Answered by:
An Unauthorized change was made to Windows.

Question
-
When I boot my PC I get A message saying "An Unauthorized change was made to Windows.". I have Vista Home Premium upgraded to Ultimate via the Anytime Upgrade. All has been fine for 6 months +. I recently reinstalled windows and it has only now cropped up as a problem. I recently installed O7O Defrag 10, and Nod32 AV, but I had both on my PC before without problems...
The diagnostic tool gives the following info:
Diagnostic Report (1.7.0062.0):
-----------------------------------------
WGA Data-->
Validation Status: Invalid License
Validation Code: 50
Online Validation Code: 0x8004fe93
Cached Validation Code: N/A, hr = 0xc004d401
Windows Product Key: *****-*****-Y4MYM-TWHY4-V2R2P
Windows Product Key Hash: tORZvLz0KjgbsBSA7mGjgYNH7O8=
Windows Product ID: 89580-283-6751187-71701
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.0.6000.2.00010100.0.0.000
CSVLK Server: N/A
CSVLK PID: N/A
ID: {0BCDEBF8-FDE9-40B7-9228-AB8A1FDA37B1}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Ultimate
Architecture: 0x00000000
Build lab: 6000.vista_gdr.070627-1500
TTS Error: M:20071025170534273-
Validation Diagnostic:
Resolution Status: N/A
WgaER Data-->
Grace Flag: N/A, hr = 0xc004d401
Commit: N/A, hr = 0xc004d401
Reboot Flag: 0x0
ThreatID(s): N/A, hr = 0xc004d401
Wgaer.exe Version: N/A, hr = 0x80070002
Wgaer.exe Signed By: N/A, hr = 0x80070002
Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-2968-80070002
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0BCDEBF8-FDE9-40B7-9228-AB8A1FDA37B1}</UGUID><Version>1.7.0062.0</Version><OS>6.0.6000.2.00010100.0.0.000</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-V2R2P</PKey><PID>89580-283-6751187-71701</PID><PIDType>5</PIDType><SID>S-1-5-21-3404312699-3402211029-1353582698</SID><SYSTEM><Manufacturer>NVIDIA</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20060530000000.000000+000</Date></BIOS><HWID>BA333507018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAABAAAAFuuAgAAAAAAWmICADAgAADRIyD3/RbIARhDs/4hWdo7Xkl9D+HKpnjeLeVnVv8Zf+qVt5TLhZQ6acecJM3rw6xhMK0VQDwbE1F0H9Oh+hJEw7XKSAShRbdEC7AKbCVNa4P4bvz8Qy4F1mjkjzXhcq94m48ceJqGOPu1UvB7bxiIfUEtgIRGphkOSa+EGUYcOX5/UvkAHnVxypUpTYFJ/5Q9EhdGhJKYTJsbJiscvAYWgzyFZ0z79y0OKm53Bw867hHNE43WvZqUI0Rf1MqA3D5sWfEw7WeNfzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4lgYddaJhwQNBPSHf+N9TyJ2jouu7fvW3tkm1VYn/T+c8ZiIZ8SUultqIbAs2na9CxLuU3oknSnYVn14kMxTp5QbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqQdvFFncxR62TzQo0j8c3rVB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhN6aSh4VagsJL2g8wUu0UX/NNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmeBchlTf9VN7fTXSIlf+MmSqEgc7Xs9u4gwLXwpwXfG75UXQf06H6EkTDtcpIBKFFt2amA/p++45P8Btri9f6SHDWaOSPNeFyr3ibjxx4moY4+7VS8HtvGIh9QS2AhEamGQ5Jr4QZRhw5fn9S+QAedXHKlSlNgUn/lD0SF0aEkphMmxsmKxy8BhaDPIVnTPv3LQ4qbncHDzruEc0Tjda9mpQjRF/UyoDcPmxZ8TDtZ41/M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDA==
Thanks.
MossieThursday, October 25, 2007 4:23 PM
Answers
-
Hi Darin.
Thanks for the reply. In the meantime I did a system restore and now I cannot even get to the stage of looging in to windows, I only get a black screen. Right now I am trying to restore an image and if that fails I am looking at a format. Thanks anyway.
MossieThursday, October 25, 2007 8:10 PM
All replies
-
Hi
What's happening is called a Tamper State. There is a program that is incompatible with Vista and when that program does something that Vista doesn't allow, Vista goes into a Non-Genuine (Tamper) state.In your Diagnostic report above, you can see the line that starts with 'TTS Error:' followed by a bunch of letters and numbers: M:20071025170534273-
If you break down the numbers, you will get the Tamper Time Stamp:
(year) (month) (day) (time in 24format) (millisecond...I think)
M: 2007 10 25 1705 34273
Now that we know the time of the tamper, you can now try to connect that time with a program.
we do that by:
1) Click the 'Start' button
2) Right Click 'Computer'
3) Select 'Manage'
4) Continue thru the "Windows needs your permission to continue" window (if any)
5) Click the arrow next to 'Reliability and Performance'
6) Click the arrow next to 'Monitoring Tools'
7) Click on 'Reliability Monitor'
8) Click on the graph above the date 10/25/2007
9) Below the graph, look at the report titled "Software (Un)Installs for 10/25/2007"
10) Look for any program that shows "Application Install" in the 'Activity' column.
11) Since the process that detects Tampers runs randomly, it can take up to 3 days for the process to detect the tamper and set Vista to a Tamper State. Because of this, please repeat steps 8) thru 10) for the dates 10/24, 10/23 and 10/22
This will tell you what programs were installed on the Tamper date and should help you narrow down the possible programs that could be causing the issue . Unfortunately, if you installed the program (say) on 09/01/2007, but you didn't run (and, hence, prompted the tamper state) till 10/25/2007, this process may not be helpful.
Please tell me if this helps you resolve the issue.
Thank you,
Darin Smith
WGA Forum ManagerThursday, October 25, 2007 7:32 PM -
Hi Darin.
Thanks for the reply. In the meantime I did a system restore and now I cannot even get to the stage of looging in to windows, I only get a black screen. Right now I am trying to restore an image and if that fails I am looking at a format. Thanks anyway.
MossieThursday, October 25, 2007 8:10 PM