none
Unautorized change made to windows: Windows Vista Build 6002

    Question

  • Hi,
    I have recently started receiving a pop on start up saying that ' An unauthorized change was made to windows' with a black background with the following in the bottom right corner:
    'Windows Vista (TM)
    Build 6002
    This copy of Windows is not genuine'

    My laptop is a Dell XPS M1330 which was purchased direct from Dell in January 2008 with Windows Vista Home Premium pre-installed.
    Over the years the Microsoft label has become unclear so I can no longer see all of the product key and do not have any other document with it on.

    I have tried the troubleshoot steps in the following:
    http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_install/windows-is-showing-as-not-genuine/6efea9fd-70a9-4530-88c8-93fd7b2d5484

    Date is showing correct
    Cannot try changing the product key as I cannot see what it should be.
    Reactivate by phone just brings up the 'An unauthorized change....' pop again

    I have downloaded the MGA Diagnostics Tool and and hoping that someone can offer some help in resolving this matter by taking a look at the results:


    Windows:

    Validation info:

    Validation status: Invalid License
    Validation Code: 50
    Product Key: *****-*****-F4GJK-KG77H-B9HD2
    Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
    Product ID:89578-OEM-7332157-00204
    Product ID Type: 2 - OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {0316F568-65CD-4733-8F99-0F59BDA4D3D6}(2)
    Administrator: No
    TestCab: 0x0
    LegitcheckControl: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture & Build: 0x00000000  6002.vistasp2_gdr.120402-0336
    TTS Error: T:20120827133648889-
    Validation Diagnostics:
    Resolution Status: N/A


    WgaER

    Vista WgaER Setting:

    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.002.16398


    Notifications:

    Windows XP Notification Settings:

    Cached Result:  N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed by: N/A, hr = 0x80070002
    WGALogon.dll Signed by: N/A, hr = 0x80070002
    File Exists: No

    Ofice Notification Settings:

    Cached Result:  N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed by: N/A, hr = 0x80070002
    OGAAddin.dll Signed by: N/A, hr = 0x80070002


    Office

    Validation info:

    Validation Status: 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed by: N/A, hr = 0x80070002
    Diagnostic: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD5


    Browser

    General Browser Settings:

    Proxy sttings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe

    Browser Security Settings:

    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed


    Licensing

    Licensing info:

    Software licensing service version: 6.0.6002.18005

    Thanks!

    Saturday, September 15, 2012 6:57 PM

Answers

  • The SFC found nothing to repair, surprisingly - 99% of Vista machines will report an unfixable error due to bad programming on MS's part :)

    If the COA sticker isn't readable - is the Key on it at least, readable? If not, then this fix may be difficult to apply fully - but has to be run as far as it can.

    The problem appears to be in the Licensing Store - please try the following.....

    Recreate the Licensing Store with the correct data.

    1) Open an Internet Browser window.

    2) Type: %windir%\system32 into the browser address bar.

    3) Find the file CMD.exe

    4) Right-Click on CMD.exe and select 'Run as Administrator'

    5) Type: net stop slsvc (it may ask you if you are sure, select yes)

    6) Type:

    cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing

    7) Type: rename tokens.dat tokens.bar

    8) Type: cd %windir%\system32

    9) Type: net start slsvc

    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)

    11) Restart your computer twice. 

    You may be asked to enter your COA Key and/or Activate. – if asked for the Key, use the one on your COA sticker on the machine’s case (you may need to activate by telephone).  

    Once complete, run another MGADiag report and post back with the results.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Tuesday, September 18, 2012 1:09 PM
    Moderator

All replies

  • We need to see the full reportt as produced by the tool.

    To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool
    (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
     Once saved, run the tool.
    Click on the Continue button, which will produce the report.
     To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
      - **in your own thread**, please

    Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine (or inside the battery compartment), but do NOT quote the Key on the sticker!
    http://www.microsoft.com/en-us/howtotell/Hardware.aspx

    Having said that, it appears that you have a Trusted Store Tamper - such things are usually the result of malware, or disk problems.

     

    Please run a full CHKDSK and SFC scan....

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

     At the Command prompt, type

     CHKDSK C: /R

     and hit the Enter key.

     

     You will be told that the drive is locked,

     and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

     The chkdsk will take a few hours depending on the size  of the drive, so be patient!

     After the CHKDSK has run, Windows should boot normally  (possibly after a second auto-reboot) - then run the SFC.

     

     SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     At the Command prompt, type

     SFC /SCANNOW

     and hit the Enter key

     

     Wait for the scan to finish - make a note of any error messages - and then reboot.

     Copy the CBS.log file created to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive (http://skydrive.live.com ) and post a link to it so that I can take a look.

     

    Post a new MGADiag report with details of any error messages encountered.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, September 15, 2012 7:08 PM
    Moderator
  • Hi, thanks for your reply.

    The COA sticker is worn out so I can't read it fully but it's 'Windows Vista Home Premium OEMAct'

    I have ran CHKDSK and also the SFC but there is no CBS.log file created on my desktop. There were no errors whilst doing the SFC.

    I have also re-ran the MGADiag report and here are the findings:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
    Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
    Windows Product ID: 89578-OEM-7332157-00204
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {0316F568-65CD-4733-8F99-0F59BDA4D3D6}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.120402-0336
    TTS Error: T:20120827133648889-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{0316F568-65CD-4733-8F99-0F59BDA4D3D6}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-1108452288-2047306108-9149988</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS M1330                       </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A14</Version><SMBIOSVersion major="2" minor="4"/><Date>20081119000000.000000+000</Date></BIOS><HWID>89303507018400FA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>M08    </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65441</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAKQ4AAAAAAAAYWECAOS/poUQ9OmIUITNASPvOhE4aiPWkIrToHXwxdoaQoVteBt2+GtwOfK235cpB2iNLK7x+AfQryIKUmGy7jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWelnEKjomyOGcP21uvcEMJUnVX7QMQTvLGq14bcMQsMKwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: PgAAAAEABgABAAEAAQACAAAABAABAAEAJJSAwepyfPQSeei4YNEM8kaDwoNEnPL0LeLKXH97YlZw5axWKoU=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            DELL          M08    
      FACP            DELL          M08    
      HPET            DELL          M08    
      BOOT            DELL          M08    
      MCFG            DELL          M08    
      SLIC            DELL          M08    
      SSDT            PmRef        CpuPm

    Cheers.

    Sunday, September 16, 2012 7:59 PM
  • The CBS.log file is created in the C:\Windows\Logs\CBS folder - not on the desktop.

    you have to COPY it to the desktop, then Compress it, and upload it to your Skydrive


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 16, 2012 8:40 PM
    Moderator
  • Here is the link:

    https://skydrive.live.com/redir.aspx?cid=a5792cf7bf7e08c1&page=self&resid=A5792CF7BF7E08C1!128&parid=A5792CF7BF7E08C1!123&authkey=!Al-3cMwAoMR3QGA&Bpub=SDX.SkyDrive&Bsrc=Share

    Cheers

    Tuesday, September 18, 2012 12:40 PM
  • The SFC found nothing to repair, surprisingly - 99% of Vista machines will report an unfixable error due to bad programming on MS's part :)

    If the COA sticker isn't readable - is the Key on it at least, readable? If not, then this fix may be difficult to apply fully - but has to be run as far as it can.

    The problem appears to be in the Licensing Store - please try the following.....

    Recreate the Licensing Store with the correct data.

    1) Open an Internet Browser window.

    2) Type: %windir%\system32 into the browser address bar.

    3) Find the file CMD.exe

    4) Right-Click on CMD.exe and select 'Run as Administrator'

    5) Type: net stop slsvc (it may ask you if you are sure, select yes)

    6) Type:

    cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing

    7) Type: rename tokens.dat tokens.bar

    8) Type: cd %windir%\system32

    9) Type: net start slsvc

    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)

    11) Restart your computer twice. 

    You may be asked to enter your COA Key and/or Activate. – if asked for the Key, use the one on your COA sticker on the machine’s case (you may need to activate by telephone).  

    Once complete, run another MGADiag report and post back with the results.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Tuesday, September 18, 2012 1:09 PM
    Moderator
  • Apologies for the delay in replying. I've carried out the steps above however I'm still receiving the activation screen on start up. As mentioned before I can't make out some of the characters for the key so cannot enter this. There is no activate by telephone option. Would a system restore fix the problem?

    Saturday, September 29, 2012 5:44 PM
  • If you know when the problem started, it possibly would - you'd need to go back three days or so prior to the appearance of the problem.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Saturday, September 29, 2012 7:44 PM
    Moderator