An Unauthorized change was made to Windows. RRS feed

  • Question

  • When I boot my PC I get A message saying "An Unauthorized change was made to Windows.".  I have Vista Home Premium upgraded to Ultimate via the Anytime Upgrade.  All has been fine for 6 months +.  I recently reinstalled windows and it has only now cropped up as a problem.  I recently installed O7O Defrag 10, and Nod32 AV, but I had both on my PC before without problems...

    The diagnostic tool gives the following info:

    Diagnostic Report (1.7.0062.0):
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0x8004fe93
    Cached Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-Y4MYM-TWHY4-V2R2P
    Windows Product Key Hash: tORZvLz0KjgbsBSA7mGjgYNH7O8=
    Windows Product ID: 89580-283-6751187-71701
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.0.6000.2.00010100.0.0.000
    CSVLK Server: N/A
    ID: {0BCDEBF8-FDE9-40B7-9228-AB8A1FDA37B1}(1)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Ultimate
    Architecture: 0x00000000
    Build lab: 6000.vista_gdr.070627-1500
    TTS Error: M:20071025170534273-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    Grace Flag: N/A, hr = 0xc004d401
    Commit: N/A, hr = 0xc004d401
    Reboot Flag: 0x0
    ThreatID(s): N/A, hr = 0xc004d401
    Wgaer.exe Version: N/A, hr = 0x80070002
    Wgaer.exe Signed By: N/A, hr = 0x80070002

    Notifications Data-->
    Cached Result: N/A
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: FCEE394C-2968-80070002

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{0BCDEBF8-FDE9-40B7-9228-AB8A1FDA37B1}</UGUID><Version>1.7.0062.0</Version><OS>6.0.6000.2.00010100.0.0.000</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-V2R2P</PKey><PID>89580-283-6751187-71701</PID><PIDType>5</PIDType><SID>S-1-5-21-3404312699-3402211029-1353582698</SID><SYSTEM><Manufacturer>NVIDIA</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20060530000000.000000+000</Date></BIOS><HWID>BA333507018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAFuuAgAAAAAAWmICADAgAADRIyD3/RbIARhDs/4hWdo7Xkl9D+HKpnjeLeVnVv8Zf+qVt5TLhZQ6acecJM3rw6xhMK0VQDwbE1F0H9Oh+hJEw7XKSAShRbdEC7AKbCVNa4P4bvz8Qy4F1mjkjzXhcq94m48ceJqGOPu1UvB7bxiIfUEtgIRGphkOSa+EGUYcOX5/UvkAHnVxypUpTYFJ/5Q9EhdGhJKYTJsbJiscvAYWgzyFZ0z79y0OKm53Bw867hHNE43WvZqUI0Rf1MqA3D5sWfEw7WeNfzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4lgYddaJhwQNBPSHf+N9TyJ2jouu7fvW3tkm1VYn/T+c8ZiIZ8SUultqIbAs2na9CxLuU3oknSnYVn14kMxTp5QbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqQdvFFncxR62TzQo0j8c3rVB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhN6aSh4VagsJL2g8wUu0UX/NNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmeBchlTf9VN7fTXSIlf+MmSqEgc7Xs9u4gwLXwpwXfG75UXQf06H6EkTDtcpIBKFFt2amA/p++45P8Btri9f6SHDWaOSPNeFyr3ibjxx4moY4+7VS8HtvGIh9QS2AhEamGQ5Jr4QZRhw5fn9S+QAedXHKlSlNgUn/lD0SF0aEkphMmxsmKxy8BhaDPIVnTPv3LQ4qbncHDzruEc0Tjda9mpQjRF/UyoDcPmxZ8TDtZ41/M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDA==

    Thursday, October 25, 2007 4:23 PM


  • Hi Darin.

    Thanks for the reply.  In the meantime I did a system restore and now I cannot even get to the stage of looging in to windows, I only get a black screen.  Right now I am trying to restore an image and if that fails I am looking at a format.  Thanks anyway.

    Thursday, October 25, 2007 8:10 PM

All replies

  • Hi


      What's happening is called a Tamper State. There is a program that is incompatible with Vista and when that program does something that Vista doesn't allow, Vista goes into a Non-Genuine (Tamper) state.


    In your Diagnostic report above, you can see the line that starts with 'TTS Error:' followed by a bunch of letters and numbers: M:20071025170534273-


    If you break down the numbers, you will get the Tamper Time Stamp:


        (year)  (month) (day) (time in 24format) (millisecond...I think)

    M: 2007      10       25           1705                   34273


    Now that we know the time of the tamper, you can now try to connect that time with a program.


    we do that by:

    1) Click the 'Start' button

    2) Right Click 'Computer'

    3) Select 'Manage'

    4) Continue thru the "Windows needs your permission to continue" window (if any)

    5) Click the arrow next to 'Reliability and Performance'

    6) Click the arrow next to 'Monitoring Tools'

    7) Click on 'Reliability Monitor'

    8) Click on the graph above the date 10/25/2007

    9) Below the graph, look at the report titled "Software (Un)Installs for 10/25/2007"

    10) Look for any program that shows "Application Install" in the 'Activity' column.

    11) Since the process that detects Tampers runs randomly, it can take up to 3 days for the process to detect the tamper and set Vista to a Tamper State. Because of this, please repeat steps 8) thru 10) for the dates 10/24, 10/23 and 10/22


    This will tell you what programs were installed on the Tamper date and should help you narrow down the possible programs that could be causing the issue . Unfortunately, if you installed the program (say) on 09/01/2007, but you didn't run (and, hence, prompted the tamper state)  till 10/25/2007, this process may not be helpful. 


    Please tell me if this helps you resolve the issue.


    Thank you,
    Darin Smith
    WGA Forum Manager

    Thursday, October 25, 2007 7:32 PM
  • Hi Darin.

    Thanks for the reply.  In the meantime I did a system restore and now I cannot even get to the stage of looging in to windows, I only get a black screen.  Right now I am trying to restore an image and if that fails I am looking at a format.  Thanks anyway.

    Thursday, October 25, 2007 8:10 PM