locked
An Unauthorized Change was made to windows RRS feed

  • Question

  • After working for a year, I am now getting this message on startup of Vista Home Premium.  Here is the Diagnostic info.  Thanks for any help.

    Tom R

     

    Diagnostic Report (1.7.0066.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0x80070426
    Cached Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-X76CK-7CGW9-83XP2
    Windows Product Key Hash: d9udWl12vFBdb/YhvnidQ5fCNBg=
    Windows Product ID: 89578-OEM-7318097-37966
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6000.2.00010300.0.0.003
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {D18E95B8-51A1-4AD5-96E2-8479C2E00568}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.59.1
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6000.vista_gdr.071009-1548
    TTS Error: T:20080204091334490-
    Validation Diagnostic:
    Resolution Status: N/A

    Notifications Data-->
    Cached Result: N/A
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    OGA Version: Registered, 1.6.21.0
    Signed By: Microsoft
    Office Diagnostics: B4D0AA8B-531-645_025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls:
    Download unsigned ActiveX controls:
    Run ActiveX controls and plug-ins:
    Initialize and script ActiveX controls not marked as safe:
    Allow scripting of Internet Explorer Webbrowser control:
    Active scripting:
    Script ActiveX controls marked as safe for scripting:

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{D18E95B8-51A1-4AD5-96E2-8479C2E00568}</UGUID><Version>1.7.0066.0</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-83XP2</PKey><PID>89578-OEM-7318097-37966</PID><PIDType>3</PIDType><SID>S-1-5-21-2948866304-2761139722-995592253</SID><SYSTEM><Manufacturer>HP Pavilion 061</Manufacturer><Model>RC656AA-ABA a1624n</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 5.04</Version><SMBIOSVersion major="2" minor="4"/><Date>20061215000000.000000+000</Date></BIOS><HWID>9B323507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91170409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office FrontPage 2003</Name><Ver>11</Ver><Val>71A1DAFAE5945F3</Val><Hash>z7YwQ9slJTM0caz3Ms+JcA8kM5Q=</Hash><Pid>72079-761-6241251-55047</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>71AE82025F67F0A</Val><Hash>eCf0mqriujiOtpP96t+9St0NLWM=</Hash><Pid>81605-901-9586707-65519</Pid><PidType>1</PidType></Product></Products></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAGUGAAAAAAAAYWECADAgAABaZGSgZ2bIAdKUkVDxCoM358lePs/mGn22wCpPhGYRwpfStBNtqE/B9X1gA6s6w4nk5mCshB6EKDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzSlJFQ8QqDN+fJXj7P5hp9D9cThmVaQMb/E4cyB/S/jjzzXVH6Nd4zX8Fgo/Y7gzEzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0pSRUPEKgzfnyV4+z+YafVyMo1zp/vNv6cPZBAAC9uDwPwUWfVkv4diu+0XSN3j6M5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNKUkVDxCoM358lePs/mGn0DQyI7Kp0ZoCRcwPxLej4TWk5rT/3mP9If7P10WP/WtTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzSlJFQ8QqDN+fJXj7P5hp9m9XxdWOc+0V/qNToc3CUk4gky+GrQxIKdMsUvOzdIb4zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM0pSRUPEKgzfnyV4+z+YafVm0CKELMcTeXTlzmdrPg8sMaP+63m3c0TQWLkGpypRNM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDNKUkVDxCoM358lePs/mGn2qQFgUvRlSG+0gYH//BvvZXRHJ7uR1FYlGZL5RLPNVKzOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAzSlJFQ8QqDN+fJXj7P5hp9hl/UVh3Z18+871GUFH/RBle0WNBeKlswzRQt5O+lOnszkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

     

    Monday, February 4, 2008 2:32 PM

Answers

  •  

    Hi Doodah53,

     

     Your issue is very simillare to an In Memory Mod-Auth Tamper. An In Memory Mod-Auth occures when an Incompatible program attemps to "hook" or shim" (think modify) a protected OS Process or Service running in system memory. This type of Hooking/Shimming was allowed in XP, but in Vista, it causes Vista to go into Reduced Functionality mode because Vista thinks someone or something is trying to hack it.

     

      In your situation, the Incompatible program is also attemting to modify a specific areas of memory, but in this case, the area being modified relate to Vista's Licensing Store. The other diffrents to a Mod-Auth tamper is that this type of tamper is usually caused by a Driver (there is only one known Program that causes this issue, named NGuard)

     

      My Devs say that for this type of issue "Typically if the user reboots they will be asked to re-enter their product key and all will be good again.”

     

      From the infromation I have, it appears that the Incompatibal Driver (or program) only tampers Vista when it is first installed. But if you re-enter the Product Key, Vista won't get re-tampered. But I am unsure and I am currently asking my Devs for confirmation that it is unnecessary to Identify and Unistall the Driver (or program) that caused the issue. 

     

     

    Thank you,

    Darin Smith

    WGA Forum Manager

    Monday, February 4, 2008 9:59 PM