locked
An Unauthorized Change To Windows RRS feed

  • Question

  • I've had my copy of Windows Vista since March this year and not had many problems with it so far but yesterday everytime I log on it says that there has been an unauthorized change to windows with only two options, 1. Learn More Online, 2.Close (which goes back to log on screen). If I click on the first option it takes me to the genuine windows website and when I try and validate now it says that I may be a victim of software conterfeiting. Apart from that pop up nothing else can be accessed apart from the internet. Please try and help me figure out how to get around this.

    My diagnostic report is as follows:-

     

    Diagnostic Report (1.7.0066.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0x80070426
    Cached Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-VXMGW-CCR8Q-9G2D8
    Windows Product Key Hash: F9208j/SEXqTImSk+7yWMHdUVSY=
    Windows Product ID: 89578-OEM-7318072-21137
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6000.2.00010300.0.0.003
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {78AC780D-2956-4E84-9C30-00E6E66DED50}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.59.1
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6000.vista_gdr.070627-1500
    TTS Error: M:20071117111219805-
    Validation Diagnostic:
    Resolution Status: N/A

    Notifications Data-->
    Cached Result: N/A
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: FCEE394C-2989-80070002

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\user32.dll[6.0.6000.16438]
    File Mismatch: C:\Windows\system32\imagehlp.dll[6.0.6000.16470]
    File Mismatch: C:\Windows\system32\msoert2.dll[6.0.6000.16480]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{78AC780D-2956-4E84-9C30-00E6E66DED50}</UGUID><Version>1.7.0066.0</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9G2D8</PKey><PID>89578-OEM-7318072-21137</PID><PIDType>3</PIDType><SID>S-1-5-21-1798018516-1439614247-2297161769</SID><SYSTEM><Manufacturer>Dell Inc.                </Manufacturer><Model>Dell DM061                   </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.                </Manufacturer><Version>2.1.2 </Version><SMBIOSVersion major="2" minor="3"/><Date>20061201000000.000000+000</Date></BIOS><HWID>2C393707018400EC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>B8K    </OEMTableID></OEM><BRT/></MachineData><Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAFQJAAAAAAAAYWECANOQN6QAy3ertCfIAdArSr9MLECc5R83cvYPeMwneIcpgixc0lvahKYFRgFss/kIF5CuOBsOfsloRa8sJCsMPgesORnDUv5v8xZITzhH5nl2DNQCgxouB2A4sed5GD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlIVcU1NmgXOc/3y+M9lv7f0nMat38/Ij8WvwlN0LR7075lEnTDuN88OYnM4xG1aQcN9TFRMCUKDVZZnS95CyflM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMJDCbTZ/514sk/3GXoZ9ynwf5QA2wqTQcM7q27e7htrUrDD4HrDkZw1L+b/MWSE84qq9Lfs+jrEGVm0mZ112RtBg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJSFXFNTZoFznP98vjPZb+39JzGrd/PyI/Fr8JTdC0e9O+ZRJ0w7jfPDmJzOMRtWkHDfUxUTAlCg1WWZ0veQsn5TOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zJ2vI3ubJoGW0A+UAq5sGwRJPuexd+gi3AG4YfzB74hJKww+B6w5GcNS/m/zFkhPOCu0LJN1orTioiROYUylxKgYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUhVxTU2aBc5z/fL4z2W/t/Scxq3fz8iPxa/CU3QtHvTvmUSdMO43zw5iczjEbVpBw31MVEwJQoNVlmdL3kLJ+UzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMzhNcU1c9VBhoaJVjpdANfRFmSrab3lLl56umxv+GIYnSsMPgesORnDUv5v8xZITziviLkGOZFX1AaHeNrGY0lTGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlIVcU1NmgXOc/3y+M9lv7f0nMat38/Ij8WvwlN0LR7075lEnTDuN88OYnM4xG1aQcN9TFRMCUKDVZZnS95CyflM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMTqONGT/Y/+DbG+RAjf798rUrEseqSQ8XNGkdnk25gh0rDD4HrDkZw1L+b/MWSE84o0hVdQpp8iXVHG4m6YFM+Bg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJSFXFNTZoFznP98vjPZb+39JzGrd/PyI/Fr8JTdC0e9O+ZRJ0w7jfPDmJzOMRtWkHDfUxUTAlCg1WWZ0veQsn5TOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zPtkvpO1+MJjpItO5HSf00znexIJxeLx5Iz/oL0kPDHuKww+B6w5GcNS/m/zFkhPOKNIVXUKafIl1RxuJumBTPgYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUhVxTU2aBc5z/fL4z2W/t/Scxq3fz8iPxa/CU3QtHvTvmUSdMO43zw5iczjEbVpBw31MVEwJQoNVlmdL3kLJ+UzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMzr3OSAtd1ZfvvGHCgELUkLO+EJO0xJGKm1tX8xUX1whCsMPgesORnDUv5v8xZITzhTDhuBMB0Y6OjNC4zkcZ7LGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlIVcU1NmgXOc/3y+M9lv7f0nMat38/Ij8WvwlN0LR7075lEnTDuN88OYnM4xG1aQcN9TFRMCUKDVZZnS95CyflM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMDTdXZQ8a8V7QIjFYx1liCPMGC1+pEJ7Z9Uqg5E4TUwwrDD4HrDkZw1L+b/MWSE84Uw4bgTAdGOjozQuM5HGeyxg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJSFXFNTZoFznP98vjPZb+39JzGrd/PyI/Fr8JTdC0e9O+ZRJ0w7jfPDmJzOMRtWkHDfUxUTAlCg1WWZ0veQsn5TOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zKla9ff8KrrHM+Q+r9TR5yD3eZsP7bALUqpIXZiuyvoXKww+B6w5GcNS/m/zFkhPON8/3BScmujiynhxdPB+Y2wYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUhVxTU2aBc5z/fL4z2W/t/Scxq3fz8iPxa/CU3QtHvTvmUSdMO43zw5iczjEbVpBw31MVEwJQoNVlmdL3kLJ+UzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMw8PrK2HmfIHB70k9AQh/MqxLwG2beUMDd6ONPddmaeuSsMPgesORnDUv5v8xZITzi4cWzDAd7PAGXPQFl9l7PHGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlIVcU1NmgXOc/3y+M9lv7f0nMat38/Ij8WvwlN0LR7075lEnTDuN88OYnM4xG1aQcN9TFRMCUKDVZZnS95CyflM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMUbU1RW9qKufpb432VMJkvuMo/lta9QYY/kw62OaOhqMrDD4HrDkZw1L+b/MWSE84snNBMHe5gYw05AFj4hT4Whg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJSFXFNTZoFznP98vjPZb+39JzGrd/PyI/Fr8JTdC0e9O+ZRJ0w7jfPDmJzOMRtWkHDfUxUTAlCg1WWZ0veQsn5TOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zPI+KwyxlFyy2kx/aSecE4sd8DD/sDWN/M8xbjeNOm5WKww+B6w5GcNS/m/zFkhPOMWj6LVdeGeSDcM0Vb1rM7QYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUhVxTU2aBc5z/fL4z2W/t/Scxq3fz8iPxa/CU3QtHvTvmUSdMO43zw5iczjEbVpBw31MVEwJQoNVlmdL3kLJ+UzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMwKX5RUkjc8XQYIEN0RP29iAkJ9fllzMUByH+kQjoAW0ysMPgesORnDUv5v8xZITzgADatk3V0Xda4l+2TyqvKVGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlIVcU1NmgXOc/3y+M9lv7f0nMat38/Ij8WvwlN0LR7075lEnTDuN88OYnM4xG1aQcN9TFRMCUKDVZZnS95CyflM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMaruyrMylJIdQ4VC12MHcQxWRW7k6m8jOblB2LEemAwUrDD4HrDkZw1L+b/MWSE84AA2rZN1dF3WuJftk8qrylRg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJSFXFNTZoFznP98vjPZb+39JzGrd/PyI/Fr8JTdC0e9O+ZRJ0w7jfPDmJzOMRtWkHDfUxUTAlCg1WWZ0veQsn5TOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zLxJiYDfqZH6vZtPQDX0hSTwkOXDBiJKjwvJ1vAbIV2cKww+B6w5GcNS/m/zFkhPOAaYO1l49FW4caQCDS6ynvsYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUhVxTU2aBc5z/fL4z2W/t/Scxq3fz8iPxa/CU3QtHvTvmUSdMO43zw5iczjEbVpBw31MVEwJQoNVlmdL3kLJ+UzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNArSr9MLECc5R83cvYPeMwhXM2K57BMPB/1fV+ViCCpeGdck09zuAaAbmBYPdfsbCsMPgesORnDUv5v8xZITzgw/tM8HRsA9pAqodaH1mijGD817S8Cu1HUlGNHVFBLTl0BpRsD6Dwtx6AnxzEU2IlIVcU1NmgXOc/3y+M9lv7f0nMat38/Ij8WvwlN0LR7075lEnTDuN88OYnM4xG1aQcN9TFRMCUKDVZZnS95CyflM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzQK0q/TCxAnOUfN3L2D3jMF/oBD6ZfWgt8C3Gh4TEviDyq+et2GBgak1u2wLMBpIcrDD4HrDkZw1L+b/MWSE84Uh13AnLnjnCPqjfQf9plwRg/Ne0vArtR1JRjR1RQS05dAaUbA+g8LcegJ8cxFNiJSFXFNTZoFznP98vjPZb+39JzGrd/PyI/Fr8JTdC0e9O+ZRJ0w7jfPDmJzOMRtWkHDfUxUTAlCg1WWZ0veQsn5TOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0CtKv0wsQJzlHzdy9g94zIa8CxUBeh9PB2fSotn+2omfdsPRYQy8ZY83gulKW0T6Kww+B6w5GcNS/m/zFkhPOFMOG4EwHRjo6M0LjORxnssYPzXtLwK7UdSUY0dUUEtOXQGlGwPoPC3HoCfHMRTYiUhVxTU2aBc5z/fL4z2W/t/Scxq3fz8iPxa/CU3QtHvTvmUSdMO43zw5iczjEbVpBw31MVEwJQoNVlmdL3kLJ+UzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDA==

     

    Thanks for any help.

    Ollie

    Saturday, November 17, 2007 12:18 PM

Answers

  • I have since reinstalled windows from the installation CD and everything is fine again now, but what you said to try wouldn't have worked anyway as the control panel would not open at all. When I tried opening it like that it would only flash on screen before closing again.

    Thanks for any help given but I couldn't fix it in the end, at least it's running faster again now.

    Ollie

    Wednesday, November 28, 2007 3:30 PM

All replies

  • Please follow the below steps and inform me if the issue was resolved:

     

    (If you access to the start button)

    1) Click the Start button

    2) Type cmd in the Start Search field

    3) At the top the Start window, you will see cmd.exe

    4) Right Click cmd.exe and select Run as Administrator

    5) Type: cscript %windir%\System32\slmgr.vbs /ilc %windir%\System32\licensing\ppdlic\Security-Licensing-SLC-ppdlic.xrm-ms

    6) Hit the Enter key

    7) Reboot 2 times

     

    (If you Do Not access to the start button)

    1) Click the option Access computer with reduced functionality

    2) A Browser will open, type: %windir%\system32 into the address field

    3) Find the file cmd.exe

    4) Right Click on the cmd.exe and select Run as Administrator

    5) Type: cscript %windir%\System32\slmgr.vbs /ilc %windir%\System32\licensing\ppdlic\Security-Licensing-SLC-ppdlic.xrm-ms

    6) Hit the Enter key

    7) Reboot 2 times


     

    Sunday, November 18, 2007 5:34 AM
    Moderator
  • I have done what you asked in command prompt (I think I tried this before when looking through other posts) but I got this error come up C:\Windows\System32\slmgr.vbs(291, 5) Microsoft VBScript runtime error: Permission denied. Does my diagnostic report show that my computer has gone into a Tamper State? As I think it says in this line TTS Error: M:20071117111219805-

     

    Thanks for any help.

    Ollie

    Sunday, November 18, 2007 9:45 AM
  • Hi Ollie88,

     

      I hope to have something for you momentaraly, please stand by

     

    Darin

     

    Monday, November 26, 2007 10:34 PM
  •  Ollie88 wrote:

    I have done what you asked in command prompt (I think I tried this before when looking through other posts) but I got this error come up C:\Windows\System32\slmgr.vbs(291, 5) Microsoft VBScript runtime error: Permission denied. Does my diagnostic report show that my computer has gone into a Tamper State? As I think it says in this line TTS Error: M:20071117111219805-

     

    Thanks for any help.

    Ollie

     

    Yes, you are correct, Vista is in, what is called a 'Mod-Auth' Tamper state.  There are 2 types of Mod-Auth tampers.

     

    1) A critical system file was modified on disk - What this means is that the file, located on the hard drive, was modified in some way.

     

    2) A critical system file was modified in memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way.

     

    Because of the Mismatched files listed under the "File Scan Data-->" line of your Diagnostic Report, I beleive your issue is caused by: 1) A critical system file was modified on disk

     

    Number 2 is usually caused by a running program that is incompatible with Vista.

     

    Number 1 can be caused by a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off chance that the roll back did not occure.

     

    So, what I would like to do is exclude a failed update as the cause of your issue. To do that, I would like you to uninstall/reinstall the 3 updates that correspond with mismatched critical system files seen in your Diagnostic Report under the "File Scan Data-->" line. (i.e. user32.dll[6.0.6000.16438], imagehlp.dll[6.0.6000.16470] and msoert2.dll[6.0.6000.16480]) by following the below steps:

     

    First, uninstall the updates:

    (The below steps assume Vista is currently in reduced functionality)

    1) Log in to Vista and select the options that brings up the Internet Browser
    2) Type: %windir%\system32\control.exe
    3) You may be asked if you want to Save or Run, select Run
    4) Control Panel will open
    5) Double click the ‘Programs and Features’ icon (in XP it was called the ‘Add/Remove Programs’)
    6) In the upper left hand corner of the window (right under ‘Tasks’) click the “View installed updates” link
    7) Now look for and select KB925902

    8) Click ‘Uninstall’

    9) Repeat steps 7 and 8 for KB931213 and KB929123

    10) Reboot

     

    Now, reinstall the updates:

    (At this point, Vista may or may not be in reduced functionality, the below steps assume that Vista is in reduced functionality)

     

    11) Log in to Vista and select the options that brings up the Internet Browser.

    12) Go to http://www.microsoft.com/downloads

    13) Search for KB925902

    14) In the search results, click the update that has KB925902 in the name.

    15) Click the 'Download' button.

    16) You will be given the choice to Save or Run, select Run

    17) Repeat steps 11 thru 16 for KB931213 and KB929123

     

    Please post back on if this does or does not resolve your issue.

     

    Thank you,

    Darin Smith

    WGA Forum Manager

    Tuesday, November 27, 2007 12:27 AM
  • I have since reinstalled windows from the installation CD and everything is fine again now, but what you said to try wouldn't have worked anyway as the control panel would not open at all. When I tried opening it like that it would only flash on screen before closing again.

    Thanks for any help given but I couldn't fix it in the end, at least it's running faster again now.

    Ollie

    Wednesday, November 28, 2007 3:30 PM