Unautorized change made to windows: Windows Vista Build 6002

All replies

• 

  

  0

  Sign in to vote

  We need to see the full reportt as produced by the tool.

  To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool
  (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
   Once saved, run the tool.
  Click on the Continue button, which will produce the report.
   To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
    - **in your own thread**, please

  Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine (or inside the battery compartment), but do NOT quote the Key on the sticker!
  http://www.microsoft.com/en-us/howtotell/Hardware.aspx

  Having said that, it appears that you have a Trusted Store Tamper - such things are usually the result of malware, or disk problems.

   

  Please run a full CHKDSK and SFC scan....

  Click on Start > All Programs > Accessories

  Right-click on the Command Prompt entry

  Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

   

   At the Command prompt, type

   CHKDSK C: /R

   and hit the Enter key.

   

   You will be told that the drive is locked,

   and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

   The chkdsk will take a few hours depending on the size  of the drive, so be patient!

   After the CHKDSK has run, Windows should boot normally  (possibly after a second auto-reboot) - then run the SFC.

   

   SFC -System File Checker - Instructions

  Click on Start > All Programs > Accessories

  Right-click on the Command Prompt entry

  Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

   At the Command prompt, type

   SFC /SCANNOW

   and hit the Enter key

   

   Wait for the scan to finish - make a note of any error messages - and then reboot.

   Copy the CBS.log file created to your desktop (you can't manipulate it directly) and then compress the copy and upload it to your SkyDrive (http://skydrive.live.com ) and post a link to it so that I can take a look.

   

  Post a new MGADiag report with details of any error messages encountered.     

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Saturday, September 15, 2012 7:08 PM

  Moderator
• 

  

  0

  Sign in to vote

  Hi, thanks for your reply.
  
  The COA sticker is worn out so I can't read it fully but it's 'Windows Vista Home Premium OEMAct'
  
  I have ran CHKDSK and also the SFC but there is no CBS.log file created on my desktop. There were no errors whilst doing the SFC.
  

  I have also re-ran the MGADiag report and here are the findings:
  
  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->
  Validation Status: Invalid License
  Validation Code: 50
  Cached Online Validation Code: 0xc004c4a8
  Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
  Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
  Windows Product ID: 89578-OEM-7332157-00204
  Windows Product ID Type: 2
  Windows License Type: OEM SLP
  Windows OS version: 6.0.6002.2.00010300.2.0.003
  ID: {0316F568-65CD-4733-8F99-0F59BDA4D3D6}(1)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: Registered, 1.9.42.0
  Signed By: Microsoft
  Product Name: Windows Vista (TM) Home Premium
  Architecture: 0x00000000
  Build lab: 6002.vistasp2_gdr.120402-0336
  TTS Error: T:20120827133648889-
  Validation Diagnostic:
  Resolution Status: N/A
  
  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: 6.0.6002.16398
  
  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002
  
  OGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  OGAExec.exe Signed By: N/A, hr = 0x80070002
  OGAAddin.dll Signed By: N/A, hr = 0x80070002
  
  OGA Data-->
  Office Status: 100 Genuine
  Microsoft Office Enterprise 2007 - 100 Genuine
  OGA Version: N/A, 0x80070002
  Signed By: N/A, hr = 0x80070002
  Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
  
  Browser Data-->
  Proxy settings: N/A
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed
  
  File Scan Data-->
  
  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{0316F568-65CD-4733-8F99-0F59BDA4D3D6}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-1108452288-2047306108-9149988</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS M1330                       </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A14</Version><SMBIOSVersion major="2" minor="4"/><Date>20081119000000.000000+000</Date></BIOS><HWID>89303507018400FA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>M08    </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65441</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  
  
  Spsys.log Content: U1BMRwEAAAAAAQAABAAAAKQ4AAAAAAAAYWECAOS/poUQ9OmIUITNASPvOhE4aiPWkIrToHXwxdoaQoVteBt2+GtwOfK235cpB2iNLK7x+AfQryIKUmGy7jOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWelnEKjomyOGcP21uvcEMJUnVX7QMQTvLGq14bcMQsMKwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
  
  Licensing Data-->
  Software licensing service version: 6.0.6002.18005
  
  Windows Activation Technologies-->
  N/A
  
  HWID Data-->
  HWID Hash Current: PgAAAAEABgABAAEAAQACAAAABAABAAEAJJSAwepyfPQSeei4YNEM8kaDwoNEnPL0LeLKXH97YlZw5axWKoU=
  
  OEM Activation 1.0 Data-->
  N/A
  
  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes
  Windows marker version: 0x20000
  OEMID and OEMTableID Consistent: yes
  BIOS Information:
    ACPI Table Name    OEMID Value    OEMTableID Value
    APIC            DELL          M08    
    FACP            DELL          M08    
    HPET            DELL          M08    
    BOOT            DELL          M08    
    MCFG            DELL          M08    
    SLIC            DELL          M08    
    SSDT            PmRef        CpuPm
  
  Cheers.

  Sunday, September 16, 2012 7:59 PM
• 

  

  0

  Sign in to vote

  The CBS.log file is created in the C:\Windows\Logs\CBS folder - not on the desktop.

  you have to COPY it to the desktop, then Compress it, and upload it to your Skydrive

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Sunday, September 16, 2012 8:40 PM

  Moderator
• 

  

  0

  Sign in to vote

  Here is the link:
  
  https://skydrive.live.com/redir.aspx?cid=a5792cf7bf7e08c1&page=self&resid=A5792CF7BF7E08C1!128&parid=A5792CF7BF7E08C1!123&authkey=!Al-3cMwAoMR3QGA&Bpub=SDX.SkyDrive&Bsrc=Share

  Cheers

  Tuesday, September 18, 2012 12:40 PM
• 

  

  0

  Sign in to vote

  The SFC found nothing to repair, surprisingly - 99% of Vista machines will report an unfixable error due to bad programming on MS's part :)

  If the COA sticker isn't readable - is the Key on it at least, readable? If not, then this fix may be difficult to apply fully - but has to be run as far as it can.

  The problem appears to be in the Licensing Store - please try the following.....

  Recreate the Licensing Store with the correct data.

  1) Open an Internet Browser window.

  2) Type: %windir%\system32 into the browser address bar.

  3) Find the file CMD.exe

  4) Right-Click on CMD.exe and select 'Run as Administrator'

  5) Type: net stop slsvc (it may ask you if you are sure, select yes)

  6) Type:

  cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing

  7) Type: rename tokens.dat tokens.bar

  8) Type: cd %windir%\system32

  9) Type: net start slsvc

  10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)

  11) Restart your computer twice. 

  You may be asked to enter your COA Key and/or Activate. – if asked for the Key, use the one on your COA sticker on the machine’s case (you may need to activate by telephone).  

  Once complete, run another MGADiag report and post back with the results.     

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  
  

  • Edited by Noel D PatonModerator Tuesday, September 18, 2012 1:10 PM formatting
  • Proposed as answer by Noel D PatonModerator Sunday, September 23, 2012 10:51 AM
  • Marked as answer by Noel D PatonModerator Tuesday, October 9, 2012 3:14 PM

  Tuesday, September 18, 2012 1:09 PM

  Moderator
• 

  

  0

  Sign in to vote

  Apologies for the delay in replying. I've carried out the steps above however I'm still receiving the activation screen on start up. As mentioned before I can't make out some of the characters for the key so cannot enter this. There is no activate by telephone option. Would a system restore fix the problem?

  Saturday, September 29, 2012 5:44 PM
• 

  

  0

  Sign in to vote

  If you know when the problem started, it possibly would - you'd need to go back three days or so prior to the appearance of the problem.

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

  Saturday, September 29, 2012 7:44 PM

  Moderator