locked
Unauthorized Change RRS feed

  • Question

  •  

    I've had my copy of Windows Vista since March this year and not had many problems with it so far but yesterday everytime I log on it says that there has been an unauthorized change to windows with only two options, 1. Learn More Online, 2.Close (which goes back to log on screen). If I click on the first option it takes me to the genuine windows website and when I try and validate now it says that I may be a victim of software conterfeiting. Apart from that pop up nothing else can be accessed apart from the internet. Please try and help me figure out how to get around this.                        I have also tried in command prompt (I think I tried this before when looking through other posts) but I got this error come up C:\Windows\System32\slmgr.vbs(291, 5) Microsoft VBScript runtime error: Permission denied. Does my diagnostic report show that my computer has gone into a Tamper State? As I think it says in this line TTS Error: M:20071121153058640

    My diagnostic report is as follows:-

    Diagnostic Report (1.7.0066.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0x80070426
    Cached Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-6KX6T-6624B-GYT8F
    Windows Product Key Hash: SV8BSR3EvpGqiqqYCJS6+Mm7Aio=
    Windows Product ID: 89578-277-4649685-71112
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.0.6000.2.00010300.0.0.003
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {663EB30A-861D-4E7C-9ACA-0BF7010972CD}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.59.1
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6000.vista_gdr.070627-1500
    TTS Error: M:20071121153058640-
    Validation Diagnostic:
    Resolution Status: N/A

    Notifications Data-->
    Cached Result: N/A
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 114 Blocked VLK 2
    OGA Version: Registered, 1.6.21.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\rpcrt4.dll[6.0.6000.16525]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{663EB30A-861D-4E7C-9ACA-0BF7010972CD}</UGUID><Version>1.7.0066.0</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-GYT8F</PKey><PID>89578-277-4649685-71112</PID><PIDType>5</PIDType><SID>S-1-5-21-3251106602-3100689034-2912028805</SID><SYSTEM><Manufacturer>ECS</Manufacturer><Model>P4M800PRO-M</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080012 </Version><SMBIOSVersion major="2" minor="3"/><Date>20060719000000.000000+000</Date></BIOS><HWID>8D313507018400EC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17062</Pid><PidType>14</PidType></Product></Products></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAFsFAAAAAAAAWmICADAgAABEpeLZ5SfIAdArSr9MLECc5R83cvYPeMyD7XEScii1KZIfI3gsHxREBk1mYV1KA3OATkJlhzLfRV+gwhNu+IeQRxhCs7OCF+Np72PYEGLDh/dlt+H6yYeLGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMrxH0MlJ7LsRbsiSi87XbtFrbwmidlESWa0K+rKV/OfFfoMITbviHkEcYQrOzghfjwpn1IatIJ5YiP9nhw92F0xg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zOTpqNYs8HLoD0mmmO9UM7c4TsKr1LE6e3OclqG5/w9BX6DCE274h5BHGEKzs4IX47WOQ7yx9uG1qgeK8DjecS4YPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMxYGKHrWCQWoWGIGtiPF+PscuW5veQf54PV0jf2t7qa5V+gwhNu+IeQRxhCs7OCF+Nq20Kcd3hDTPuPwbAWhhIQGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMNMghaXjAGZ98NhDDYYHC8efnTYO7gr8buGeWjtUofOdfoMITbviHkEcYQrOzghfjqDuSHd6UPhpwunNeplwLEBg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zNBkq/aB7g+g7qF+r8hqaa9m0Hr9skPkIRRoPQzXaWuiX6DCE274h5BHGEKzs4IX43W5rfO6R4ml0atPUYwsIUoYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMyniJcrZoXAMpZaXSLuDp5FuOoN8EnnKCMr5sTEtgHeOV+gwhNu+IeQRxhCs7OCF+Nn7O9mK3zkS2El91BTZrHTGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMQg0uo1oyIhnBK5e69hrpWF6jC2skuMNBPuUCAeO+SyZfoMITbviHkEcYQrOzghfjBcNNKfg62CdNdpvb+bQJ4xg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zCQ4yrVzQeFy5oXNYA1fR/YBNaJRmvCQwFiYz3Tc9IqkX6DCE274h5BHGEKzs4IX43EPvoynrQJqS5KeMVXHkocYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMxnnj8G20gdKr97G0ZOE4cy6a86kl4BWqX+x6tdDPt2/F+gwhNu+IeQRxhCs7OCF+MgPC3O8Ht92Om4PoqNMCYkGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMCax/1OeXPv7GudoWd9CuztdeaP+LqTCAY1cojm4h+I5foMITbviHkEcYQrOzghfjvER/HGR7fv35Dq/5e37BDxg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zHb91dn2KTJX/YgFX8RPVKRvLvPDgiJFWdmrBAz8YVaZX6DCE274h5BHGEKzs4IX43E4ieu60sm2MNCfrb8vXPMYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMwqyljA5fAATYqWyEzMVmpcZIF+y4TaKKyRknDXHNF2G1+gwhNu+IeQRxhCs7OCF+M5K9wAovbHimTBi/6gSkLgGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMKwUQ1u0R/f6uMUUunvTqw8rWlqEewXEGNTLzcm3hOc9foMITbviHkEcYQrOzghfjOSvcAKL2x4pkwYv+oEpC4Bg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zI6FBvarpa2Mz8BeCrfsuM7q+NDtonv4dlDDJX+MYbx5X6DCE274h5BHGEKzs4IX4zY2t3bBEDAUdOvf4imvxHIYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMzBrOHWNqJE528USBm6mkhwdoJVSGTdjlp6PDDrJC0Ix1+gwhNu+IeQRxhCs7OCF+Pq4RDCRXGyzDq5abH21M3hGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jM6abJD0NKGLW+lhNHIOT3j2PMYXBdfmUo1jp28XYgU9JfoMITbviHkEcYQrOzghfj6z8XTslXBhDoLss9AHqLYBg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJRO6D5P0j3mmKE1gjkm8IW9JzGrd/PyI/Fr8JTdC0e9NAXmHYuVKivAnuRdmEUxDPTzdzF7QrWzqqYVPvi2JZSTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zIBzfBJxBQhGH8cKs+RsudSkCu6czisZZSN5rxjzg8QfX6DCE274h5BHGEKzs4IX47sPu2qDWHDUzhudVsFYKv4YPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUTug+T9I95pihNYI5JvCFvScxq3fz8iPxa/CU3QtHvTQF5h2LlSorwJ7kXZhFMQz083cxe0K1s6qmFT74tiWUkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMwP5ypis30ProiF9bc5pFRKRcnHnJRDETFaGZq89OV0ol+gwhNu+IeQRxhCs7OCF+NmzXr2mQ7/b1L3FCJ7PHxlGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlE7oPk/SPeaYoTWCOSbwhb0nMat38/Ij8WvwlN0LR700BeYdi5UqK8Ce5F2YRTEM9PN3MXtCtbOqphU++LYllJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

     

    Thanks for any help.                                         Kalani

    Thursday, November 22, 2007 12:13 AM

Answers

All replies

  •  

    Hi kalani,

     

    Yes, you are correct, Vista is in, what is called a 'Mod-Auth' Tamper state.  There are 2 types of Mod-Auth tampers.

     

    1) A critical system file was modified on disk - What this means is that the file, located on the hard drive, was modified in some way.

     

    2) A critical system file was modified in memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way.

     

    Because of the Mismatched files listed under the "File Scan Data-->" line of your Diagnostic Report, I beleive your issue is caused by: 1) A critical system file was modified on disk

     

    Number 2 is usually caused by a running program that is incompatible with Vista.

     

    Number 1 can be caused by a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off chance that the roll back did not occure.

     

    So, what I would like to do is exclude a failed update as the cause of your issue. To do that, I would like you to uninstall/reinstall the update that correspond with mismatched critical system files seen in your Diagnostic Report under the "File Scan Data-->" line. (i.e. rpcrt4.dll[6.0.6000.16525]) by following the below steps:

     

    First, uninstall the updates:

    (The below steps assume Vista is currently in reduced functionality)

    1) Log in to Vista and select the options that brings up the Internet Browser
    2) Type: %windir%\system32\control.exe
    3) You may be asked if you want to Save or Run, select Run
    4) Control Panel will open
    5) Double click the ‘Programs and Features’ icon (in XP it was called the ‘Add/Remove Programs’)
    6) In the upper left hand corner of the window (right under ‘Tasks’) click the “View installed updates” link
    7) Now look for and select KB933729

    8) Click ‘Uninstall’

    9) Reboot

     

    Now, reinstall the updates:

    (At this point, Vista may or may not be in reduced functionality, the below steps assume that Vista is in reduced functionality)

     

    10) Log in to Vista and select the options that brings up the Internet Browser.

    11) Go to http://www.microsoft.com/downloads

    12) Search for KB933729

    13) In the search results, click the Vista version of the update that has KB925902 in the name.

    14) Click the 'Download' button.

    15) You will be given the choice to Save or Run, select Run

    16) Reboot

     

    Please post back on if this does or does not resolve your issue.

     

    Thank you,

    Darin Smith

    WGA Forum Manager

    Tuesday, November 27, 2007 11:48 PM
  • I did what you suggested (uninstall Kb933729) and now it boots up in normal mode.When I did the search for Kb933729 there was not anything that mentioned Kb925902 in the name. When I did a search for Kb925902 there was a vista version, I downloaded and tried to install but a window came up saying it did not support my system. Any ideas? Should I reinstall Kb933729?   

         Thank you for your help.       Kalani
    Wednesday, November 28, 2007 7:54 PM
  • Hi Kalani,

     

      Just to confirm, your issue was resolved when you uninstalled the update?

     

     

      When I searched for KB933729, I found 9 updates with that number in the name. You want the one for Vista.

     

      The direct URL to update "Security Update for Windows Vista (KB933729)" is: http://www.microsoft.com/downloads/info.aspx?na=22&p=4&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3dceca7f8c-7b56-48fc-8c17-87ffadf25629%26DisplayLang%3den 

     

    Thanks,

    Darin Smith

    WGA Forum Manager
    Wednesday, November 28, 2007 11:35 PM