Run, select Run
16) Reboot
Please post back on if this does or does not resolve your issue.
Thank you,
Darin Smith
WGA Forum Manager
Tuesday, November 27, 2007 11:48 PM -
I did what you suggested (uninstall Kb933729) and now it boots up in normal mode.When I did the search for Kb933729 there was not anything that mentioned Kb925902 in the name. When I did a search for Kb925902 there was a vista version, I downloaded and tried to install but a window came up saying it did not support my system. Any ideas? Should I reinstall Kb933729?
Thank you for your help. KalaniWednesday, November 28, 2007 7:54 PM -
Hi Kalani,
Just to confirm, your issue was resolved when you uninstalled the update?
When I searched for KB933729, I found 9 updates with that number in the name. You want the one for Vista.
The direct URL to update "Security Update for Windows Vista (KB933729)" is: http://www.microsoft.com/downloads/info.aspx?na=22&p=4&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3dceca7f8c-7b56-48fc-8c17-87ffadf25629%26DisplayLang%3den
Thanks,
Darin Smith
WGA Forum ManagerWednesday, November 28, 2007 11:35 PM