Windows 7 Genuine Advantage error

All replies

• 

  

  0

  Sign in to vote

  You have a tampered file...

  Tampered File: %systemroot%\system32\wat\npwatweb.dll

  The easiest way to deal with this is probably to uninstall and reinstall the WAT update.

  Close all open windows.

  Open an Elevated Command Prompt window, and type the following command

   

  wusa /uninstall /kb:971033

   

  and hit the Enter key

  Accept the warnings/confirmations, and wait for it to complete

   

  copy and paste the output (if any) from the command prompt window to a reply here,

  Reboot

   

  reinstall the update from http://support.microsoft.com/kb/971033

  Reboot

   

  run another MGADiag report, and post it.

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
  No - I do not work for Microsoft, or any of its contractors.

  • Proposed as answer by Noel D PatonModerator Monday, March 11, 2013 12:10 PM
  • Marked as answer by Noel D PatonModerator Monday, March 18, 2013 4:47 PM

  Sunday, March 10, 2013 3:27 PM

  Moderator
• 

  

  0

  Sign in to vote

  Thank you for the quick response. 

  Here's the new log:

  Diagnostic Report (1.9.0027.0):
  -----------------------------------------
  Windows Validation Data-->

  Validation Code: 0
  Cached Online Validation Code: N/A, hr = 0xc004f012
  Windows Product Key: *****-*****-8JBCC-FT6FV-Y4HQV
  Windows Product Key Hash: 71GUAfRBdhZJ85zgF1BtEHfCQMY=
  Windows Product ID: 00371-154-3875633-85707
  Windows Product ID Type: 5
  Windows License Type: Retail
  Windows OS version: 6.1.7601.2.00010100.1.0.048
  ID: {A38D9603-8DFC-46C1-B52E-7A2B352EA63C}(3)
  Is Admin: Yes
  TestCab: 0x0
  LegitcheckControl ActiveX: N/A, hr = 0x80070002
  Signed By: N/A, hr = 0x80070002
  Product Name: Windows 7 Professional
  Architecture: 0x00000009
  Build lab: 7601.win7sp1_gdr.130104-1431
  TTS Error:
  Validation Diagnostic:
  Resolution Status: N/A

  Vista WgaER Data-->
  ThreatID(s): N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002

  Windows XP Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  File Exists: No
  Version: N/A, hr = 0x80070002
  WgaTray.exe Signed By: N/A, hr = 0x80070002
  WgaLogon.dll Signed By: N/A, hr = 0x80070002

  OGA Notifications Data-->
  Cached Result: N/A, hr = 0x80070002
  Version: N/A, hr = 0x80070002
  OGAExec.exe Signed By: N/A, hr = 0x80070002
  OGAAddin.dll Signed By: N/A, hr = 0x80070002

  OGA Data-->
  Office Status: 109 N/A
  OGA Version: N/A, 0x80070002
  Signed By: N/A, hr = 0x80070002
  Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

  Browser Data-->
  Proxy settings: N/A
  User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
  Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
  Download signed ActiveX controls: Prompt
  Download unsigned ActiveX controls: Disabled
  Run ActiveX controls and plug-ins: Allowed
  Initialize and script ActiveX controls not marked as safe: Disabled
  Allow scripting of Internet Explorer Webbrowser control: Disabled
  Active scripting: Allowed
  Script ActiveX controls marked as safe for scripting: Allowed

  File Scan Data-->

  Other data-->
  Office Details: <GenuineResults><MachineData><UGUID>{A38D9603-8DFC-46C1-B52E-7A2B352EA63C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-Y4HQV</PKey><PID>00371-154-3875633-85707</PID><PIDType>5</PIDType><SID>S-1-5-21-2880382539-4044894903-2630104961</SID><SYSTEM><Manufacturer>OEM</Manufacturer><Model>OEM</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="5"/><Date>20080721000000.000000+000</Date></BIOS><HWID>BCAB3807018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

  Spsys.log Content: 0x80070002

  Licensing Data-->
  Software licensing service version: 6.1.7601.17514

  Name: Windows(R) 7, Professional edition
  Description: Windows Operating System - Windows(R) 7, RETAIL channel
  Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
  Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
  Extended PID: 00371-00170-154-387563-01-1033-7601.0000-0672013
  Installation ID: 003255048794433375683486821882563273752902403033015070
  Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
  Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
  Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
  Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
  Partial Product Key: Y4HQV
  License Status: Licensed
  Remaining Windows rearm count: 3
  Trusted time: 3/10/2013 2:58:29 PM

  Windows Activation Technologies-->
  HrOffline: 0x00000000
  HrOnline: 0x00000000
  HealthStatus: 0x0000000000000000
  Event Time Stamp: 3:8:2013 12:08
  ActiveX: Registered, Version: 7.1.7600.16395
  Admin Service: Registered, Version: 7.1.7600.16395
  HealthStatus Bitmask Output:

  
  HWID Data-->
  HWID Hash Current: OAAAAAEABgABAAEAAAADAAAAAQABAAEAln3m6gCahDT2pEa8ClbiX8rNGrv65pqITHL9Zmg6Rso=

  OEM Activation 1.0 Data-->
  N/A

  OEM Activation 2.0 Data-->
  BIOS valid for OA 2.0: yes, but no SLIC table
  Windows marker version: N/A
  OEMID and OEMTableID Consistent: N/A
  BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC   IntelR  AWRDACPI
    FACP   IntelR  AWRDACPI
    HPET   IntelR  AWRDACPI
    MCFG   IntelR  AWRDACPI
    SSDT   PmRef  CpuPm

  Sunday, March 10, 2013 8:00 PM
• 

  

  0

  Sign in to vote

  That looks better :)

  You should confirm the result by validating at www.microsoft.com/genuine/validate 

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
  No - I do not work for Microsoft, or any of its contractors.

  Sunday, March 10, 2013 9:59 PM

  Moderator
• 

  

  0

  Sign in to vote

  Validation passed!

  Thanks for the help!  The only change to the system over the last three years or so was I just recently wiped the external/backup harddrive.  It's getting a bit dodgy, so I did a complete wipe on it.  Nothing else lives on that drive other than Windows Backup (daily).  The WGA nagware started a day or two later.  Maybe coincidence.  *Shrug*   

  Trick414

  Monday, March 11, 2013 11:32 AM
• 

  

  0

  Sign in to vote

  I don't *think* they are connected - it's more likely to be the result of fiddling with security options in Firefox or Chrome :)

  The npwatweb.dll is required for proper validation using browsers other than IE.

  ---

  Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
  No - I do not work for Microsoft, or any of its contractors.

  Monday, March 11, 2013 12:08 PM

  Moderator