Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
"An unauthorized change was made to Windows" RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Within the past day, our family began getting the pop-up box "An unauthorized change was made to windows" on both this ~ 4yr old laptop and a ~4yr old Dell inspiron, both running under the original Vista that was installed at the factory.  The common event seems to be my daughter's attempt to install an old Freddie Fish game (from the 90s) on both computers.  (Luckily, our other machine running Windows 7 rejected the attempt.)

    Below is the output from the Microsoft Genuine Advantage Diagnostic Tool (1.9 0027.0).  Note that the (last 15 digits of the) product key reported by the Tool does not match the Product Key on the sticker of this laptop.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
    Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
    Windows Product ID: 89578-OEM-7332157-00204
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {1691122B-230C-4738-B38C-3FE16A9CA270}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6001.vistasp1_ldr.101014-0432
    TTS Error: M:20120325095913184-
    Validation Diagnostic: 
    Resolution Status: N/A


    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002


    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002


    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002


    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3


    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed


    File Scan Data-->


    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{1691122B-230C-4738-B38C-3FE16A9CA270}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-147363377-1144667205-2293703374</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1525                   </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A16</Version><SMBIOSVersion major="2" minor="4"/><Date>20081016000000.000000+000</Date></BIOS><HWID>BA313507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>M08    </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  


    Spsys.log Content: U1BMRwEAAAAAAQAABAAAACQVAAAAAAAAYWECAOhghqrcs1v8jgnNARhy9171jCizkdIEkQaJZ64pYpcot11//4bdwhwP0OYQmBOuPtIRbri57YvXUENmuefDvX0zCybmDilyQLttVIz7VKj0suYKOOrSwFPsbDrKsEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTBYC/G/amipOp+xBjXwWbbP9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo72qUqYYmAlRJO05+WV1r70w2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeu6K44YbHHBVbdN4E6IemwX8gwI5LN4UwdZU23SY5otaTnw719Mwsm5g4pckC7bVSMWYlVEEteOkuqii+CDL+S1rBBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwWAvxv2poqTqfsQY18Fm2z/UvxlA2HnHjxUSjP5Xkve28TlVZvXyAmVJHx3QzW6O9qlKmGJgJUSTtOfllda+9MNjuj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrsI2aMWFykYAxJ/XC7oepWWw13ueYMhhf4pnmPiv9x/pUXQf06H6EkTDtcpIBKFFtyNLOpzA9gYg1+AWZL+C8mXWaOSPNeFyr3ibjxx4moY4+7VS8HtvGIh9QS2AhEamGQ5Jr4QZRhw5fn9S+QAedXFQV78JqsCE7vegnBhMqDKSmxsmKxy8BhaDPIVnTPv3LQ4qbncHDzruEc0Tjda9mpQjRF/UyoDcPmxZ8TDtZ41/M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhy9171jCizkdIEkQaJZ67dcRw+6gOJvSC69j4lg3BdwokZRsyIUTuoYogvmaRuDTxmIhnxJS6W2ohsCzadr0Lf7iDT2HfB7zoNk3zRyXQkBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpvUa8NEuzOPx0Q6zx5xlMAUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOE3ppKHhVqCwkvaDzBS7RRf801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeu8EbiNBf8ReatWvizsTtGR9WJCYs8CwaMnLmTU54PlDU8ZiIZ8SUultqIbAs2na9CKfwTSF5XRuu2EkLwW+vklAbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqb1GvDRLszj8dEOs8ecZTAFB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhN6aSh4VagsJL2g8wUu0UX/NNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM


    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401


    Windows Activation Technologies-->
    N/A


    HWID Data-->
    HWID Hash Current: PAAAAAEABgABAAIAAQABAAAAAwABAAEAeqg0OHoQtsBszMCyCiVsPEaDuO8GpJT78vS6fxw6usesVkbK


    OEM Activation 1.0 Data-->
    N/A


    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC DELL   M08    
      FACP DELL   M08    
      HPET DELL   M08    
      BOOT DELL   M08    
      MCFG DELL   M08    
      SLIC DELL   M08    
      OSFR DELL   M08    
      SSDT PmRef CpuPm



    Sunday, March 25, 2012 2:44 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    "John Huff" wrote in message news:ad3eaa5f-91fe-4bdc-bae2-fa2ca45542bd...

    Within the past day, our family began getting the pop-up box "An unauthorized change was made to windows" on both this ~ 4yr old laptop and a ~4yr old Dell inspiron, both running under the original Vista that was installed at the factory.  The common event seems to be my daughter's attempt to install an old Freddie Fish game (from the 90s) on both computers.  (Luckily, our other machine running Windows 7 rejected the attempt.)

    Below is the output from the Microsoft Genuine Advantage Diagnostic Tool (1.9 0027.0).  Note that the (last 15 digits of the) product key reported by the Tool does not match the Product Key on the sticker of this laptop.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
    Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
    Windows Product ID: 89578-OEM-7332157-00204
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {1691122B-230C-4738-B38C-3FE16A9CA270}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6001.vistasp1_ldr.101014-0432
    TTS Error: M:20120325095913184-



    Other data-->
    SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1525                   </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A16</Version><SMBIOSVersion major="2" minor="4"/><Date>20081016000000.000000+000</Date></BIOS



    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401
     

    This sticky should help

    http://social.microsoft.com/Forums/en-US/genuinevista/thread/a3145e58-eaea-43e5-b2db-c15885076c48

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by John Huff Sunday, March 25, 2012 8:28 PM
    Sunday, March 25, 2012 3:02 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    "John Huff" wrote in message news:3726ee66-ee02-4006-a56b-bfa683b9fe8f...

    I'm on my desktop now.

    Step 1 of the solution is to uninstall the AV. 

    On my desktop, I am limited to working with the browser only, and I've yet to find a way to get to the Add/Remove programs utility in the Control Panel.  (My laptop had a toolbar at the top, and I was able to get to the control panel by clicking on the Recycle Bin.  A lucky backdoor.)


     
     
    Boot to Safe Mode - almost all AV's can be uninstalled (or installed ) there.
     
    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by John Huff Sunday, March 25, 2012 10:40 PM
    Sunday, March 25, 2012 9:32 PM
    Moderator

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    "John Huff" wrote in message news:ad3eaa5f-91fe-4bdc-bae2-fa2ca45542bd...

    Within the past day, our family began getting the pop-up box "An unauthorized change was made to windows" on both this ~ 4yr old laptop and a ~4yr old Dell inspiron, both running under the original Vista that was installed at the factory.  The common event seems to be my daughter's attempt to install an old Freddie Fish game (from the 90s) on both computers.  (Luckily, our other machine running Windows 7 rejected the attempt.)

    Below is the output from the Microsoft Genuine Advantage Diagnostic Tool (1.9 0027.0).  Note that the (last 15 digits of the) product key reported by the Tool does not match the Product Key on the sticker of this laptop.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
    Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
    Windows Product ID: 89578-OEM-7332157-00204
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {1691122B-230C-4738-B38C-3FE16A9CA270}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6001.vistasp1_ldr.101014-0432
    TTS Error: M:20120325095913184-



    Other data-->
    SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1525                   </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A16</Version><SMBIOSVersion major="2" minor="4"/><Date>20081016000000.000000+000</Date></BIOS



    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401
     

    This sticky should help

    http://social.microsoft.com/Forums/en-US/genuinevista/thread/a3145e58-eaea-43e5-b2db-c15885076c48

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by John Huff Sunday, March 25, 2012 8:28 PM
    Sunday, March 25, 2012 3:02 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    I'm back up and running on my laptop.  That was the issue.  (I may not be able to get to uninstall on my desktop.  But I'll start another thread if I can't get the desktop to work.)

    For some additional color, I had installed BitDefender Internet Security 2012 in on 2/12/2012 as our existing anti-virus program was about to expire.  This instance of Vista on this laptop had only been upgraded to SP1.

    Sunday, March 25, 2012 8:27 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Glad it helped - good luck with the second one.

    Why do you anticipate problems?

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, March 25, 2012 8:43 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    I'm on my desktop now.

    Step 1 of the solution is to uninstall the AV. 

    On my desktop, I am limited to working with the browser only, and I've yet to find a way to get to the Add/Remove programs utility in the Control Panel.  (My laptop had a toolbar at the top, and I was able to get to the control panel by clicking on the Recycle Bin.  A lucky backdoor.)

    In a browser on my desktop, I tried entering %systemroot%\system32\appwiz.cpl in the address box.  Promisingly, I next see a "File Download - security warning" telling me "Do you want to open or save this file?

           Name: appwiz.cpl

           Type: Control Panel Item, 1.06MB

           From: C:\Windows\system32

    But when I hit "Open", the process apparently gets shut down.


    • Edited by John Huff Sunday, March 25, 2012 9:19 PM
    Sunday, March 25, 2012 9:18 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    "John Huff" wrote in message news:3726ee66-ee02-4006-a56b-bfa683b9fe8f...

    I'm on my desktop now.

    Step 1 of the solution is to uninstall the AV. 

    On my desktop, I am limited to working with the browser only, and I've yet to find a way to get to the Add/Remove programs utility in the Control Panel.  (My laptop had a toolbar at the top, and I was able to get to the control panel by clicking on the Recycle Bin.  A lucky backdoor.)


     
     
    Boot to Safe Mode - almost all AV's can be uninstalled (or installed ) there.
     
    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    • Marked as answer by John Huff Sunday, March 25, 2012 10:40 PM
    Sunday, March 25, 2012 9:32 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks for your help.  I've uninstalled the AV and am in the process of installing SP1 right now, to be followed by SP2.

    I was able to find a way to get to the install before I saw your advice.

    I tried inserting the BitDefender install disc, but following that alone, BitDefender began scanning with no install/uninstall apparent.

    But after I stopped the scan, I entered e: in the browser address bar, and that brought up a Windows Explorer instance.

    With Windows Explorer in hand, I was able to navigate to the bit Defender install auto-run file in the CD/DVD drive, and once I could uninstall, I was past my obstacle.

    Thanks again for your advice :)

    Sunday, March 25, 2012 10:39 PM